[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]




> -----Original Message-----
> From: Dan Lange [mailto:lange92 at 2067.resnet.uni.edu]
> Sent: Tuesday, 29 January 2002 3:46 PM
> To: rtems-users at oarcorp.com
> Subject:
>
>
> Hrmph. Looks like someone is sending around a windows binary. Possible
> virus? I uudecoded the files, appended a begin line to conform to the
> uuencoding format, and produced a file that contained the following
> symbols, among many others....
>
> KERNEL32.DLL
> ADVAPI32.dll
> SHELL32.dll
> WSOCK32.dll
> LoadLibraryA
> GetProcAddress
> ExitProcess
> RegCloseKey
> ShellExecuteA
>
> As I'm not on a Windows platform I cannot attempt to examine the files.
> However, I would note that since the headers seem to indicate use of an
> open relay and the use of an anonymizer of some sort, I'd consider the
> file(s) suspect--if anyone else received them.
>
> Nevertheless, I must say these messages do seem rather strange...
>
> DanL
>
I tried this, and ran the result through our virus checker (VET, up to date
as of 29 Jan)
No virus was detected, but this could be any flavour of trojan horse...

Tony Butt
CEA Technologies