Title: Message
Look in Service control panel for"netinfo"
and a target file netinfo.exe. You'll likely have to kill netinfo.exe
somehow. Delete the services keyfrom your Registry then reboot if
necessary. Then you'll be able to delete both netinfo.exe and
orans.sys
G.Z.
-Original
I was looking at the Junkmail version comparison at
http://www.declude.com/Articles.asp?ID=95.
The Pro version has: Anti-filter Detection (Detects
tricks spammers use to bypass filters).
I'm not familiar with this. Can anyone enlighten
me?
Scott,
That is usually stuff like BASE64 decoding to match
filters against the body.
Darrell
---Check out http://www.invariantsystems.com for
utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow
Queue Monitoring, SURBL/URI
Orin, you've probably already licked the problem by now,
but I'll point out that since you posted this, there have been other reports of
this infection, and just as all roads lead to Rome, all Google searches lead
to:
http://www.sophos.com/virusinfo/analyses/w32tilebotj.html
The upshot
But it lists this as a feature for only the Pro
version.
- Original Message -
From:
Darrell
([EMAIL PROTECTED])
To: [EMAIL PROTECTED]
Sent: Sunday, August 21, 2005 9:09
PM
Subject: Re: [Declude.JunkMail] What is
Anti-filter Detection
Scott,
That
At 07:50 PM 8/21/2005, Colbeck, Andrew wrote:
Orin,
you've probably already licked the problem by
now,
Not certain. For all of Saturday and most of today we couldn't keep
the DNS link for more than an hour. I am crossing my fingers right now as
we are into the second hour here. I am not ready to
Set up DNS elsewhere, given how light it is and relatively
easy to set up. Then shut down DNS on your mailserver; it may be that the
malware is trying to communicate on port 53, as this is so often an easy way to
get through firewalls that are only doing port filtering.
Use "netstat -b"