Focus on Virus
explorer.exe infected virus Oct 13 2006 01:15PM
boonting (boontinglim gmail com) (6 replies)
RE: explorer.exe infected virus Oct 14 2006 07:19PM
Travis Potter (Travis secureintegrations com)
Re: explorer.exe infected virus Oct 14 2006 02:00AM
boonting (boontinglim gmail com)
Re: explorer.exe infected virus Oct 13 2006 08:57PM
Hector Munoz (hectormz gmail com)
Re: explorer.exe infected virus Oct 13 2006 05:44PM
gmx (pal_adam gmx net) (1 replies)
RE: explorer.exe infected virus Oct 14 2006 10:06AM
Jacques (jacques prevx com)
Hi,

Give Prevx a Go, http://www.prevx.com

Regards,

Jacques

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of gmx
Sent: 13 October 2006 18:45
To: boonting
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: explorer.exe infected virus

Hello boonting,

Afaik. explorer.exe is not only a file, is a core-process for
windows200/xp and maybe others too, but it can be read easily.
Some antivirus go mad even if some program (like desktop-modification
software) change some value, those are false-positives.
To read explorer.exe try to open it with resHacker (search it on the
web, or email me for a copy) and see what could be wrong, if you find
some entry you dont like (like reference to some hozt.exe or hozt.dll)
so you can delete it, save as a copy, switch to safe mode and replace
the original with the (cleaned) copy, since you cannot change it in
normal mode.
Alternatively you could unpack it from the CD and replace it, but i
dont remmeber the exact syntax for unpack certain packets from the
cd-cab files, maybe someone else here will.

--
Best regards,
Adam Pal

Friday, October 13, 2006, 3:15:11 PM, you wrote:

<==============Original message text===============

b> Hello, help

b> System file explorer.exe infected virus. Any Solution ? What should i do
?
b> Format machine ?

b> Report from Bit-Defender
b> -----------------------------------
b> Virus: Name: Backdoor.Agobot.AGH,
b> File: c:\windows\system32\explorer.exe, Object:
b> c:\windows\system32\explorer.exe, Status: Infected, Action: Failed to
b> delete!, Server: ifcaweb

b> Your help is appreciated.

<===========End of original message text===========

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]
Re: explorer.exe infected virus Oct 13 2006 04:46PM
Jacob Weeks (jaweeks gmail com)
Re: explorer.exe infected virus Oct 13 2006 03:53PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)


 

Privacy Statement
Copyright 2010, SecurityFocus