A
Adonis Grooming
I got a virus
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
F
Freek Verstraten
Adonis Grooming schreef:
Format c: /u
I got a virus
Format c: /u
G
Gabriele Neukam
On that special day, Adonis Grooming,
([email protected]) said...
http://michigan.gov/mdch/0,1607,7-132-2940_2955_22779-122071--,00.html
Or did you mean a different one :-?
Gabriele Neukam
(e-mail address removed)
([email protected]) said...
Here:I got a virus
http://michigan.gov/mdch/0,1607,7-132-2940_2955_22779-122071--,00.html
Or did you mean a different one :-?
Gabriele Neukam
(e-mail address removed)
B
Beauregard T. Shagnasty
Adonis said:I got a virus
Take two aspirin and call me in the morning.
D
David H. Lipman
L
Larry Sabo
[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
http://www.viruslist.com/en/search?VN=Trojan.BAT.FormatCU&referer=kav
Kaspersky details were...
detected: trojan program Trojan.BAT.FormatCU Mail body:
[From:"Freek Verstraten" <" glider306-winglet"@yahoo.com>][Subject:Re:
Virus][Time:2006/03/22 12:39:38]\text/plain
Agent provides posts in text only so I'm amazed that this can contain
a trojan. Or is this likely just a false alarm?
Larry
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
http://www.viruslist.com/en/search?VN=Trojan.BAT.FormatCU&referer=kav
Kaspersky details were...
detected: trojan program Trojan.BAT.FormatCU Mail body:
[From:"Freek Verstraten" <" glider306-winglet"@yahoo.com>][Subject:Re:
Virus][Time:2006/03/22 12:39:38]\text/plain
Agent provides posts in text only so I'm amazed that this can contain
a trojan. Or is this likely just a false alarm?
Larry
B
Beauregard T. Shagnasty
Larry said:[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
<lol> It was just text.
Format c: /u
That beta must need work, eh?
P
pcbutts1
Your news server must strip binaries from non binary groups
--
The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
--
The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
Beauregard T. Shagnasty said:Larry said:[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
<lol> It was just text.
Format c: /u
That beta must need work, eh?
B
Beauregard T. Shagnasty
pcbutts1 said:Your news server must strip binaries from non binary groups
Nope. Just looked at the message via another news server, and same
thing. Just that line of text. And I know RoadRunner's news server does
not strip attachments.
A
Art
[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
http://www.viruslist.com/en/search?VN=Trojan.BAT.FormatCU&referer=kav
Kaspersky details were...
detected: trojan program Trojan.BAT.FormatCU Mail body:
[From:"Freek Verstraten" <" glider306-winglet"@yahoo.com>][Subject:Re:
Virus][Time:2006/03/22 12:39:38]\text/plain
Agent provides posts in text only so I'm amazed that this can contain
a trojan. Or is this likely just a false alarm?
I saw the post you're apparently referring to, and it was in plain
text. I suggest that you disable KAV so you can read the message.
Then try a experiment. Send yourself a email which has the line of
text that triggers KAV. I'm not going to type the line since you
might have KAV running and not be able to read this post. Once you
confirm that KAV is blocking plain text messages having such a line
of text, get on their case!!! You are a Beta tester, right?
Art
http://home.epix.net/~artnpeg
L
Larry Sabo
Art said:On Wed, 22 Mar 2006 22:19:05 -0500, Larry Sabo
I saw the post you're apparently referring to, and it was in plain
text. I suggest that you disable KAV so you can read the message.
Then try a experiment. Send yourself a email which has the line of
text that triggers KAV. I'm not going to type the line since you
might have KAV running and not be able to read this post. Once you
confirm that KAV is blocking plain text messages having such a line
of text, get on their case!!! You are a Beta tester, right?
Art
http://home.epix.net/~artnpeg
Hi Art,
I wasn't about to disable Kaspersky just to see if it was a false
alarm, even through I have a recent image to restore. I'll try sending
myself an e-mail with the text mentioned ny others and see if
Kaspersky allows it, then provide results to Kaspersky. The post with
the command text wasn't rejected by KAV.
Yes, I'm beta testing Kaspersky 6, and find it terrific. KAV 5 really
slows down my startups but not KAV 6 Beta 2.
Cheers,
Larry
L
Larry Sabo
Beauregard T. Shagnasty said:Larry said:[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
<lol> It was just text.
Format c: /u
That beta must need work, eh?
Thanks for that. Funny that your post witht he same text wasn't
flagged by Kaspersky. I'll report the results in the KAV forum.
Cheers,
Larry
J
Jake Dodd
Larry Sabo said:[deleted by Kaspersky 6 beta 2]
Yikes, Kaspersky detected Trojan.BAT.FormatCU when I opened this post
in Agent! VirusList says no description is currently available for
this item....
http://www.viruslist.com/en/search?VN=Trojan.BAT.FormatCU&referer=kav
Kaspersky details were...
detected: trojan program Trojan.BAT.FormatCU Mail body:
[From:"Freek Verstraten" <" glider306-winglet"@yahoo.com>][Subject:Re:
Virus][Time:2006/03/22 12:39:38]\text/plain
Agent provides posts in text only so I'm amazed that this can contain
a trojan. Or is this likely just a false alarm?
I think it is an appropriate alert. Actually no worse than alerting to malified
boot sector image files, after all it did say "mail body" in the alert. Neither
are dangerous until they become an executable program. Change the .nws
to .bat and it will execute, the DATE field causes invalid date and asks the
user to input the correct date - and you really don't want to do that because
the fomat line will be the next to actually execute.
It doesn't take much more than a .reg file to make .txt files act like .bat files
and the regfile that does this might not be detected also. An attacker could
place the texfile in the startup group after altering the registry to treat .txt as
it does .bat.
I haven't actually tested this, but it seems plausible.
The idea that some filetypes are safe is wrongheaded IMO.