>>>>
It is theirs<<<<
<http://uptime.netcraft.com/up/graph?mode_u=off&mode_w=on&site=www.symantec.com>http://uptime.netcraft.com/up/graph?mode_u=off&mode_w=on&site=www.symantec.com
Thanks to all who replied to this rather naive question. Dumb though it was, I learned a lot. The reason this was so perplexing is because there is also on my system the LUUPDATE.EXE file, which according to this:
http://www.phenoelit.de/stuff/LiveUpdate.txt
is part of this:
LUUPDATE.EXE is the trojan/backdoor/whatever file the attacker wants
the system to execute. NOREBOOT.DIS is a INI-like file that contains
the actions LiveUpdate should perform when downloading of the file is complete. It has the following content:
UPDATE (TempDir\*.EXE, LiveUpdateDir, 0)
LAUNCH (LiveUpdateDir, LUUPDATE.EXE, "", 0)
DELAYDELETE (LiveUpdateDir, LUUPDATE.EXE)
So, putting 2 and 2 together made me wonder. Evidently though LUUPDATE.EXE is a ligit file. Go figure.
And thanks for pointing out the above site too, very cool and will come in handy.
George
"Man performs, engenders so much more than he can or should have to bear. That�s how he finds that he can bear anything" William Faulkner.
