Home |
Search |
Today's Posts |
|
Metalworking (rec.crafts.metalworking) Discuss various aspects of working with metal, such as machining, welding, metal joining, screwing, casting, hardening/tempering, blacksmithing/forging, spinning and hammer work, sheet metal work. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Warning VIRUS (was: Fw: Do not release, its the internal rls!)
In article , wrote:
Warning. I took a look at this thing (carefully, on a *non* Windows system), and found: 1) Html with a iframe tag. 2) A base64-encoded zipfile, in which was: 3) A file which contained more html, with yet another iframe tag, and 4) A final file named "torvil.exe". 5) Torvil.exe includes the string: "This program must be run under Win32" so it isn't an MS-DOS executable. 6) Except for a very few diagnostic messages (unable to access the needed dll and such), all other strings are apparently at least minimally encrypted, except for .dll names and function call names. Nothing to print to the user in operation is visible. With all of that, the odds are probably 99:1 that it is a virus. And it certainly does not belong here. So -- if you have looked at the preceding message with a Windows system and OE, please run a virus scan on your system. (And note that this may be too new to show up in the virus signature files, so it won't be identified until after the next update. Good Luck, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
#2
|
|||
|
|||
My antivirus site (eTrust) has the lollowing:
Total Results [2] Name Last Modified Aliases Win32.Torvil.B 12 Jan 2004 W32/Torvil-mm (Wildlist), Win32/P2P.Unknown.Worm, W32/Torvil@MM (McAfee), W32/Torvil.A (F-Secure), I-Worm.Torvil.c (Kaspersky), WORM_TORVIL.B (Trend), W32.HLLW.Torvel.B@mm (Symantec) Win32.Torvil.D 23 Oct 2003 Win32/Torvil.D.Worm , W32/Torvil@MM (McAfee), I-Worm.Torvil.d (Kaspersky), W32.HLLW.Torvil@mm (Symantec), W32/Torvil.A (F-Secure) John. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ "DoN. Nichols" wrote in message ... In article , wrote: Warning. I took a look at this thing (carefully, on a *non* Windows system), and found: 1) Html with a iframe tag. 2) A base64-encoded zipfile, in which was: 3) A file which contained more html, with yet another iframe tag, and 4) A final file named "torvil.exe". 5) Torvil.exe includes the string: "This program must be run under Win32" so it isn't an MS-DOS executable. 6) Except for a very few diagnostic messages (unable to access the needed dll and such), all other strings are apparently at least minimally encrypted, except for .dll names and function call names. Nothing to print to the user in operation is visible. With all of that, the odds are probably 99:1 that it is a virus. And it certainly does not belong here. So -- if you have looked at the preceding message with a Windows system and OE, please run a virus scan on your system. (And note that this may be too new to show up in the virus signature files, so it won't be identified until after the next update. Good Luck, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
#3
|
|||
|
|||
|
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Virus Warning | Woodturning | |||
Drilling through internal solid walls........... | UK diy | |||
THIS ATTACHMENT CONTAINS A VIRUS | Woodturning | |||
"Damp" internal wall - initial measurements made. Any ideas? | UK diy | |||
W.C Internal Overflow | UK diy |