T
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
T
tommy
I belong to the users group hal pc users. I will call tomorrow and see what
they say. I was looking for the date too.
Quote:
"AVG is detecting a key windows file as a false positive trojan virus.
An update for the AVG virus scanner released yesterday contained an
incorrect virus signature, which led it to think user32.dll contained
the Trojan Horses PSW.Banker4.APSA or Generic9TBN."
Unfortunately, there is no date on the article, so it's unclear what
"yesterday" refers to. I've e-mailed the webmaster and hope that in
future all articles (and follow-ups) will be dated.
they say. I was looking for the date too.
tommy said:
Quote:
"AVG is detecting a key windows file as a false positive trojan virus.
An update for the AVG virus scanner released yesterday contained an
incorrect virus signature, which led it to think user32.dll contained
the Trojan Horses PSW.Banker4.APSA or Generic9TBN."
Unfortunately, there is no date on the article, so it's unclear what
"yesterday" refers to. I've e-mailed the webmaster and hope that in
future all articles (and follow-ups) will be dated.
T
tommy
Wolf Kirchmeir said:Quote:
"AVG is detecting a key windows file as a false positive trojan virus.
An update for the AVG virus scanner released yesterday contained an
incorrect virus signature, which led it to think user32.dll contained
the Trojan Horses PSW.Banker4.APSA or Generic9TBN."
Unfortunately, there is no date on the article, so it's unclear what
"yesterday" refers to. I've e-mailed the webmaster and hope that in
future all articles (and follow-ups) will be dated.
sources at halpc said Dwight Silverman's blog mentioned this in their widely
read techblog for the Houston Chronicle.
http://blogs.chron.com/techblog/
search for "avg free"
T
tommy
Collab.collectEmailInfo() JavascriptDavid H. Lipman said:From: "tommy" <[email protected]>
| http://tinyurl.com/66okyz
| -
| Tommy
I just examined the payload of a PDF exploiting the
SVCHOST.EXE --function in a highly obfuscated Javascript. The payload is a file named
http://www.virustotal.com/analisis/0e2cef86cda905258d39b9482ca08f9f
I see your point. That's really scary. So many sites require Javascript too.The malicious file did the following...
File Renamed:
Old Filename New Filename
C:\WINDOWS\system32\user32.DLL C:\WINDOWS\system32\gucrqqx
Files Created:
C:\Documents and Settings\user\Local Settings\Temporary Internet
Files\Content.IE5\5E7EYQDH\data[1].htm
C:\Documents and Settings\user\Local Settings\Temporary Internet
Files\Content.IE5\5E7EYQDH\r[1].htm
C:\Documents and Settings\user\Local Settings\Temporary Internet
Files\Content.IE5\BNPHK11H\data[1].htm
C:\WINDOWS\system32\aston.mt
C:\WINDOWS\system32\clfjmnm
C:\WINDOWS\system32\dllcache\user32.dll
C:\WINDOWS\system32\fjes.ra
C:\WINDOWS\system32\fxe.sp
C:\WINDOWS\system32\nvaux32.dll
C:\WINDOWS\system32\rigv.xl
C:\WINDOWS\system32\user32.DLL
So one has to be "cautious" of calling something like this a False Positive.
In the above case, as you can see, user32.DLL is renamed and then the malware dropped a
file to replace the one in %windir%\system32\ as well as in the
%windir%\system32\dllcache\ .
Did you see the sources for those reports about AVG?
here's Dwight's first blog post on the subj 11-11-08
http://tinyurl.com/6o6akp
here's his source
http://tinyurl.com/5sug22
http://www.pcworld.com/article/154378/
he made another post about AVG false pos on 11 23 08
http://blogs.chron.com/techblog/archives/2008/11/
seems as though they admit it, and are offering free updates to the pro
version for a year for those that suffered any damage.
Adobe flash has also been labeled
Slick fellow that Dwight, he spoke to our user group and sold / signed
copies of his book about Vista.
I have switched to AVAST after reinstalling due to a bad drive because I
tried to install AVG 8 Free and it wouldn't install to anything but C:
drive. Avast is slicker than I first perceived, but I wish I could schedule
scans with it, and stamp email with certification stamps .
