Re: Kernels32.exe
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 09/26/05
- Next message: helpme: "Re: Virus removal help please!"
- Previous message: David H. Lipman: "Re: PC shuts off on Virus Scan"
- In reply to: Phil Weldon: "Re: Kernels32.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Sep 2005 18:09:09 -0400
From: "Phil Weldon" <notdiscosed@example.com>
| 'David H. Lipman' wrote, in part:
|> That is NOT a legitimate OS file and could be associated with a Downloader
| Trojan.
| _____
|
| Oops, that went right past me. I guess that's why the malcoders pick file
| names that are close to legitimate ones B^(
|
| Phil Weldon
Yepper.
Not only do VX'ers mask their file names as being similar to legitimate file names, they
often USE the name of legitimate files. The difference is the location of where they are
executed.
for example; take SVCHOST.EXE
It should be executed from; %windir%\system32\svchost.exe
However if it is found running in; %windir%\svchost.exe
there is a high probability it is an infector.
If SVCHOST.EXE is found running on any Win9x/ME PC you are almost guaranteed it is an
infector.
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Next message: helpme: "Re: Virus removal help please!"
- Previous message: David H. Lipman: "Re: PC shuts off on Virus Scan"
- In reply to: Phil Weldon: "Re: Kernels32.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
