[Esa-l] Problem Virus
Brett Glass
brett at lariat.org
Tue Oct 31 05:06:29 PST 2000
At 05:25 AM 10/31/2000, Floyd Pierce wrote:
>Yesterday, I had a regional controller who showed up with this:
>
>http://www.symantec.com/avcenter/venc/data/w95.mtx.html
>
>I can't say whether it got through the procmail-filter or not
>but I would suggest taking a look at it. If I had the machine
>in hand, it probably wouldn't be impossible to fix, but it did
>enough damage that I'll probably have to have him fed-ex the
>machine in to get it fixed (probably a re-load).
>
>I think there is fodder for the poisoned list here:
[Snip]
The recommended "poisoned" list already includes *.pif. It does
not include *.scr. "scr" is a type normally reserved for
Windows screen savers. one renames an "exe" file to have this
extension and places it in the C:\WINDOWS\SYSTEM directory
to make it available as one of the options in the list of
screen savers. Because it can be executed with a click, it
is already on the default mangling list and should probably
be "poisoned" too.
--Brett
More information about the esd-l
mailing list