B
Beauregard T. Shagnasty
tommy said:and stamp email with certification stamps .
Please don't do that. It's only advertising. There is no way any a-v
product can truthfully state that your mail is virus-free. Think about
it.
T
tommy
Beauregard T. Shagnasty said:Please don't do that. It's only advertising. There is no way any a-v
product can truthfully state that your mail is virus-free. Think about
it.
its reassuring to pc novices, and verifies that I do "have" an anti-virus
program running on my pc.
B
Beauregard T. Shagnasty
tommy said:Beauregard T. Shagnasty said:tommy said:and stamp email with certification stamps .
Please don't do that. It's only advertising. There is no way any
a-v product can truthfully state that your mail is virus-free. Think
about it.
-- [please trim signatures. thanks.]
its reassuring to pc novices, and verifies that I do "have" an
anti-virus program running on my pc.
It is probably more annoying than reassuring to even novices. I doubt
they care if you have an a-v app running, especially those who don't
know what one is. Further, for those who forward email all over the
place, that 'certification' will be included - meaning nothing to the
next level except to confuse.
And as I said, there isn't a single a-v app that can fully guarantee
that what you sent is virus-free. Remember, zero-day viruses won't be
detected, along with the latest morphs of older viruses. It truly is
only an advertisement.
You may certainly continue to scan your outgoing mail (though that isn't
even necessary as all modern viruses use their own SMTP engines quietly
sending while you aren't looking), but there is no need to bother
everyone else. I have one friend who can't be talked out of removing the
ad, and all he does is embarrass himself by showing that he scanned with
an a-v database that is always three to four weeks or more out of date,
and therefore useless.
Be kind to your correspondents and turn it off.
T
tommy
I don't have it turned on. I don't know if AVAST has that feature even. IDavid H. Lipman said:From: "Beauregard T. Shagnasty" <[email protected]>
| tommy said::
tommy wrote:
and stamp email with certification stamps .
Please don't do that. It's only advertising. There is no way any
a-v product can truthfully state that your mail is virus-free. Think
about it.
-- [please trim signatures. thanks.]
its reassuring to pc novices, and verifies that I do "have" an
anti-virus program running on my pc.
| It is probably more annoying than reassuring to even novices. I doubt
| they care if you have an a-v app running, especially those who don't
| know what one is. Further, for those who forward email all over the
| place, that 'certification' will be included - meaning nothing to the
| next level except to confuse.
| And as I said, there isn't a single a-v app that can fully guarantee
| that what you sent is virus-free. Remember, zero-day viruses won't be
| detected, along with the latest morphs of older viruses. It truly is
| only an advertisement.
| You may certainly continue to scan your outgoing mail (though that isn't
| even necessary as all modern viruses use their own SMTP engines quietly
| sending while you aren't looking), but there is no need to bother
| everyone else. I have one friend who can't be talked out of removing the
| ad, and all he does is embarrass himself by showing that he scanned with
| an a-v database that is always three to four weeks or more out of date,
| and therefore useless.
| Be kind to your correspondents and turn it off.
| --
| -bts
| -Friends don't let friends drive Windows
I agree with what BTS posted here.
like feedback , at least until I can verify that something new to me is
working.
D
Duh_OZ
==========its reassuring to pc novices, and verifies that I do "have" an anti-virus
program running on my pc.
That can work 2 ways. I've had malware attachments even though the e-
mails had 'certified virus free by *insert AV name*'. Of course the e-
mail was never scanned by any vendor, the text was added in to give
the impression the attachment was scanned.
T
tommy
==========its reassuring to pc novices, and verifies that I do "have" an anti-virus
program running on my pc.
That can work 2 ways. I've had malware attachments even though the e-
mails had 'certified virus free by *insert AV name*'. Of course the e-
mail was never scanned by any vendor, the text was added in to give
the impression the attachment was scanned.
perfection is hard to attain. I settle in such cases for 99% where it's not.
I can't tag messages because gmail uses ssl, but since I use gmail now, the
incoming mail is scanned by them . Moot point