[Dshield] Latest A/V update from Symantec detects RockXP 3.0 as having Infostealer.Bancos.gen
John B. Holmblad
jholmblad at aol.com
Sun Feb 17 18:42:39 GMT 2008
All,
I don't know if anyone else has seen this but I have a case where, on an
XP SP2 system, Symantec Norton A/V with the latest signature files
(dated 2/15/08) caught and eradicated
Infostealer.Bancos.gen
inside of a .exe file,
RockXP3.exe.
For those not familiar RockXP is a tool for extracting product keys and,
apparently, passwords.
Here is some commentary on this (apparently) false positive phenomenon:
http://www.majorgeeks.com/download4138.html
and here is the url to the www page at the Symantec www site that
describes the malware:
http://www.symantec.com/security_response/detected_writeup.jsp?name=Infostealer%2EBancos%2Egen
The interesting thing is that the RockXP.exe file had been sitting on
this system for over 2 years (unused I think).
Here is the url to the rockxp www site:
http://www.rockxp.org/
--
Best Regards,
John Holmblad
Televerage International
GSEC Gold, GCWN Gold, GAWN, GGSC-0100, NSA-IAM, NSA-IEM
Information security, telecommunications, and information technology
consulting
(M) 703 407 2278
(F) 703 620 5388
primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net
More information about the list
mailing list