[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Removal?

To: "'axid3j1al axid3j1al'" <axid3j1al@hotmail.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Removal?
From: "Mike" <mjcarter@ihug.co.nz>
Date: Tue, 3 Feb 2004 20:51:47 +1300

It appears you might have a variant of Petch/Pica , try this link
http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html
and use the intelligent updater.

You might need to use something like filemon, tcpview and/or process
explorer to capture what it's doing and track the process you need to kill,
then delete the files.

All are available here http://www.sysinternals.com

Regards
Mike


-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of axid3j1al
axid3j1al
Sent: Tuesday, February 03, 2004 7:03 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Removal?



How do I delete the virus that is not detectable by norton av (latest
definitions)


but has the files
c:\windows\system32\f~q\fag.exe
c:\windows\system32\f~q\usr_crt.dll

i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?


thanks

_________________________________________________________________
Get less junk mail with ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Removal?
  - From: "axid3j1al axid3j1al" <axid3j1al@hotmail.com>

Prev by Date: Re: [Full-Disclosure] Dig SCO?
Next by Date: Re: [Full-Disclosure] Sample of Mydoom A & B
Previous by thread: [Full-Disclosure] Removal?
Next by thread: Re: [Full-Disclosure] Removal?
Index(es):
- Date
- Thread