Re: wintbp.exeAug 17 2005 01:51AM William O'Malley (wo andrew cmu edu)
Re: wintbp.exeAug 16 2005 11:43PM Jeff Pricher (JeffPricher yahoo com)
Re: wintbp.exeAug 16 2005 11:05PM Ero Carrera (ero carrera gmail com)
Re: wintbp.exeAug 16 2005 11:00PM Nick FitzGerald (nick virus-l demon co uk)
Schlegel, Justin wrote:
> My company has recently been hit with some variety of virus that is
> rebooting our machines. As far as I can tell the process causing the
> problem is wintbp.exe. I have searched in google and all the major AV
> vendors for this file with no luck. Does anyone have any information on
> this process as I do not know what virus I am up against?
Filenames _ALONE_ are next to entirely useless as diagnostic cues for
such things. Sadly "causes the machine to reboot" is not particularly
individualistic either...
Please send a sample to your preferred AV vendor(s) (and perhaps CC a
few of their competitors you trust to hurry them along). Should they
happen to be on the following list, then I've saved you the trouble of
looking up a suitable address.
Authentium (Command Antivirus) <virus (at) authentium (dot) com [email concealed]>
Computer Associates (US) <virus (at) ca (dot) com [email concealed]>
Computer Associates (Vet/EZ) <ipevirus (at) vet.com (dot) au [email concealed]>
DialogueScience (Dr. Web) <Antivir (at) dials (dot) ru [email concealed]>
Eset (NOD32) <sample (at) nod32 (dot) com [email concealed]>
F-Secure Corp. <vsamples (at) f-secure (dot) com [email concealed]>
Frisk Software (F-PROT) <viruslab (at) f-prot (dot) com [email concealed]>
Grisoft (AVG) <virus (at) grisoft (dot) cz [email concealed]>
H+BEDV (AntiVir, Vexira engine) <virus (at) antivir (dot) de [email concealed]>
Kaspersky Labs <newvirus (at) kaspersky (dot) com [email concealed]>
Network Associates (McAfee) <virus_research (at) nai (dot) com [email concealed]>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis (at) norman (dot) no [email concealed]>
Panda Software <labs (at) pandasoftware (dot) com [email concealed]>
Sophos Plc. <samples (at) sophos (dot) com [email concealed]>
Symantec (Norton) <avsubmit (at) symantec (dot) com [email concealed]>
Trend Micro (PC-cillin) <virus_doctor (at) trendmicro (dot) com [email concealed]>
(Trend may only accept files from users of its products)
In general, you may find the advice under the McAfee entry best
followed for any of the others as well.
> My company has recently been hit with some variety of virus that is
> rebooting our machines. As far as I can tell the process causing the
> problem is wintbp.exe. I have searched in google and all the major AV
> vendors for this file with no luck. Does anyone have any information on
> this process as I do not know what virus I am up against?
Filenames _ALONE_ are next to entirely useless as diagnostic cues for
such things. Sadly "causes the machine to reboot" is not particularly
individualistic either...
Please send a sample to your preferred AV vendor(s) (and perhaps CC a
few of their competitors you trust to hurry them along). Should they
happen to be on the following list, then I've saved you the trouble of
looking up a suitable address.
Authentium (Command Antivirus) <virus (at) authentium (dot) com [email concealed]>
Computer Associates (US) <virus (at) ca (dot) com [email concealed]>
Computer Associates (Vet/EZ) <ipevirus (at) vet.com (dot) au [email concealed]>
DialogueScience (Dr. Web) <Antivir (at) dials (dot) ru [email concealed]>
Eset (NOD32) <sample (at) nod32 (dot) com [email concealed]>
F-Secure Corp. <vsamples (at) f-secure (dot) com [email concealed]>
Frisk Software (F-PROT) <viruslab (at) f-prot (dot) com [email concealed]>
Grisoft (AVG) <virus (at) grisoft (dot) cz [email concealed]>
H+BEDV (AntiVir, Vexira engine) <virus (at) antivir (dot) de [email concealed]>
Kaspersky Labs <newvirus (at) kaspersky (dot) com [email concealed]>
Network Associates (McAfee) <virus_research (at) nai (dot) com [email concealed]>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis (at) norman (dot) no [email concealed]>
Panda Software <labs (at) pandasoftware (dot) com [email concealed]>
Sophos Plc. <samples (at) sophos (dot) com [email concealed]>
Symantec (Norton) <avsubmit (at) symantec (dot) com [email concealed]>
Trend Micro (PC-cillin) <virus_doctor (at) trendmicro (dot) com [email concealed]>
(Trend may only accept files from users of its products)
In general, you may find the advice under the McAfee entry best
followed for any of the others as well.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
[ reply ]