Johannes Schneider to Peter B. Harvey: > > This virus at the time of my posting this is only detedted by > > Kasperski and I cannot find any detail on the virus. Came in the > > email as given below. > > > > URL for the virus http://www.alias-search.com/images/msits.exe > > Also found was the following url also the same virus > > http://www.alias-search.com/images/msitsa.exe > > > > Kasperski detects it as msits.exe - infected by > > Backdoor.Win32.Haxdoor.dw > > > > Anyone with info on this virus? > > infos about msits.exe > http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39520
Note that Kaspersky thought it was a "Haxdoor" variant. Most AV engines use that name for this family (except McAfee's BackDoor-BAC). While the URL you refer to does mention msits.exe, it seems very unlikely on its face to be relevant to Peter's request. The msits.exe that was available from the URL Peter posted was approx 50KB (and FSG- packed at that) but the web page you offerred refers to an msits.exe of a mere 6656 bytes, which is quite likley packed too, but it doesn't say. Mind you, there are several non-packed Win32 PE downloaders (and the msits.exe described at that ZL URL is a downloader) that weigh in at 4096 or fewer bytes... Anyway, basic malware point -- filenames alone are not sufficiently diagnostic for something like what you did to _generally_ be helpful. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
