Page 1 of 1
Warning or coincidence?
Posted: Tue Feb 23, 2010 6:47 pm
by Commander Trigg
Since downloading the latest versions of the Behemoth and Galactic Navy oxps, my anti-virus has detected a couple of threats appearing on my system.
It may be pure coincidence of course, as I was doing several other things at the same time and might have picked something up on a fly-by, but perhaps someone with the know how could take a look to see if either of these packs has been got at by some unpleasant person?
Posted: Tue Feb 23, 2010 7:30 pm
by Loxley
I've got both these downloaded and haven't encountered any problems.
For what it's worth I scanned them both with Norton 360 and have since run full system scans without anything untoward showing up.
I expect you probably picked up your virus problem somewhere else but it's always good to warn of possible security threats.
Posted: Tue Feb 23, 2010 7:57 pm
by another_commander
Commander Trigg: What antivirus do you run? Sometime ago, we had some false alarms from Avira, which was complaining that our distribution was infected because one of our plists (customsounds.plist I think) happened to contain the letters 'w','o','r','m' inside the word "wormhole"
Also, can you please specify which exact files did your antivirus indicate as threats?
Posted: Tue Feb 23, 2010 8:11 pm
by Commander Trigg
I'm afraid I was a little hasty in getting rid of the threat - I just saw Trojan Horse and clicked the remove button before thinking I maybe should have looked into it further.
I'm running a symantec corporate edition and looking through the threat history, it's saying the virus had located itself in system32/drivers. I can't see any information about the possible source however.
Posted: Thu Mar 04, 2010 7:43 pm
by Commander Trigg
If anyone is interested, I've now discovered that my original virus infection somehow tricked my anti-virus into overlooking certain files and not installing update files.
I've fixed that issue and have been running a full deep scan for the past 680 minutes...and counting - I wonder if this is some sort of record?
It looks like the main virus file embedded itself in windows/system32 under the filename wcoredn.exe although there's still no clue as to the original source.
I don't think I've sent anyone any files that might have spread the infection, but better safe than sorry!
Posted: Fri Mar 05, 2010 7:41 am
by Diziet Sma
I do find it most unusual/strange that wcoredn.exe has reportedly been in the wild for 2 weeks now, and there is no discussion (or even mention) of it anywhere except at the website of ONE particular anti-virus product...
Some might say that was suspicious, even...