SCR file being posted to usenet (detected by some AV's, but not all)
- From: Virus Guy <Virus@xxxxxxx>
- Date: Tue, 28 Feb 2006 23:42:13 -0500
For the hell of it, I submitted a copy of an SCR file to VirusTotal.
This file (which is probably an EXE) is being posted to some
newsgroups within the past few hours.
It's being ID'd as various versions of Hackarmy, SdBot,
Spybot.gen.worm, etc.
The following AV software is not detecting it:
Avast
CAT-Quickheal (says "suspicious")
ClamAV
eTrust-Vet
Fprot (says it "could be infected")
Nod32v2 (says "probably unknown NewHeur_PE")
Norman (says "W32/Malware" - what kind of ID is that?)
Sophos
Symantec
TheHacker
BTW, regarding the Total Commander crack that I submitted to VT last
week, it's still the same 3 vendors (Avast, Norman, and Symantec) that
are detecting it as mal-ware.
.
- Follow-Ups:
- Re: SCR file being posted to usenet (detected by some AV's, but not all)
- From: Jake Dodd
- Re: SCR file being posted to usenet (detected by some AV's, but not all)
- From: Adam Piggott
- Re: SCR file being posted to usenet (detected by some AV's, but not all)
- From: Art
- Re: SCR file being posted to usenet (detected by some AV's, but not all)
- From: Ian Kenefick
- Re: SCR file being posted to usenet (detected by some AV's, but not all)
- Prev by Date: Re: AVG BLocking/Impeding Email
- Next by Date: Re: Win32/MagistrB and WORSE.EXE
- Previous by thread: AVG BLocking/Impeding Email
- Next by thread: Re: SCR file being posted to usenet (detected by some AV's, but not all)
- Index(es):
