[Dshield] Latest A/V update from Symantec detects RockXP 3.0 as having Infostealer.Bancos.gen

John B. Holmblad jholmblad at aol.com
Wed Feb 20 03:20:28 GMT 2008 

Kenneth,

thanks for sharing your insights.

My concern was heightened with respect to this system because, for the 
first time, after 4 years of use of it, I also noticed while researching 
the incident, that there is a FAT partition on the main system drive. It 
turns out Dell puts it there to contain some nice (alternate boot) 
diagnostic software of which others on this list are, I am sure,  well 
aware.

I guess the good news here is that the Dell hardware has lasted 4+ years 
without needing to use those diagnostics!

I am not a Symantec basher, but  I do wonder why it took Symantec 2 
years from when this file was put on this system to decide that this 
particular .exe (which, of course, was eradicated/deleted) is  now 
considered a virus.

I might be able to retrieve the file from a backup and if so I will 
submit it for evaluation by virustotal.


Best Regards,

 

John Holmblad

 

Televerage International

GSEC Gold,   GCWN Gold,   GAWN,  GGSC-0100,   NSA-IAM,  NSA-IEM

Information security, telecommunications, and information technology 
consulting

 

(M) 703 407 2278

(F)  703 620 5388

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 



Kenneth Coney wrote:
> PandaSoftware's online scan always reports some of my password cracking, 
> message finding, chat log examining, stegonography creating, alien 
> registry viewers, index.dat viewers and other assorted forensic type 
> tools as malware.  Since one or two of the tools I have seen Panda react 
> to were actually written by me, I suspect it isn't at all unusual for 
> hacking and password cracking utilities to be detected as malware if 
> their coding matches certain parameters. I fully concur the presence of 
> one or two such programs could and should justifiably cause panic if the 
> system owner didn't know they existed.
>
>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans.  http://www.sans.org/info/15826
>
>

More information about the list mailing list