This is not good at all...
*WARNING* Save your work berfore following this link or it will be lost if you use XP. It will make you log off and will close all applications. . . Can't find any patch for this use of cmd. exe over at ms, hope they post one soon.
*WARNING* Save your work berfore following this link or it will be lost if you use XP. It will make you log off and will close all applications...
http://www.krypton3d.com/xp
Can't find any patch for this use of cmd.exe over at ms, hope they post one soon...
What I would like to know is, does your AV-software detect this?
Mine does not - Norton Corp 7.60
/Toby
http://www.krypton3d.com/xp
Can't find any patch for this use of cmd.exe over at ms, hope they post one soon...
What I would like to know is, does your AV-software detect this?
Mine does not - Norton Corp 7.60
/Toby
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Mine didn't either (McAfee Corp. 4.5.1) but this isn't a function of virus scanners. This is more of a command being issued to a program from within the program itself. It's a lot like when all those people that had their IIS servers attacked by Code Red/CRII and wound up getting infected. They wondered why their AV software (or firewalls) didn't protect them; it wasn't their job, that's why. The ability to execute this instruction will have to be patched by MS on this one.
I'm surprised that any would, but hey more power to them. Do you think that this was just some sort of signature-type update, or a behavior watching function? And if it was looking for this type of behavior, I wonder how it would tell the difference between something annoying/hostile and an intended behavior, like something setup on an Intranet or some sort of maintenance site.
I really don't know, but it's my guess that it monitor temporary internet files for a spawn of a commandshell but thats just a guess. I have not seen this myself, it's just what I was told by a guy running F-secure. I'll check if there's a trail and try it myself
Got nothing better to do anyway, just trying to ignore my hangover
/Toby
Got nothing better to do anyway, just trying to ignore my hangover
/Toby
Ok, I tried it... It pops up with a warning and then logs me off
So it catched it but couldnt do anything about it. Reinstalling NAV Corp...
From EventLog:
Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 2002-03-09
Time: 20:50:24
User: N/A
Computer: BTE1
Description:
2 2002-03-09 20:50:24+02:00 bte1 BTE1\Toby F-Secure Anti-Virus
Malicious code found in file C:\Documents and Settings\Toby\Local Settings\Temporary Internet Files\Content.IE5\XMHHK7FI\xp[1].htm.
Infection: Exploit.CodeBaseExec
Action: none.
/Toby
So it catched it but couldnt do anything about it. Reinstalling NAV Corp...
From EventLog:
Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 2002-03-09
Time: 20:50:24
User: N/A
Computer: BTE1
Description:
2 2002-03-09 20:50:24+02:00 bte1 BTE1\Toby F-Secure Anti-Virus
Malicious code found in file C:\Documents and Settings\Toby\Local Settings\Temporary Internet Files\Content.IE5\XMHHK7FI\xp[1].htm.
Infection: Exploit.CodeBaseExec
Action: none.
/Toby
