Winload.log and W32.Dumaru.Y@mm

  • Thread starter Cristiano Guglielmetti
  • Start date
C

Cristiano Guglielmetti

Hi all,

my NAV2003 detected and removed W32.Dumaru.Y@mm on XP PRO.

After that I'd verified following the doc:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

It still open a question. The worm uses a file (%Windir%\winload.log) as
e-mail address archive to use to forward itself. The Symantec document
doesn't explain what to do with this file after NAV removed the worm.

On others XP PRO with no worms the file does not exist.

R'grds
Cristiano Guglielmetti
http://xoomer.virgilio.it/guglielmetti/
 
T

Tim H.

Cristiano Guglielmetti said:
Hi all,

my NAV2003 detected and removed W32.Dumaru.Y@mm on XP PRO.

After that I'd verified following the doc:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

It still open a question. The worm uses a file (%Windir%\winload.log) as
e-mail address archive to use to forward itself. The Symantec document
doesn't explain what to do with this file after NAV removed the worm.
Click to expand...

Well, the document says that it saves the retrieved email addresses in
winload.log. It's not viral, so you could leave it. Or, just delete it. It's
not a legitimate file.

-Tim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Alert! W32.Welchia.B.Worm 3
w32.chod.d and the hosts file 7
Problem with W32.ElKern.4926 2
Help Unable to Regedit! 1
Attention new worm ! W32/Rizalof.B.worm 4
Found the W32/Swen@MM virus (System Restore and Registry Problem) 3
W32.Spybot.Worm and fileshares 2
W32.spybot.worm still alive after HDD format and XP home reinstall 10

Top