J
Joel Rubin
Hi. I got an "upgrade from Microsoft" from Niftyserve, Japan, today
and NAV on my ISP's server didn't think it was a virus, NAV on my
computer (12/9 definitions, Live Upgrade said not needed) didn't think
upgrade.exe was a virus and I downloaded the newest defs for
f-prot.com and it didn't ID it as a virus. (I'll get today's defs for
NAV in a few hours when they come out.)
Obviously, everyone has seen dozens and maybe hundreds of "upgrades
from Microsoft" ID'ed as viruses by now.
12/15/2004 10:36 AM 24,015 UPGRADE.EXE
There are no obvious "ha ha, you're infected" or packing program
strings. There's "Rich:" between the DOS executable MZ string and the
Win32 executable PE string.
and NAV on my ISP's server didn't think it was a virus, NAV on my
computer (12/9 definitions, Live Upgrade said not needed) didn't think
upgrade.exe was a virus and I downloaded the newest defs for
f-prot.com and it didn't ID it as a virus. (I'll get today's defs for
NAV in a few hours when they come out.)
Obviously, everyone has seen dozens and maybe hundreds of "upgrades
from Microsoft" ID'ed as viruses by now.
12/15/2004 10:36 AM 24,015 UPGRADE.EXE
There are no obvious "ha ha, you're infected" or packing program
strings. There's "Rich:" between the DOS executable MZ string and the
Win32 executable PE string.