Winload.log and W32.Dumaru.Y@mm

  • Thread starter Thread starter Cristiano Guglielmetti
  • Start date Start date
C

Cristiano Guglielmetti

Hi all,

my NAV2003 detected and removed W32.Dumaru.Y@mm on XP PRO.

After that I'd verified following the doc:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

It still open a question. The worm uses a file (%Windir%\winload.log) as
e-mail address archive to use to forward itself. The Symantec document
doesn't explain what to do with this file after NAV removed the worm.

On others XP PRO with no worms the file does not exist.

R'grds
Cristiano Guglielmetti
http://xoomer.virgilio.it/guglielmetti/
 
Cristiano Guglielmetti said:
Hi all,

my NAV2003 detected and removed W32.Dumaru.Y@mm on XP PRO.

After that I'd verified following the doc:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

It still open a question. The worm uses a file (%Windir%\winload.log) as
e-mail address archive to use to forward itself. The Symantec document
doesn't explain what to do with this file after NAV removed the worm.
Click to expand...

Well, the document says that it saves the retrieved email addresses in
winload.log. It's not viral, so you could leave it. Or, just delete it. It's
not a legitimate file.

-Tim
 
Back
Top