And 45 days after I sent the worm to AVAST

[Shadow]

From: "Shadow" <Sh@dow>
The answer from VT...

"Well, it seems that there's something weird, as besides Avast, GData also doesn't detect
it here (using the Avast engine) so it could be a limitation of the command line scanner,
or maybe they detect it with an AV feature I don't have here :?"

Uploaded oswnbi.tar.gz to your site. I just picked it up at
the local hospital. AVG is running , fully updated, on the machine I
got it from. This time I booted into linux, tar.gz the file and posted
that. So you can see what the autorun.inf looks like. Notice it has
changed name again.
Virustotal
http://www.virustotal.com/analisis/...3d4d64925a263ec09c06ae34ace36e3bcc-1251300636
FWIW
Back to work .....

 

[David H. Lipman]

From: "Shadow" <Sh@dow>

| On Wed, 26 Aug 2009 06:08:41 -0400, "David H. Lipman"

| Uploaded oswnbi.tar.gz to your site. I just picked it up at
| the local hospital. AVG is running , fully updated, on the machine I
| got it from. This time I booted into linux, tar.gz the file and posted
| that. So you can see what the autorun.inf looks like. Notice it has
| changed name again.
| Virustotal
| http://www.virustotal.com/analisis/
| af8292fc53daeba7bd615d584af77c3d4d64925a263ec09c06ae34ace36e3bcc-1251300636
| FWIW
| Back to work .....

Got it, thanx !

 

[Shadow]

| Uploaded oswnbi.tar.gz to your site. I just picked it up at
| the local hospital. AVG is running , fully updated, on the machine I
| got it from. This time I booted into linux, tar.gz the file and posted
| that. So you can see what the autorun.inf looks like. Notice it has
| changed name again.
| Virustotal
| http://www.virustotal.com/analisis/
| af8292fc53daeba7bd615d584af77c3d4d64925a263ec09c06ae34ace36e3bcc-1251300636
| FWIW
| Back to work .....

They (virustotal) deleted the link."Link has expired". WTF ?
The older links still work, for the virus I uploaded almost 2 months
ago. Today's link expired and a 2 month old one valid ?
[]'s

 

[David H. Lipman]

From: "Shadow" <Sh@dow>


| They (virustotal) deleted the link."Link has expired". WTF ?
| The older links still work, for the virus I uploaded almost 2 months
| ago. Today's link expired and a 2 month old one valid ?


http://www.virustotal.com/analisis/...e3f2cd8667ae871418dbeb6b5f5b6ff3b8-1251319071

 

[Shadow]

From: "Shadow" <Sh@dow>


| They (virustotal) deleted the link."Link has expired". WTF ?
| The older links still work, for the virus I uploaded almost 2 months
| ago. Today's link expired and a 2 month old one valid ?


http://www.virustotal.com/analisis/...e3f2cd8667ae871418dbeb6b5f5b6ff3b8-1251319071

Your file has expired or does not exists.

[]'s

 

[David H. Lipman]

From: "Shadow" <Sh@dow>

| On Wed, 26 Aug 2009 19:49:46 -0400, "David H. Lipman"

| Your file has expired or does not exists.

I'll have VT admins look into it.

 

[redmonlee]

I was registered at your forum. I have printed the test message. Do not delete, please.


calcul financement courtier | simulation pret immobilier | taux credit de france simulation crédit immobilier sera le total du prêt calcul financement courtier | simulation pret immobilier | taux credit de france