Oolite Bulletins

Since downloading the latest versions of the Behemoth and Galactic Navy oxps, my anti-virus has detected a couple of threats appearing on my system.

It may be pure coincidence of course, as I was doing several other things at the same time and might have picked something up on a fly-by, but perhaps someone with the know how could take a look to see if either of these packs has been got at by some unpleasant person?

I've got both these downloaded and haven't encountered any problems.
For what it's worth I scanned them both with Norton 360 and have since run full system scans without anything untoward showing up.

I expect you probably picked up your virus problem somewhere else but it's always good to warn of possible security threats.

Commander Trigg: What antivirus do you run? Sometime ago, we had some false alarms from Avira, which was complaining that our distribution was infected because one of our plists (customsounds.plist I think) happened to contain the letters 'w','o','r','m' inside the word "wormhole"

Also, can you please specify which exact files did your antivirus indicate as threats?

I'm afraid I was a little hasty in getting rid of the threat - I just saw Trojan Horse and clicked the remove button before thinking I maybe should have looked into it further.

I'm running a symantec corporate edition and looking through the threat history, it's saying the virus had located itself in system32/drivers. I can't see any information about the possible source however.

If anyone is interested, I've now discovered that my original virus infection somehow tricked my anti-virus into overlooking certain files and not installing update files.

I've fixed that issue and have been running a full deep scan for the past 680 minutes...and counting - I wonder if this is some sort of record?

It looks like the main virus file embedded itself in windows/system32 under the filename wcoredn.exe although there's still no clue as to the original source.

I don't think I've sent anyone any files that might have spread the infection, but better safe than sorry!

I do find it most unusual/strange that wcoredn.exe has reportedly been in the wild for 2 weeks now, and there is no discussion (or even mention) of it anywhere except at the website of ONE particular anti-virus product...

Some might say that was suspicious, even...