Brontok virus in modules\Tweaks\...
vof
01 Jul 2008
My AVG 8.0 is reporting I-Worm/Brontok.KO in this file. This is in a freshly created AutoPatcher folder for XP SP3. If this file is supposedly msconfig.exe from Win2K, it certainly has a different size to my Win2K SP4 executable. What do other users' AV progs report?
vof
vof
Cristiano
01 Jul 2008
you can check it at http://www.virustotal.com . this service check each file with several engines
James
01 Jul 2008
vof, on Jul 1 2008, 12:44 AM, said:
My AVG 8.0 is reporting I-Worm/Brontok.KO in this file. ...
This looks like a false reading by AVG. F-Secure with the latest updates (2008-07-01_02) finds NO virus
To be sure, check the MD5 hash of msconfig.exe (with md5deep, md5sum, HashCalc or others)
It should be 3c60aefa68efa2c4d13ab6b68fe82b81
vof, on Jul 1 2008, 12:44 AM, said:
If this file is supposedly msconfig.exe from Win2K, ...
No, this is msconfig for Win2k, not from Win2k.
--
James
vof
01 Jul 2008
James, on Jul 1 2008, 06:09 AM, said:
This looks like a false reading by AVG. F-Secure with the latest updates (2008-07-01_02) finds NO virus
To be sure, check the MD5 hash of msconfig.exe (with md5deep, md5sum, HashCalc or others)
It should be 3c60aefa68efa2c4d13ab6b68fe82b81
No, this is msconfig for Win2k, not from Win2k.
--
James
To be sure, check the MD5 hash of msconfig.exe (with md5deep, md5sum, HashCalc or others)
It should be 3c60aefa68efa2c4d13ab6b68fe82b81
No, this is msconfig for Win2k, not from Win2k.
--
James
Thanks for that. MD5 hash is OK. VirusTotal reports it clean, and interestingly, AVG 8.0 with most recent update from earlier today (270.4.3/1528) now thinks it is clean.
vof
James
01 Jul 2008
Thanks for the feedback. Every test I carried out this morning confirmed that this was a false alarm.
--
James
--
James
