Got an alert on "Helix"

And I really don't know what to submit to have checked (it's a pretty big d/l).

This was the alert:

Time Module Object Name Virus Action User Info
4/20/2005 11:29:52 AM AMON file C:\Documents and Settings\spy1\Local Settings\Temp\IR\Foundstone\MessengerScan.exe Win32/Exploit.MSNScan.105 trojan NONE-8EE7DS6F1Q\spy1
and it was from a correct (according to the MD5) d/l from here:

http://www.e-fense.com/helix/download.htm (the HTTP one from Virginia Tech).

False positive? What exactly do I send to have it checked out? Pete

 

Hopefully one of the Eset guys will see this and download the file to check it.

I would also send a message to support with a link to this news thread and ask them to check it its a false positive or real.

Cheers

Jlo

 

He has since ages already a PM what to do

 

...and he's just replying in this moment - i can hear the mites laughing in his keyboard

 

<g> Actually, the answer was a little clearer when I read the email about the alert from nod. It says "MessengerScan.exe infected with Win32/Exploit.MSNScan105 trojan", so I'm going to submit MessengerScan.exe .

Sorry - lack of caffiene when that happened. Pete

Hmm - not really sure that it sent correctly.

Hmmm #2 - okay, it went that time (I think).