1 |
I'm surprised that no one has mentioned rkhunter yet - loads of lib |
2 |
exploits allow system access, and there's a pretty solid argument that says |
3 |
that compromising a user account on the average *nix system allows enough |
4 |
resourses to do a lot of malicious activity without even needing privilege |
5 |
escalation. |
6 |
On Oct 30, 2011 1:06 p.m., "Mick" <michaelkintzios@×××××.com> wrote: |
7 |
|
8 |
> On Saturday 29 Oct 2011 19:40:49 Mick wrote: |
9 |
> > On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote: |
10 |
> > > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@×××××.com> wrote: |
11 |
> > > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO. |
12 |
> > > |
13 |
> > > If pagefile.sys is detected as a malware, most likely the actual |
14 |
> malware |
15 |
> > > was once loaded into (Windows XP's) memory got swapped, and avast! |
16 |
> picked |
17 |
> > > up its remnant. Loaded into memory doesn't mean that the malware was |
18 |
> > > active, if the Windows XP was equipped with a good antivirus. |
19 |
> > |
20 |
> > Interesting! The WinXP has Microsoft Security Essentials on it. I'll |
21 |
> ask |
22 |
> > my wife if it picked up anything lately. |
23 |
> |
24 |
> She can't recall any MSE reports of malware. I did check the WinXP fs for |
25 |
> all |
26 |
> the files and registry entries that this trojan is meant to create and none |
27 |
> were present. Then I've zero'ed the pagefile and a second scan did not |
28 |
> flag |
29 |
> anything up. |
30 |
> |
31 |
> I also checked for a reported trojan in a Windows 7 vdi file (in |
32 |
> virtualbox). |
33 |
> Nothing found there either. I am tempted to think that avast! is rather |
34 |
> super-sensitive. However, avast! also picked up some php files from a |
35 |
> backed |
36 |
> up website - so this may be a worthwhile find. |
37 |
> |
38 |
> Anyway, I can't make it integrate with kmail which was the original user |
39 |
> requirement. Tried this script but the kmail Antivirus Wizard will not |
40 |
> pick |
41 |
> it up: |
42 |
> |
43 |
> http://forum.avast.com/index.php?topic=17898.0 |
44 |
> |
45 |
> So I am now heading for clamav to see how that works with a Linux desktop. |
46 |
> |
47 |
> -- |
48 |
> Regards, |
49 |
> Mick |
50 |
> |