Trojan-Spy.Win32.Agent.beaf
in [Windows Viruses]
|
From: "FromTheRafters" erratic on 17 Mar 2010 14:18 "Oreally" <sashago(a)comcast.net> wrote in message news:OOfiEGexKHA.812(a)TK2MSFTNGP06.phx.gbl... > Virus total finds 19% (8/42)........what do you guys think? My educated guess is that they are false positive declarations, and Kasperky's next update will probably make them not continue to be alerted to when scanned. IOW ignore them and they will go away. I can't actually confirm that this is the case, but there are conversations going on (used Google).
From: Oreally on 17 Mar 2010 14:30 Thanks for your coherent reply! Just Curious.....if you set the security parameters for a folder or a file to "Deny" will that lock the folder or file and prevent any possible viruses from migrating? Thanks, Oreally "FromTheRafters" <erratic @nomail.afraid.org> wrote in message news:OV#vN5fxKHA.5036(a)TK2MSFTNGP02.phx.gbl... > "Oreally" <sashago(a)comcast.net> wrote in message > news:OOfiEGexKHA.812(a)TK2MSFTNGP06.phx.gbl... > >> Virus total finds 19% (8/42)........what do you guys think? > > My educated guess is that they are false positive declarations, and > Kasperky's next update will probably make them not continue to be alerted > to when scanned. > > IOW ignore them and they will go away. > > I can't actually confirm that this is the case, but there are > conversations going on (used Google). >
From: "FromTheRafters" erratic on 17 Mar 2010 15:13 Usually (though unfortunately not always), when the malware type is "trojan", you are *not* dealing with a virus. A trojan is a program that you think you want to execute because you are unaware that instead of or in addition to what you think it does, it also does something you would *not* want done (for instance, kill the box). If you had known about it in advance, you would not have executed it. The thing that it does (bad) is the "payload" (where the malware authors intent (kill the box) is realized). A virus is a self-replicating (and some say, infecting) program, and it can (copy) carry a payload with it . If you combine these two concepts - have the self-replicator also copy the trojan's payload the beast becomes a "virus" with a payload (the former trojan's payload). Payload activation can be timed (like a time bomb). The absence of a payload, does not disqualify a self-replicating infector from being a virus. As for viruses (or malware in general) being able overcome a "deny", no - but malware executing with sufficient privilege can read/write anywhere. Viruses don't *need* to exploit software vulnerabilities, but if they can escalate privilege by doing so, they will because it gives them greater scope. "Oreally" <sashago(a)comcast.net> wrote in message news:uBmT1$fxKHA.3536(a)TK2MSFTNGP06.phx.gbl... > Thanks for your coherent reply! > > Just Curious.....if you set the security parameters for a folder or a > file to "Deny" will that lock the folder or file and prevent any > possible viruses from migrating? > > Thanks, > > Oreally > > > > "FromTheRafters" <erratic @nomail.afraid.org> wrote in message > news:OV#vN5fxKHA.5036(a)TK2MSFTNGP02.phx.gbl... >> "Oreally" <sashago(a)comcast.net> wrote in message >> news:OOfiEGexKHA.812(a)TK2MSFTNGP06.phx.gbl... >> >>> Virus total finds 19% (8/42)........what do you guys think? >> >> My educated guess is that they are false positive declarations, and >> Kasperky's next update will probably make them not continue to be >> alerted to when scanned. >> >> IOW ignore them and they will go away. >> >> I can't actually confirm that this is the case, but there are >> conversations going on (used Google). >>
From: David H. Lipman on 17 Mar 2010 16:43 From: "Oreally" <sashago(a)comcast.net> | Virus total finds 19% (8/42)........what do you guys think? | Oreally Since you di NOT post the VT report, nothing. I have seen cases of of False Positives being wide spread amongst vendors. I'll tell 'ya what... Upload the file to UploadMalare.Com and I'll analyze this file and let you know what's up with it. http://www.uploadmalware.com/ Reply back when you have uploaded it. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Oreally on 17 Mar 2010 17:58
Thanks..... I've loaded 6 of the files.....(there were 10 total) Let me know, Oreally "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:#9B9GKhxKHA.812(a)TK2MSFTNGP06.phx.gbl... > From: "Oreally" <sashago(a)comcast.net> > > | Virus total finds 19% (8/42)........what do you guys think? > > | Oreally > > Since you di NOT post the VT report, nothing. > > I have seen cases of of False Positives being wide spread amongst vendors. > > I'll tell 'ya what... > > Upload the file to UploadMalare.Com and I'll analyze this file and let > you know what's up > with it. > http://www.uploadmalware.com/ > > Reply back when you have uploaded it. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > |