hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Beginners Section
aiboforcen
Sep 24 2004, 04:44 PM
Exploit.Win32.MS04-028.gen
Some pictures on my friends computer has this virus in them !
Its very strange because he has taken the pictures with his own digitalcamera..so its nothing he downloaded from the net.
My theori is that he is infected by another virus that spread itself to jpg files.
But we cant finde the source mad.gif
we have scanned the whole system with kaspersky.

What do you guys think aboute this?
aapje
Sep 24 2004, 05:29 PM
update your KAV because it should find it if you are infected

from some other

File: BSI-JPG-TEST.jpg
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected:
None

AntiVir No viruses found (1.47 seconds taken)
Avast No viruses found (4.82 seconds taken)
BitDefender No viruses found (2.72 seconds taken)
ClamAV No viruses found (7.48 seconds taken)
Dr.Web Exploit.MS04-028 (4.83 seconds taken)
F-Prot Antivirus No viruses found (0.43 seconds taken)
F-Secure Anti-Virus Exploit.Win32.MS04-028.gen (5.25 seconds taken)
Kaspersky Anti-Virus Exploit.Win32.MS04-028.gen (4.20 seconds taken)
mks_vir No viruses found (1.97 seconds taken)
NOD32 No viruses found (2.17 seconds taken)
Norman Virus Control No viruses found (0.82 seconds taken)
TK_man
Sep 24 2004, 06:25 PM
I bet the AV guys hueristics are keying on \xFF \xE1\xE2\xED\xFE\x00 \x00\x01. recent snort sigs that we deployed are giving us False Positives for images generated by Kodak Cameras or Adobe products. Probably a whole slew more as well. So much for your AV protection, huh?
chris105
Sep 24 2004, 10:15 PM
Its a fine line to tread between banning too many files and giving people a backdoor around there protection. Before anyone starts saying typical and the like just think about that for a second.

Heres a challenge, how would YOU stop it ?
tareq
Sep 25 2004, 12:50 AM
-Download the critical update for Windows XP (September 2004) - Buffer Overrun in JPEG
ddl file


-Update ur AV dat file
Digital_Spirit
Sep 25 2004, 01:20 AM


Appearantly, someone has not be reading the forums lol. tongue.gif
guinn3ss
Sep 25 2004, 05:35 AM
Just to know if something happen
Download the tools to view the process and there exe path,
this tools have a lot of features ..
get the startup list ( start => execute => msconfig ) or try regcleaner (freeware) to have an "advanced startup list" and clean your register (optional)
check your service list y por fin, yu should archive and delete ^^ the *#!@¿ô exe if yu found one.
And reboot, voilà
HERE For the Tools
PM me the list if yu want ...
sorry for my bad english rolleyes.gif rolleyes.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.