> I'm not up on all of the exploits for the browsers, but I'm suspicious of
> this because it looks to me like it's trying to hide at the top left of
the
> screen. I've downloaded the .cab file and clamav doesn't see anything
wrong
> with it. Google doesn't find any answers about the clsid string in use.
>
> Ideas? Should I seek counseling for being too paranoid, or is this
actually
> an unknown threat?
>
I don't normally plug products, but this might dismiss (or confirm ;) ) your
paranoia.
Norman data defense use a technology called 'Sand Box' for scanning files.
In a contained environment, it safely allows the file to do whatever its
programmed to do. If its suspicious it reports back what the file attempted
to do.
I've found a few bits of spy/adware that everything missed. You can download
a trial at www.norman.com .
I should say that I don't have any connection with this company except as a
end user.
Below is a example of what it reports.
Cheers,
Patrick
ALARM:
Virus infected:
Virus name: 'W32/Downloader' [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS - REMEMBER TO
ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Attemps to NULL c:/windows/infamous.exe .
* File length: 3584 bytes.
[ Changes to filesystem ]
* Creates file C:/windows/infamous.exe.
[ Changes to registry ]
* Sets value "infamous"="1" in key "HKLM/Software/Microsoft/Windows".
* Creates value "mswspl"="" in key
"HKLM/Software/Microsoft/Windows/CurrentVersion/Run".
[ Network ]
Norman Scanner Engine Information
Engine version: 5.70.09
Binary definition file: 5.70 of 2004/05/03
Macro definition file: 5.70 of 2004/04/28
File infected: C:/Documents and Settings/xxxxxx/Local Settings/Temporary
Internet Files/Content.IE5/J7Z30F74/hp2[1].exe
[ www.norman.com ]
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
