redwolfe_98
join:2001-06-11
 ·RoadRunner Cable
2 edits | reply to MagnusM
Re: Analysis of an Ecard Exploit Page
thanks, magnus.. i have been downloading a lot of those ecard.exe files and then uploading them to "virustotal", sometimes submitting them to av-vendors, as well..
today, i noticed that something was strange with the webpage where i was downloading another one of the ecard files from and i wanted someone to look at it, though i never contacted anyone about it..
i have been kind of paranoid because when i tried to download the ecard file, the first time, i clicked cancel but then it downloaded anyway, where "antivir" then flagged it.. (uhg) i didn't have all of my security-apps up at the time, either..
i wasn't able to find anything that indicated that my computer was infected by the malware.. i booted into safe mode and looked for the "spooldr.exe" and "spool.sys" files..
i also tried going through the same routine again, only with my other security-apps running to see if anything was flagged, but it wasn't..
the ecard files that i downloaded today would infect the cdrom.sys file instead of the tcpip.sys file..
i am glad that misec is at least looking into this zhelatin stuff..
as for checking for the patch, running the "belarc advisor" would be one way to do it, or (for me) to look at the update-history at the "windows updates" website.. belarc seems like the easy way to do it..
i deleted all of the windows updates log files, so i can't check those..
update: i just ran the "belarc advisor" and i can see that i have the update, according to the belarc advisor.. |
