Results 1 to 5 of 5

Thread: juz downloaded this thing... virus?

  1. 11-02-03, 09:48 PM #1
    _uNDeRsCoRE
    _uNDeRsCoRE is offline
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    Question juz downloaded this thing... virus?

    http://www.webattack.com/get/compusec.html
    download the file...


    hav it scanned & logged w/ avg:

    Day 1:

    Results of Complete Test, date and time 11/1/03 0:01:54 :

    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Could be infected Moloch
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Could be infected Moloch

    Test finished, duration 00:18:35.5 s
    23441 objects tested, 2 found infected


    Day 2:

    Results of Complete Test, date and time 11/2/03 0:01:44 :

    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Moloch G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Moloch

    Test finished, duration 00:18:09.6 s
    23448 objects tested, 2 found infected


    and why is avg not certain...

    Day 1 indicates = Could be infected Moloch
    Day 2 confirms it is really = Moloch

    can some1 d/l and scan the file & post results? tnx
    Reply With Quote Reply With Quote
  2. 11-02-03, 10:04 PM #2
    Paft
    Paft is offline
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Norfolk, VA
    Posts
    5,709
    Send a message via ICQ to Paft Send a message via AIM to Paft Send a message via MSN to Paft Send a message via Skype™ to Paft

    Re: juz downloaded this thing... virus?

    Originally posted by _uNDeRsCoRE
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Could be infected Moloch
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Could be infected Moloch
    I downloaded the .zip and even unzipped it (AFTER scanning the zip); and I don't have any virus warnings from Avast 4... but.

    I ran the scanner at housecall.antivirus.com and came out with 4 positives.

    flp_mbr and mbr are both "boot.generic*" according to housecall. So I would trust AVG in this case to know what it's talking about.

    Score one AGAINST Avast 4; for now.
    Please, fold. For everyone in pain.
    Reply With Quote Reply With Quote
  3. 11-02-03, 10:07 PM #3
    mnosteele52
    mnosteele52 is offline
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,916
    Send a message via ICQ to mnosteele52 Send a message via AIM to mnosteele52 Send a message via MSN to mnosteele52 Send a message via Yahoo to mnosteele52
    I believe this is a false positive. Antivirus apps detect changes to your MBR (master boot record) as virus activity and this app alters your MBR, this is why I belive it is detected.

    Help & Tips CableNut Tcp/Ip Analyzer TCPOptimizer Malware Removal Guide Dr Tweak
    Reply With Quote Reply With Quote
  4. 11-03-03, 04:47 AM #4
    _uNDeRsCoRE
    _uNDeRsCoRE is offline
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    ...

    tnx mno,

    never installed the thing, juz downloaded it.
    so it cannot alter MBR. ryt?

    & der r so many boot-viruses, how come avg only detected it positively as moloch? do u think the file is doing a virus-like activity?
    Reply With Quote Reply With Quote
  5. 11-03-03, 04:54 AM #5
    _uNDeRsCoRE
    _uNDeRsCoRE is offline
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    ...

    tnx Paft 4 d inputs
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules