Does McAfee alter inbound infected .exe s?

  • Thread starter Thread starter S.Boardman
  • Start date Start date
S

S.Boardman

Hi. At what point does McAfee step in? A family member received an
attachment with the same filename as a trojan (hdkp5b.exe). We have reason
to believe it was sent on purpose. That aside, it only appears to be one
byte long.

AFAIAA, McAfee would intervene if you tried to run the attachment. Is
doesn't alter it leaving a 1 byte shell, does it?
 
Hi. At what point does McAfee step in? A family member received an
attachment with the same filename as a trojan (hdkp5b.exe). We have reason
to believe it was sent on purpose. That aside, it only appears to be one
byte long.

AFAIAA, McAfee would intervene if you tried to run the attachment. Is
doesn't alter it leaving a 1 byte shell, does it?
Click to expand...

Not that I've ever heard of.
The Swen worm sends messages like that though. Could I get a look at
this email - can you forward it?

Carol
 
Not that I've ever heard of.
The Swen worm sends messages like that though. Could I get a look at
this email - can you forward it?

Carol
Click to expand...
Not easily :-( I have one that was sent via the webmaster addy on their
web site but ZoneAlarm quarantines it, and even if I override it, I think it
stays altered. The original isn't on my home machine, and I won't be going
there until the weekend. I could instructions over the phone, but it's a
PITA as the ISP refuses executables, and the user is a complete newbie to
this sort of thing.
Reply privately to this with a safe address for me to send it to and I can
do it at the w/e. You might want to look at
http://www.hackology.com/programs/hdkp/ginfo.shtml
This was the attempted file send, we think (the 5b version). Trying to work
out why it's only 1 byte.
BTW the 'hook line' on these e-mail wasn't random, they were specific to the
situation. Eg, the one to webmaster (this guy doesn't know me personally),
is about improving the web site.
 
Hi. At what point does McAfee step in? A family member received an
attachment with the same filename as a trojan (hdkp5b.exe). We have reason
to believe it was sent on purpose. That aside, it only appears to be one
byte long.

AFAIAA, McAfee would intervene if you tried to run the attachment. Is
doesn't alter it leaving a 1 byte shell, does it?
Click to expand...

Check and make sure that isn't 1 KB.
1 KB is enough to run a small html or exe.
Gigi
 
No....

Dave



| Hi. At what point does McAfee step in? A family member received an
| attachment with the same filename as a trojan (hdkp5b.exe). We have reason
| to believe it was sent on purpose. That aside, it only appears to be one
| byte long.
|
| AFAIAA, McAfee would intervene if you tried to run the attachment. Is
| doesn't alter it leaving a 1 byte shell, does it?
| --
| Susan
|
|
 
Check and make sure that isn't 1 KB.
1 KB is enough to run a small html or exe.
Gigi
Click to expand...
No. OE reports it as 4 bytes. Further checking reveals 1 byte, 4 bytes used
on disk. Or something like that.
 
Back
Top