[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] NAV (or any AV tool) and MSBlast
- To: full-disclosure@lists.netsys.com
- Subject: RE: [Full-Disclosure] NAV (or any AV tool) and MSBlast
- From: "L G" <safeer_00@msn.com>
- Date: Thu, 14 Aug 2003 09:16:48 -0500
I believe, at least in theory, unless the infected filename, or name of the
worm (msblast.exe)for that matter, is not changed, the file will stay in
quarantine, until removed and/or cleaned, thereby not enabling the same
filename to be run.
>From: L G [mailto:safeer_00@msn.com]
>Sent: Wednesday, August 13, 2003 1:55 PM
>To: full-disclosure@lists.netsys.com
>Subject: [Full-Disclosure] NAV (or any AV tool) and MSBlast
>
>
>Hi all,
>
>A quick query...
>
>If an XP machine has the most recent NAV definitions, and the machine is
>hit
>by the RPC worm (msblast or any variant for which AV signature exists)
>
>1. Will the file get quarantined?
>
>2. If the machine is already infected, given that av will catch it during a
>scan, after a reboot will msblast.exe continue to infect the computer or
>could it be assumed "safe" in the quarantine folder?
>
>3. In short, what protection does any AV provide other than the fact that
>the user is told that the machine is infected?
>
>Thanks.
>
>_________________________________________________________________
>MSN 8 with e-mail virus protection service: 2 months FREE*
>http://join.msn.com/?page=features/virus
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html