Not a false positive. Someone used a nasty USB drive that had an autorun virus on it. The autorun.inf had this in it:
l~-??A?<K??#?Ê??ed?ª?üXÜ??ÁüFl?æ?eëX?r?:M?à???Ñ?çs?Ç?Oü?EF??ëÓ??ÚÞÊN?d=?ú??[Y?????mÈm!Ã???çñvè?y?Êv_????É-/?Is?ù?,[ [autorun ;e???V open=trikfx/spomenar.exe ;Þm÷?Ç icon=%SystemRoot%\system32\SHELL32.dll,4 ;X]doÝ??a action=Open folder to view files using Windows Explorer ;?ëë$???µ] shell\\open\\\command=trikfx/spomenar.exe ;Là?ÿÜ??Üü`ásáµ????Dþ?é'?µ??rm?ò? shell\\explore\\command=trikfx/spomenar.exe ;??àg'æë? useautoplay=1 VirusTotal for this file: http://www.virustotal.com/analisis/e22b8e9b4fbdb876904373e647306a3f0a8d2c5bbb50e708a87464c83c962dba-1277992532 On Wed, Jun 30, 2010 at 4:06 PM, Mike Patterson <[email protected]> wrote: > On 10-06-30 12:05 PM, Craig Freyman wrote: > > When the AV flags a virus, what steps should you take to handle the > > situation? > > > > I would assume the following would be important to figure out: > [...] > > - ?? > > First and foremost: is this a false positive? > > Other than that, Josh Little's response is good. > > Mike > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
