Sign In
Create Account
1
I found these files in the windows and system32 folders on a machine infected with rogue av. I don't believe they're malicious by themselves, but it'd be nice if they could get removed as trace files.
https://bearspace.baylor.edu/Adam_Brock/mal...91117-trace.zip
The password is "infected".
\\ACB
-
This topic is locked
#1
Posted 17 November 2009 - 08:49 PM
-
- Honorary Members
-
- 174 posts
Advanced Member
- Gender:Male
- Location:Waco, TX, USA
Back to top
#2
Posted 17 November 2009 - 09:05 PM
-
- Moderators
-
- 16,155 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Hi Adam,
They are randomly created fallout files for the WiniClone family to make fake detections against.
You are correct that they are not malicious as they are non MZ and full of random garbage.
Because of the randomness of both the filenames and file contents i would have to create 701 signatures per each infection from this rogue family(they are averaging 3-4 new builds a week currently
)
So i guess you can see why we have'nt been removing thus far as would require much work and utilize valuable DB space for deleting non malicious files.
They are randomly created fallout files for the WiniClone family to make fake detections against.
You are correct that they are not malicious as they are non MZ and full of random garbage.
Because of the randomness of both the filenames and file contents i would have to create 701 signatures per each infection from this rogue family(they are averaging 3-4 new builds a week currently
)So i guess you can see why we have'nt been removing thus far as would require much work and utilize valuable DB space for deleting non malicious files.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
