| View previous topic :: View next topic |
| Author |
Message |
white_cloud_8
Lieutenant
Joined: Sep 07, 2004
Posts: 249
Location: Canada
|
 Posted: Fri Jun 10, 2005 12:19 am Post subject: file found |
|
|
Hi,
Last night I did a virus scan, and, it came up with one infected file called:
WORM/SQL.Slammer_dmp
I deleted it but, what is it and how does it affect my PC?
|
|
| Back to top |
|
 |
mav1976
Sergeant
Joined: May 22, 2005
Posts: 116
|
| Posted: Fri Jun 10, 2005 7:16 am Post subject: |
|
|
Hi,
where was the virus found? Have a look into the log files from AntiVir. [C:\Program files\AVPersonal\Logfiles]
We need more informations about your finding and your operation system.
_________________
gruß mav
|
|
| Back to top |
|
|
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
| Posted: Fri Jun 10, 2005 1:24 pm Post subject: |
|
|
Hi white_cloud_8,
Hopefully you caught this thing before it had a chance to do any damage. But to be sure you should:-
1) delete your temp files (click Start/Run then type cleanmgr and click O.K.),
2) disable system restore (if it applies to your O.S.), and
3) reboot into 'safe mode' and do a full system scan with AntiVir.
Before scanning you should update AntiVir to ensure you are using the latest definitions. You should also configure AntiVir to search 'All files' - rather than just 'Program and macro files' (you do this by clicking 'Scan Settings'/'Search' and selecting 'All files'). Also ensure that AntiVir is set to search within 'Archives'.
Let us know the result, together with the info requested by mav above.
You can find out some more about this family of worms here:-
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
The worm is also detected by Avert Stinger, so if need be you could D/L and run this tool (in 'safe') for a second opinion:- http://vil.nai.com/vil/stinger/
|
|
| Back to top |
|
|
white_cloud_8
Lieutenant
Joined: Sep 07, 2004
Posts: 249
Location: Canada
|
| Posted: Sat Jun 11, 2005 7:27 pm Post subject: |
|
|
Creation date of the report file: Wednesday, June 08, 2005 20:28
AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.0.17 (0) of 08.06.2005
This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.
Scanning for 176306 virus strains and unwanted programs.
Licensed for: AntiVir Personal Edition
Serial number: 0000149996-WURGE-0001
Please enter the workstation and
contact name with phone number in this form:
Name ___________________________________________
Street ___________________________________________
Town ___________________________________________
Phone/Fax ___________________________________________
Email ___________________________________________
Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username: Administrator
Computername: MASUZUMI
Processor: Pentium
Working memory: 515048 KB free
Version information:
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVEWIN32.DLL : 6.31.0.5 823808 07.06.2005 18:21:16
AVGNT.EXE : 6.31.00.01 168039 07.06.2005 11:34:48
AVGUARD.EXE : 6.31.00.01 238120 07.06.2005 11:34:48
GUARDMSG.DLL : 6.30.00.02 94248 03.03.2005 17:09:38
AVGCMSG.DLL : 6.31.00.00 295029 07.06.2005 11:34:48
AVGNTDW.SYS : 6.31.00.01 32896 07.06.2005 11:34:48
AVPACK32.DLL : 6.31.00.03 323664 07.06.2005 11:34:48
AVGETVER.DLL : 6.30.00.00 24576 03.03.2005 17:09:36
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVSHLEXT.DLL : 6.30.00.01 40960 03.03.2005 17:09:38
AVSched32.EXE : 6.30.00.00 110632 03.03.2005 17:09:38
AVSched32.DLL : 6.30.00.00 122880 03.03.2005 17:09:38
AVREG.DLL : 6.30.00.03 41000 03.03.2005 17:09:38
AVRep.DLL : 6.31.00.08 1155112 07.06.2005 18:21:24
INETUPD.EXE : 6.31.00.02 249915 07.06.2005 11:34:50
INETUPD.DLL : 6.31.00.02 143360 07.06.2005 11:34:48
CTL3D32.DLL : 2.31.000 27136 29.08.2002 07:00:00
MFC42.DLL : 6.02.4131.0 1028096 04.08.2004 02:56:42
MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : 7.0.2600.2180 343040 04.08.2004 02:56:44
CTL3DV2.DLL : 2.31.000 27632 21.12.1998 19:47:30
Configuration file:
Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown
Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report
Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information
Abridge report file:
[ ] Abridge report file
Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged
Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100
Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[X] All files
[ ] Program files
Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm
Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore
Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date
Drag&drop settings:
[X] Scan subdirectories
Profile settings:
[X] Scan subdirectories
Archive options
[X] Search archive
[X] All archive types
Miscellaneous options:
Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start
General settings:
[X] Save options on exiting AntiVir
Priority: high
Drives:
A: Floppy drive
C: Hard disk
D: Hard disk
E: CD-ROM
F: CD-ROM
G: Floppy drive
H: Floppy drive
Start of scan: Wednesday, June 08, 2005 20:28
Memory test OK
Master boot record of hard disk HD0 OK
Master boot record of hard disk HD1
The record could not be read!
Error code: 0x0015
Master boot record of hard disk HD2
The record could not be read!
Error code: 0x0015
Boot record of drive C: OK
Boot record of drive D: OK
C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Administrator
ntuser.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
Advertisingcom.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AvenueAInc9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite53.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite54.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite55.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite56.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite57.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite58.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite59.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite60.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite61.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BFast6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CommissionJunction5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eZulaHotText.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FastClick.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FastClick1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MediaPlex.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MediaPlex1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MediaPlex2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MediaPlex3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SaveNow.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SearchForIt.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SearchForIt1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SearchForIt2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SexList.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TargetNet.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WildTangent.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WildTangent1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WildTangent2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WildTangent3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsMediaPlayer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\LocalService
NTUSER.DAT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\NetworkService
NTUSER.DAT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Program Files\Sygate\SPF
rawlog.log
[DETECTION] Contains signature of the worm WORM/SQL.Slammer.dmp
Could not be deleted!
Error! Could not change directory: System Volume Information
C:\WINDOWS\SoftwareDistribution\EventCache
{8BD02016-40ED-496A-AA53-E2BC417A8FBC}.bin
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
default.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
End of scan: Wednesday, June 08, 2005 21:19
Time taken: 50:59 min
4552 directories were scanned
212137 files were scanned
26 warning messages were issued
0 files were deleted
0 files were repaired
1 detection
|
|
| Back to top |
|
|
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
| Posted: Sat Jun 11, 2005 9:21 pm Post subject: |
|
|
Hi white_cloud_8,
This is the relevant entry in your log:-
| Quote: | C:\Program Files\Sygate\SPF
rawlog.log
[DETECTION] Contains signature of the worm WORM/SQL.Slammer.dmp
Could not be deleted! |
Why your firewall logs are being found as a worm I don't know; according to the AVPE log it could not be deleted - probably because it was in use at the time. If it was deleted it would be in your infected folder (C:\Program Files\AVPersonal\Infected). This looks like a FP, hopefully it won't happen again, but no harm would have been done by deleting this log in any case because they are regularly turned over.
|
|
| Back to top |
|
|
white_cloud_8
Lieutenant
Joined: Sep 07, 2004
Posts: 249
Location: Canada
|
| Posted: Sun Jun 12, 2005 1:09 am Post subject: |
|
|
the 'INFECTED' folder is empty, what should I do now?
|
|
| Back to top |
|
|
white_cloud_8
Lieutenant
Joined: Sep 07, 2004
Posts: 249
Location: Canada
|
| Posted: Sun Jun 12, 2005 6:59 am Post subject: |
|
|
The virus scan is safe mode detected nothing.
|
|
| Back to top |
|
|
mav1976
Sergeant
Joined: May 22, 2005
Posts: 116
|
| Posted: Sun Jun 12, 2005 7:34 am Post subject: |
|
|
Hi white_ cloud_8,
please pack and emailed this log file to virus@free-av.com with a short description. Your packed file (zip/rar etc.) should be protected with a password. Don't forget to inform H+BEDV the password in your e-mail and please reply. 
_________________
gruß mav
|
|
| Back to top |
|
|
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
| Posted: Sun Jun 12, 2005 2:07 pm Post subject: |
|
|
white_cloud_8, your 'Infected' folder is empty because AVPE was unable to delete the file (for whatever reason); but the fact your 'safe' scan found nothing suggests that either the file was subsequently deleted in the normal course of events or this was a false positive that has been corrected by the latest definitions.
However if it happens again please do as mav suggests above.
|
|
| Back to top |
|
|
white_cloud_8
Lieutenant
Joined: Sep 07, 2004
Posts: 249
Location: Canada
|
|
| Back to top |
|
|
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
| Posted: Sun Jun 12, 2005 6:00 pm Post subject: |
|
|
If you find you still have this file being 'detected' by AntiVir then you should Zip the file up (using WinZip or WinRar or similar) into a password protected archive and submit it via email to that address. In the email you should give the password you have allotted to the file together with a brief explanation, stating that AntiVir has detected C:\Program Files\Sygate\SPF rawlog.log as WORM/SQL.Slammer_dmp. and you think it may be a false positive.
H+BEDV will then examine the file and inform you of the result. If necessary they will amend their definitions so that the file is not detected in future (if it is a FP!).
|
|
| Back to top |
|
|
mav1976
Sergeant
Joined: May 22, 2005
Posts: 116
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
. Send the log file I just posted to that email address with the question I asked on this thread?
I must still learn a lot. Especially in my understanding.
<--
