[thelist] odd IE worm or something..
Michael Pemberton
mpember at phreaker.net
Thu Nov 13 07:15:25 CST 2003
Lonnie wrote:
>Michael,
>
>If you *know* this is a virus. And you know what it does and how it
>manifests. And you've seen it before on your brother's PC. Then WHAT IS IT?
>How is it that you know, but the major anti-virus folks don't? What did your
>brother do to get rid of it? If his PC is behind a tight firewall, how did
>this virus infect him?
>
>I'll bet many on this list will forego your tip for a bit more information
>on what you profess to know about this alleged virus and how it relates to
>Tom's problem.
>
>
Sorry I haven't responded sooner, I often lose track of my own posts and
end up missing the rest of the conversation. My boss say's I'm the same
at work :)
I actually found this again on a PC at work this morning. Again, behind
a firewall. and again, I have forgotten the name of the executable. I
apologise for not taking note. But I assure you that the program exists
and running startup control panel will allow you to find it. The
program is free and I have no affiliation with it's author. From
memory, the process that is installed appears in your winnt/windows or
system32 folder. One that sounded familiar while doing a google search
was "savenow.exe".
I apologise for my use of the term "virus". It is probably more
appropriate to call it malware. I have no idea how either of the two
victims got the software because both ignored it until I happened to be
speaking to them some time after they became infected. Because both
were heavy users of IE and the internet in general, both saw it is a
normal popup related problem and not something that can be countered.
As for removing it, my tip was written in such a way as to hopefully
give steps to solve the problem while also allowing for later reference.
--
Michael Pemberton
evolt at mpember.net.au
More information about the thelist
mailing list