Re: [Full-Disclosure] Virus, whether the scanners say so or not?

[roman.kunz@xxxxxxxxxxxxxx]

hi scott,

MCAfee does but it says it's the "W32/Sdbot.worm.gen"

cheers
roman

----------------------------------------------
"Scott Phelps / Dreamwright Studios" <scottp@xxxxxxxxxxxxxxx> said:

I just got this from a co-workers computer. I've run it against 4 virus
scanners I have around (after running each one's definition update) and
nothing recognized it.

It really looks like W32.HLLW.Moega
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html

But Symantec says it should catch it, which it doesn't. It looks like the
thing has been on his machine for about a month, and he's on an open cable
connection (Symantec mentions a trojan in moega) so I would like to know
what the payload is. It's a larger file than what Symantec has listed for
moega also.

Anybody seen it, or have a scanner that recognizes it?


D  R  E  A  M  W  R  I  G  H  T    S  T  U  D  I  O  S 
Dreamwright.com  - Web Design, Graphic Design, & Custom Software 
Programming
704-548-8653 office/fax  1-866-47-MY-WEB
PO Box 480188   Charlotte, NC 28269
 

*****Disclaimer*****
This message is for the addressee only and may contain confidential or 
privileged information. You must delete and not use it if you are not the 
intended recipient. It may not be secure or error-free. All e-mail 
communications to and from the Julius Baer Group may be monitored. 
Processing of incoming e-mails cannot be guaranteed. Any views expressed 
in this message are those of the individual sender. This message is for 
information purposes only. All liability of the Julius Baer Group and its 
entities for any damages resulting from e-mail use is excluded. US persons 
are kindly requested to read the important legal information presented 
after clicking here: http://www.juliusbaer.com/maildisclaimer