From: Anna Clark on 4 Mar 2007 21:06 Specifically, what is the name of the file that Trend says contains the trojan? I reported a IE7 look alike as being fake and a trojan/virus laden file months ago. "This week we have discovered a virus lurking in a fake installation point for IE7. User said he wanted to install IE7, googled for it, got "some hits", downloaded and executed what he thought was IE7 setup. The file turns out to be called IE7-Setup.exe, and our tests show it to be a virus laden file, with, in our examples, psw.generic.qxk, psw.goldun.dz, and psw.generic2.qus viruses as the payload. Trend says that most of the psw.X virusi are keyloggers or password reporting Trojans." Regards: Anna Clark "Frank McCallister SBS MVP" <anonymous> wrote in message news:4B746268-702A-4A2D-9515-BFB7F22316C1(a)microsoft.com... > Hi Gary > > What pattern file? Not seeing this on any of my servers. Not seeing Devcon > issue Paul saw either. > > -- > Frank McCallister SBS MVP > MCP Microsoft Small Business Specialist > COMPUMAC > > "Gary Karasik" <gkarasik(a)fea.net> wrote in message > news:u8Le9srXHHA.3984(a)TK2MSFTNGP02.phx.gbl... > > Hi, > > > > As of 3:00 today, Trend CSM 3.5 is identying the IE7 executable as a > > trojan (Troj_gen). I ran into this while trying to do some IE6-IE7 > > updates. While "IE7 *IS* a trojan" jokes are always appropriate, it will > > be difficult to do these upgrades until Trend fixes this. > > > > -- > > > > GaryK > > > > > >
From: PhilScott-SBSAdmin on 4 Mar 2007 22:06 Just to let you know.... that link you have posted (http://support.microsoft.com/kb/822158/en-us) does not say to exclude the c:\windows\softwaredistribution\download folder which is where the file is located on my machines that has come up as TROJ generic. "Les Connor [SBS MVP]" wrote: > http://support.microsoft.com/kb/822158/en-us > > Note the references to not scan the Windows Update or Automatic Update > related files and stores. > > Not sure if that will help in your case, but I have these exclusions and > don't see your issue. > > -- > Les Connor [SBS MVP] > > > "Gary Karasik" <gkarasik(a)fea.net> wrote in message > news:u8Le9srXHHA.3984(a)TK2MSFTNGP02.phx.gbl... > > Hi, > > > > As of 3:00 today, Trend CSM 3.5 is identying the IE7 executable as a > > trojan (Troj_gen). I ran into this while trying to do some IE6-IE7 > > updates. While "IE7 *IS* a trojan" jokes are always appropriate, it will > > be difficult to do these upgrades until Trend fixes this. > > > > -- > > > > GaryK > > > > > > >
From: Gary Karasik on 5 Mar 2007 00:19 4.311.50 -- GaryK "Frank McCallister SBS MVP" <anonymous> wrote in message news:4B746268-702A-4A2D-9515-BFB7F22316C1(a)microsoft.com... > Hi Gary > > What pattern file? Not seeing this on any of my servers. Not seeing Devcon > issue Paul saw either. > > -- > Frank McCallister SBS MVP > MCP Microsoft Small Business Specialist > COMPUMAC > > "Gary Karasik" <gkarasik(a)fea.net> wrote in message > news:u8Le9srXHHA.3984(a)TK2MSFTNGP02.phx.gbl... >> Hi, >> >> As of 3:00 today, Trend CSM 3.5 is identying the IE7 executable as a >> trojan (Troj_gen). I ran into this while trying to do some IE6-IE7 >> updates. While "IE7 *IS* a trojan" jokes are always appropriate, it will >> be difficult to do these upgrades until Trend fixes this. >> >> -- >> >> GaryK >> >> >>
From: Gary Karasik on 5 Mar 2007 00:35 http://www.microsoft.com/windows/products/winfamily/ie/default.mspx is the URL. "IE7-WindowsXP-x86-enu.exe" is the filename. It also deletes the file from fthe Microsoft Update download file "c:\windows\softwaredistribution\download folder" when you try to update that way. You made me nervous, so I just tried to download the file directly from the MS download center to my home machine, and PC-Cillin, using the same pattern file, is refusing to accept it. -- GaryK "Anna Clark" <anna.clark(remove this)@verizon.net> wrote in message news:%2301YMrsXHHA.4308(a)TK2MSFTNGP05.phx.gbl... > Specifically, what is the name of the file that Trend says contains the > trojan? > > I reported a IE7 look alike as being fake and a trojan/virus laden file > months ago. > > "This week we have discovered a virus lurking in a fake installation point > for IE7. User said he wanted to install IE7, googled for it, got "some > hits", downloaded and executed what he thought was IE7 setup. > > The file turns out to be called IE7-Setup.exe, and our tests show it to be > a > virus laden file, with, in our examples, psw.generic.qxk, psw.goldun.dz, > and > psw.generic2.qus viruses as the payload. Trend says that most of the > psw.X > virusi are keyloggers or password reporting Trojans." > > Regards: > > Anna Clark > > > "Frank McCallister SBS MVP" <anonymous> wrote in message > news:4B746268-702A-4A2D-9515-BFB7F22316C1(a)microsoft.com... >> Hi Gary >> >> What pattern file? Not seeing this on any of my servers. Not seeing >> Devcon >> issue Paul saw either. >> >> -- >> Frank McCallister SBS MVP >> MCP Microsoft Small Business Specialist >> COMPUMAC >> >> "Gary Karasik" <gkarasik(a)fea.net> wrote in message >> news:u8Le9srXHHA.3984(a)TK2MSFTNGP02.phx.gbl... >> > Hi, >> > >> > As of 3:00 today, Trend CSM 3.5 is identying the IE7 executable as a >> > trojan (Troj_gen). I ran into this while trying to do some IE6-IE7 >> > updates. While "IE7 *IS* a trojan" jokes are always appropriate, it >> > will >> > be difficult to do these upgrades until Trend fixes this. >> > >> > -- >> > >> > GaryK >> > >> > >> > > >
From: Paul Shapiro on 5 Mar 2007 07:06 Those folders are excluded from scanning. The deleted file was a file I had manually downloaded from Microsoft's web site and saved in a Downloads folder. Similar occurrence during last night's backup. This time it was a WSUS file download, but the WSUS folder is excluded. The blocked file was in the temporary Volume Shadow Copy that ntbackup makes when it runs: \Device\HarddiskVolumeShadowCopy153\WSUS\WsusConte nt\A0\ . Does anyone know how to exclude the temporary shadow copies from scanning? Paul Shapiro "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message news:BBFC0AF9-8B34-41DF-ACB3-DB0438A70E2F(a)microsoft.com... > http://support.microsoft.com/kb/822158/en-us > > Note the references to not scan the Windows Update or Automatic Update > related files and stores. > > Not sure if that will help in your case, but I have these exclusions and > don't see your issue. > > -- > Les Connor [SBS MVP] > > > "Gary Karasik" <gkarasik(a)fea.net> wrote in message > news:u8Le9srXHHA.3984(a)TK2MSFTNGP02.phx.gbl... >> Hi, >> >> As of 3:00 today, Trend CSM 3.5 is identying the IE7 executable as a >> trojan (Troj_gen). I ran into this while trying to do some IE6-IE7 >> updates. While "IE7 *IS* a trojan" jokes are always appropriate, it will >> be difficult to do these upgrades until Trend fixes this.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: DCOM Error SBS2k3 Next: How to turn off windows firewall in the GPO |