[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-newbie
Subject:    Re: [newbie] Fwd: [spam] Symantec Mail Security detected that    yousent a message containing a susp
From:       Anne Wilson <cannewilson () tiscali ! co ! uk>
Date:       2004-02-28 21:15:13
Message-ID: 200402282115.13232.cannewilson () tiscali ! co ! uk
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 28 February 2004 20:23, Bryan Phinney wrote:
> On Saturday 28 February 2004 01:53 pm, Anne Wilson wrote:
> > I wonder if he is referring to sobig, which, I understand, left a
> > stub in the windows registry so that it could 'come back' after
> > being disinfected?  If so, it obviously has no place to hide in
> > linux.
>
> Even if, the only way for sobig to leave the stub would be to
> execute on the target machine.  If it is possible for a virus to
> infest or otherwise take action on a machine without executing, I
> am simply not aware of it.  I would find the topic to be
> fascinating if someone has suppositions about how such a thing
> could occur.

The short article I copied to keep with my toolkit says that after an 
infection (windows, of course) not only should it be removed by an AV 
scan, but you should also check the registry for a SSK Service value.  
It then goes on to name the key likely to contain it.  This article 
was in reply to someone who claimed that he had disinfected his 
machine, but it still seemed to be active.  That's all the info I 
have.  Just how that key helps it to replicate via shared network 
folders I don't know

Anne
- -- 
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAQQThkFAvMr/nNX8RAh0PAJ49MNJqfDdFQjBlhoXBhO4Bp1fujQCeNufk
UIg8Xvu/tzR11ZWLyakTpvw=
=oDCP
-----END PGP SIGNATURE-----



["message.footer" (text/plain)]

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com


[prev in list] [next in list] [prev in thread] [next in thread]