On Fri, 03 Sep 2004 06:00:27 +0200, Scenobro <[EMAIL PROTECTED]> wrote: > I found an explorer.exe in my system32 folder which I believe take > precedence over the real explorer.exe located in c:\windows. > It's a 92K file that seems to be a visual basic program. Among the > strings contained in it there is a "C:\TestDL.exe" which I didn't find > on my disk and a url "http://www.getupdate.com/TestDownload.exe"; which > does't exists. (the home page of that site is a textfile containing only > "SB2"). > I sent the file to virustotal.com and they found nothing. > Where I can send this file for analysis?
The Internet Storm Center also has a malware analysis group, and they coordinate with the major AV vendors; you can submit the file and relevant information at http://isc.sans.org/contact.php or via email to [EMAIL PROTECTED] (I think). -- Kyle Maxwell [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
