Does my dad have a virus/worm/trojan?

"Jack the Bear" <jack RemoveThis @total.net> wrote in message news:<c5d5n3$bqe$1@news.eusc.inter.net>...
> "OzFree" <OzFree RemoveThis @despammed.com> wrote in message
> news:ab25526c.0404111656.2cd7dcdd@posting.google.com...
[Deleted]
> If I had a copy, I could give you my opinion.
> Feel free to mail anything my way.
> Put "ACV" in the subject somewhere to avoid my spam filters.
>
> Jack the Bear.

Hi Jack,

Thanks for your offer. I've just emailed my dad asking him to send me
a copy of that file, and also of "winproc32.exe" which he says is also
troubling him.

Will take you up on your very kind offer just as soon as he emails me
back.

THANKYOU!

Catherine
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

OzFree wrote:

> "Jack the Bear" <jack.DeleteThis@total.net> wrote in message news:<c5d5n3$bqe$1@news.eusc.inter.net>...
>
>>"OzFree" <OzFree.DeleteThis@despammed.com> wrote in message
>>news:ab25526c.0404111656.2cd7dcdd@posting.google.com...
>
> [Deleted]
>
>>If I had a copy, I could give you my opinion.
>>Feel free to mail anything my way.
>>Put "ACV" in the subject somewhere to avoid my spam filters.
>>
>>Jack the Bear.
>
>
> Hi Jack,
>
> Thanks for your offer. I've just emailed my dad asking him to send me
> a copy of that file, and also of "winproc32.exe" which he says is also
> troubling him.
>
> Will take you up on your very kind offer just as soon as he emails me
> back.
>
> THANKYOU!
>
> Catherine
Try instead to send it to an AV vendor. I don't know which one you're
using, but you coud submit to Sophos at support @ sophos.com if you
can't think of any others.

--
William

If it don't work, hit it.
If it still don't work, kick it.
If it works after that, than it doesn't matter if that helped, what's
important is it works.
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

"OzFree" <OzFree.RemoveThis@despammed.com> wrote in message
news:ab25526c.0404130107.3247b789@posting.google.com...

> Hi Jack,

[Don't say that too loudly on an airplane]

> Thanks for your offer. I've just emailed my dad asking him to send me
> a copy of that file, and also of "winproc32.exe" which he says is also
> troubling him.
>
> Will take you up on your very kind offer just as soon as he emails me
> back.
>
> THANKYOU!
>
> Catherine

I was wondering what had happened to you/it/him/etc,

Looking forward to it.

- Jack.
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

"Big Will"
<SPAMwSPAMiSPAMlSPAMlSPAMbSPAM4SPAMeSPAMvSPAAAAAMeSPAMMITTYrSPAAAAM@nIeDONTt
LIKEzSPAMero.net> wrote in message news:407bbbbf$1@darkstar...
> OzFree wrote:
>
> > "Jack the Bear" <jack.TakeThisOut@total.net> wrote in message
news:<c5d5n3$bqe$1@news.eusc.inter.net>...
> >
> >>"OzFree" <OzFree.TakeThisOut@despammed.com> wrote in message
> >>news:ab25526c.0404111656.2cd7dcdd@posting.google.com...
> >
> > [Deleted]
> >
> >>If I had a copy, I could give you my opinion.
> >>Feel free to mail anything my way.
> >>Put "ACV" in the subject somewhere to avoid my spam filters.
> >>
> >>Jack the Bear.
> >
> >
> > Hi Jack,
> >
> > Thanks for your offer. I've just emailed my dad asking him to send me
> > a copy of that file, and also of "winproc32.exe" which he says is also
> > troubling him.
> >
> > Will take you up on your very kind offer just as soon as he emails me
> > back.
> >
> > THANKYOU!
> >
> > Catherine
> Try instead to send it to an AV vendor. I don't know which one you're
> using, but you coud submit to Sophos at support @ sophos.com if you
> can't think of any others.
>
> --
> William
>

I often do that with these, when I can't spot giveaways in the file. I find
it to be quicker, and more useful to look at them myself first, as I'll
often see regkeys and other filenames in the text segment(s) that provide
useful clues as to problems to fix. AV vendors often will eventually tell
you that the file IS malware, and that next week's Defs will detect it, but
often it could take months, if ever, for their encyclopedias to include the
new malware.

- Jack.
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

"Jack the Bear" wrote...
> "Big Will" wrote...

>> Try instead to send it to an AV vendor. I don't know which one you're
>> using, but you coud submit to Sophos at support @ sophos.com if you
>> can't think of any others.

> I often do that with these, when I can't spot giveaways in the file. I find
> it to be quicker, and more useful to look at them myself first, as I'll
> often see regkeys and other filenames in the text segment(s) that provide
> useful clues as to problems to fix. AV vendors often will eventually tell
> you that the file IS malware, and that next week's Defs will detect it, but
> often it could take months, if ever, for their encyclopedias to include the
> new malware.

I have not had that experience with Sophos. They always send me an
IDE file in response to the samples I supply. I send samples in the
evening, and receive a reply the next day. If there are problems, I
can correspond with the technician who's dealing with my report.
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

"Ant" <not.TakeThisOut@home.today> wrote in message
news:c5i52q$v8d$1@newsg4.svr.pol.co.uk...
> "Jack the Bear" wrote...
> > "Big Will" wrote...
>
> >> Try instead to send it to an AV vendor. I don't know which one you're
> >> using, but you coud submit to Sophos at support @ sophos.com if you
> >> can't think of any others.
>
> > I often do that with these, when I can't spot giveaways in the file. I
find
> > it to be quicker, and more useful to look at them myself first, as I'll
> > often see regkeys and other filenames in the text segment(s) that
provide
> > useful clues as to problems to fix. AV vendors often will eventually
tell
> > you that the file IS malware, and that next week's Defs will detect it,
but
> > often it could take months, if ever, for their encyclopedias to include
the
> > new malware.
>
> I have not had that experience with Sophos. They always send me an
> IDE file in response to the samples I supply. I send samples in the
> evening, and receive a reply the next day. If there are problems, I
> can correspond with the technician who's dealing with my report.
>

Sounds good. Are you a [paying] customer, or does that work "off the street"
too?

My AV will usually respond in a few hours with either/both "Looks
Suspicious" or a list of other vendors Aliases, if known. Very often this
does not translate directly to a cure, nor to the registry key shenanigans
which can often be read directly from the file.

- Jack.
 >> Stay informed about: Does my dad have a virus/worm/trojan? 

"Jack the Bear" wrote...
> "Ant" wrote...

>> I have not had that experience with Sophos. They always send me an
>> IDE file in response to the samples I supply. I send samples in the
>> evening, and receive a reply the next day. If there are problems, I
>> can correspond with the technician who's dealing with my report.
>
> Sounds good. Are you a [paying] customer, or does that work "off the
> street" too?

Indirectly I'm a customer, but they don't know that. Sophos target
their products at corporate use. The licence allows employees to use
the AV on home PCs - which I do. In other words, as long as I keep my
current job, I get to use it for free.

They don't have a free version of it, but an evaluation version is
available.

> My AV will usually respond in a few hours with either/both "Looks
> Suspicious" or a list of other vendors Aliases, if known. Very often
> this does not translate directly to a cure, nor to the registry key
> shenanigans which can often be read directly from the file.

So far Sophos has always always identified my samples, which usually
turn out to be new variants of existing trojans. They give me details
of what the malware does, and what registry keys are involved.
 >> Stay informed about: Does my dad have a virus/worm/trojan?