andy mueller
2005-06-03 13:16:44 UTC
HI people I have had "wintcpmod" as well so I submitted it to norton
antivirus and they came back to me with this:
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: C:\WINDOWS\system32\wintcpmod.exe
machine: ALIEN
result: This file is infected with Backdoor.Trojan
Developer notes:
C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with
the latest rapidrelease definition detects this. Please delete this
file and replace it if neccessary. Please follow the instruction at the
end of this email message to install the latest rapidrelease
definitions.
Symantec Security Response has determined that the sample(s) that you
provided are infected with a virus, worm, or Trojan. We have created
RapidRelease definitions that will detect this threat. Please follow the
instruction at the end of this email message to download and install
the latest RapidRelease definitions.
Downloading and Installing RapidRelease Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection, connect
to any Web site, such as: http://securityresponse.symantec.com/
2. Click this link to the ftp site:
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe.
If it does not go to the site (this could take a minute or so if you
have a slow connection), copy and paste the address into the address bar
of your Web browser and then press Enter.
3. When a download dialog box appears, save the file to the Windows
desktop.
4. Double-click the downloaded file and follow the prompts.
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation
Should you have any questions about your submission, please contact
our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.
_________________________________________________________________
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
antivirus and they came back to me with this:
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: C:\WINDOWS\system32\wintcpmod.exe
machine: ALIEN
result: This file is infected with Backdoor.Trojan
Developer notes:
C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with
the latest rapidrelease definition detects this. Please delete this
file and replace it if neccessary. Please follow the instruction at the
end of this email message to install the latest rapidrelease
definitions.
Symantec Security Response has determined that the sample(s) that you
provided are infected with a virus, worm, or Trojan. We have created
RapidRelease definitions that will detect this threat. Please follow the
instruction at the end of this email message to download and install
the latest RapidRelease definitions.
Downloading and Installing RapidRelease Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection, connect
to any Web site, such as: http://securityresponse.symantec.com/
2. Click this link to the ftp site:
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe.
If it does not go to the site (this could take a minute or so if you
have a slow connection), copy and paste the address into the address bar
of your Web browser and then press Enter.
3. When a download dialog box appears, save the file to the Windows
desktop.
4. Double-click the downloaded file and follow the prompts.
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation
Should you have any questions about your submission, please contact
our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.
_________________________________________________________________
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/