Blackworm

Discussion in 'other firewalls' started by twodogs44, Jun 30, 2007.

Thread Status:
Not open for further replies.
  1. twodogs44

    twodogs44 Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    109
    Can anyone tell me about the following, it came in my Sygate Security Log.

    [364] Agentless HTTP request to www.microsoft.com, possible BlackWorm infection dectected

    Is there something here I should be worried about? I have ran Nod32 and searched for the word in my files. If you have any help I will happy to get it.

    Thanks Twodogs44
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    A request to test connectivity to microsoft.com which has the same pattern as Blackworm.

    FYI Blackworm disables antivirus and adds itself to auto start list.
     
  3. twodogs44

    twodogs44 Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    109
    Thanks Meriadoc for your reply. My next question is as follows....Would Sygate not know the difference between the two?
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well this is why you see the log entry. Sygate is saying something has happened that has the same characteristics as this worm.

    Probably not but I have'nt seen the rest of your log and I'm not infront of the machine. I would say Sygate/Nod32 are doing their job but if you are worried google Blackworm and have a look at the symptoms of the worm or do a couple of online scans and get a second opinion.

    Second opinions
    Kaspersky activeX
    Ewido micro
     
    Last edited: Jul 1, 2007
Thread Status:
Not open for further replies.