[prev in list] [next in list] [prev in thread] [next in thread]
List: mandrake-newbie
Subject: Re: [newbie] Fwd: [spam] Symantec Mail Security detected that yousent a message containing a susp
From: Anne Wilson <cannewilson () tiscali ! co ! uk>
Date: 2004-02-28 21:15:13
Message-ID: 200402282115.13232.cannewilson () tiscali ! co ! uk
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 28 February 2004 20:23, Bryan Phinney wrote:
> On Saturday 28 February 2004 01:53 pm, Anne Wilson wrote:
> > I wonder if he is referring to sobig, which, I understand, left a
> > stub in the windows registry so that it could 'come back' after
> > being disinfected? If so, it obviously has no place to hide in
> > linux.
>
> Even if, the only way for sobig to leave the stub would be to
> execute on the target machine. If it is possible for a virus to
> infest or otherwise take action on a machine without executing, I
> am simply not aware of it. I would find the topic to be
> fascinating if someone has suppositions about how such a thing
> could occur.
The short article I copied to keep with my toolkit says that after an
infection (windows, of course) not only should it be removed by an AV
scan, but you should also check the registry for a SSK Service value.
It then goes on to name the key likely to contain it. This article
was in reply to someone who claimed that he had disinfected his
machine, but it still seemed to be active. That's all the info I
have. Just how that key helps it to replicate via shared network
folders I don't know
Anne
- --
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFAQQThkFAvMr/nNX8RAh0PAJ49MNJqfDdFQjBlhoXBhO4Bp1fujQCeNufk
UIg8Xvu/tzR11ZWLyakTpvw=
=oDCP
-----END PGP SIGNATURE-----
["message.footer" (text/plain)]
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic