worm in powerpoint

[david banner]

Kaspersky AV alerted me to worm win32.brontok.ct in power point file PPTVIEW.EXE

Has anyone had this before. Not much info - link below says spreads through email attachment but I had in PPTVIEW.EXE

http://www.sophos.com/security/analy...brontokct.html

[jle4044]

Same here. ZoneAlarm just caught it today, although mine was in pptview.msi (the windows installer). No other AV has ever alerted me to it before, not even ZA! I don't use Outlook (just hotmail and gmail) so I wasn't likely spreading anything.

BTW, I'm assuming that a worm like this would only be able to access address files in Outlook, not in hotmail or gmail, correct?

[david banner]

Quote:

Originally Posted by jle4044

BTW, I'm assuming that a worm like this would only be able to access address files in Outlook, not in hotmail or gmail, correct?

I don't know but that worm is around a long time isnt it, since 1999 I think so how come we got hit today?New variant?

[Baz_kasp]

Hi,

"The" pptview.exe in the microsoft office folder?


If so, please grab a copy of that file (from backup/quarantine if you deleted it), add it to a zip or rar archive and send it to newvirus@kaspersky.com in an email with subject line "possible false positive" and briefly explain what it is being detected as etc.

Viruslab will check it and correct the detection if it is incorrect.


Which ver of Office you have installed, scanned my 07 install and no detection.

[david banner]

Quote:

Originally Posted by Baz_kasp

Hi,

"The" pptview.exe in the microsoft office folder?

yes

Quote:

If so, please grab a copy of that file (from backup/quarantine if you deleted it), add it to a zip or rar archive and send it to newvirus@kaspersky.com in an email with subject line "possible false positive" and briefly explain what it is being detected as etc.

Sorry deleted it and deleted it from backup

Quote:

Which ver of Office you have installed, scanned my 07 install and no detection.

office 2007 PP 2007

[Macstorm]

Quote:

Originally Posted by david banner

office 2007 PP 2007

no probs with pptview.exe here.
Using office 2007, vista home prem. & kav 2009

[david banner]

Quote:

Originally Posted by Macstorm

no probs with pptview.exe here.
Using office 2007, vista home prem. & kav 2009

too late for me to find out if it was a fp now. does that mean pp won't work without that file?Vista home prem kav 7 updated

[jle4044]

Quote:

Originally Posted by Baz_kasp

"The" pptview.exe in the microsoft office folder?

Yes (and correction; mine wasn't the .msi file). It was in C:\Program Files\Microsoft Office\Power Point Viewer\PPTVIEW.EXE

Quote:

Originally Posted by Baz_kasp

If so, please grab a copy of that file (from backup/quarantine if you deleted it), add it to a zip or rar archive and send it to newvirus@kaspersky.com in an email with subject line "possible false positive" and briefly explain what it is being detected as etc.

Trying to find where ZA's quarantine folder is; once done, I can submit. (I'm not a regular Kaz user, btw. My main is ZA and I oftern use Kaz online scanner as a backup. Neither Kaz, BitDef, F-Secure, nor Trend Micro House call online scanners have ever found this. Not even ZA until today...and that Office file has been there over a year.

Quote:

Originally Posted by Baz_kasp

Which ver of Office you have installed, scanned my 07 install and no detection.

Mine is Office 2002.

[david banner]

Quote:

Originally Posted by jle4044

Yes (and correction; mine wasn't the .msi file). It was in C:\Program Files\Microsoft Office\Power Point Viewer\PPTVIEW.EXE.

same here

[Macstorm]

Quote:

Originally Posted by david banner

too late for me to find out if it was a fp now. does that mean pp won't work without that file?Vista home prem kav 7 updated

Try running the MS Office Diagnostic tool, it will repair any of your office apps.

[david banner]

Quote:

Originally Posted by Macstorm

Try running the MS Office Diagnostic tool, it will repair any of your office apps.

Ok thanks. EDIT: Where do I get that MS Office Diagnostic tool? I have discovered it is powerpoint 2003 that is missing PPTVIEW.EXE so I cannot open PP 2003. I downloaded it at http://www.wneies.org/codes.htm Does anyone know if that is safe site and if I can install it into the folder?