Got an alert on "Helix"

Discussion in 'NOD32 version 2 Forum' started by spy1, Apr 20, 2005.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    And I really don't know what to submit to have checked (it's a pretty big d/l).

    This was the alert:

    Time Module Object Name Virus Action User Info
    4/20/2005 11:29:52 AM AMON file C:\Documents and Settings\spy1\Local Settings\Temp\IR\Foundstone\MessengerScan.exe Win32/Exploit.MSNScan.105 trojan NONE-8EE7DS6F1Q\spy1
    and it was from a correct (according to the MD5) d/l from here:

    http://www.e-fense.com/helix/download.htm (the HTTP one from Virginia Tech).

    False positive? What exactly do I send to have it checked out? Pete
     
  2. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hopefully one of the Eset guys will see this and download the file to check it.

    I would also send a message to support with a link to this news thread and ask them to check it its a false positive or real.

    Cheers

    Jlo
     
  3. Happy Bytes

    Happy Bytes Guest

    He has since ages already a PM what to do :D
     
  4. Happy Bytes

    Happy Bytes Guest

    ...and he's just replying in this moment - i can hear the mites laughing in his keyboard :D
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    <g> Actually, the answer was a little clearer when I read the email about the alert from nod. It says "MessengerScan.exe infected with Win32/Exploit.MSNScan105 trojan", so I'm going to submit MessengerScan.exe .

    Sorry - lack of caffiene when that happened. Pete

    Hmm - not really sure that it sent correctly.

    Hmmm #2 - okay, it went that time (I think).
     
    Last edited: Apr 20, 2005
Thread Status:
Not open for further replies.