G
Gargantu Butt
It's the file C:\NULL
Suddenly shortly after cold boot my fully updated(WinUp) and patched W98se
PC reported the above noted infection. It's Grisoft free AVG with the
latest updates. This PC is also protected by ZoneAlarm, Belkin WiFi router
with firewall, SpyBot(resident). A normal Shutdown was done 12 hours
earlier with no indication of any problems. There are still no indications
of any problems EXCEPT that AVG claims it's found this trojan. There have
been no floppy operations/mounts, no CD operations/mounts and no downloads
and installs of anything since an hour before shutdown last night and now.
From the DOS prompt I can see a file C:\NULL that has a 5/5/05 date. Since
5/5 both a full manual AVG and Trend HouseCall 6 run have been done on this
PC finding nothing.
So where and how did this file C:\NULL that AVG claims is Trojan horse
Downloader.Generic.ML appear from? Was it really there since 5/5 but went
unnoticed by both AVG and Trend HouseCall 6 and then this morning AVG
suddenly downloaded a new definition file which started seeing this trojan?
OR did something penetrate all the firewalls and suddenly spawn this file
which AVG quickly recognized?
What likely happened here?
The operation I was in the middle of when AVG popped up was reading a text
only no attachment NG message in OE 6.00.2800.1123.
Does the machine possess an ATI graphics card?
I got c:\null on my machine. File size is just shy of 1 MB.
Viewing the content I see mainly binary gibberish but what does stick
out prominently is numerous references to ATI drivers. The file looks
to be part of the ATI driver installer.
Text content includes weird stuff like:
ATI2I9AG
IDCGETMODESAVAILABLE
IDC_ENABLECRTCONTROLLER
IDCSETGAMMAMODE
and
Path INFO INIT 00 01 Driver SOFTWARE\ATI Technologies\...
QSInitForDisplayDriver ati2cqag.dll
and so on.
Can't say if your file is the same type of thing but I know mine had
me guessing for a while. I meant to move the file to a place of
quarantine but I forgot. The file date on my file is Nov 13, 2003
Joachim