Hi Scenobro, I've had success sending the file to McAfefe's AVERT WebImmune (http://www.webimmunite.net). You can register as a new user and submit through the web interface, or you can simply e-mail the file to [EMAIL PROTECTED] I'd recommend registering as they will provide you with the scan result immediately. Additionally, if you use McAfee, they will provide you with updated virus definition files to clean the machine.
Best of luck, Pat -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Maxwell Sent: Friday, September 03, 2004 12:23 PM To: Scenobro Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Where to submit a suspected trojan or virus? On Fri, 03 Sep 2004 06:00:27 +0200, Scenobro <[EMAIL PROTECTED]> wrote: > I found an explorer.exe in my system32 folder which I believe take > precedence over the real explorer.exe located in c:\windows. > It's a 92K file that seems to be a visual basic program. Among the > strings contained in it there is a "C:\TestDL.exe" which I didn't find > on my disk and a url "http://www.getupdate.com/TestDownload.exe"; which > does't exists. (the home page of that site is a textfile containing > only "SB2"). > I sent the file to virustotal.com and they found nothing. > Where I can send this file for analysis? The Internet Storm Center also has a malware analysis group, and they coordinate with the major AV vendors; you can submit the file and relevant information at http://isc.sans.org/contact.php or via email to [EMAIL PROTECTED] (I think). -- Kyle Maxwell [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
