PDA

View Full Version : New airport scanners. *DELETED*



Chopstick
01-09-2005, 08:43 AM
Post deleted by Chopstick

SnakebyteXX
01-09-2005, 10:28 AM
Chopstick, I got a virus warning almost immediately after I accessed the link you provided. I'm not at all certain that it came from the link or not. Just thought I'd give everyone a head's up just in case.

File name: rj4Vdh.exe
Virus name: Hacktool.Flooder

I left the web site open and I was alerted twice. The second time the virus was called: VQOj0.exe - also a Hack.tool virus.

Chopstick
01-09-2005, 11:05 AM
Better to be safe. Odd that my scanners didn't report it. May be something in my setup keeping it out. I'm trying to scan it now.

SnakebyteXX
01-09-2005, 11:15 AM
[ QUOTE ]
Odd that my scanners didn't report it. <hr /></blockquote>

It's possible that it came from somewhere else. However, I did leave the link active and the virus threat appeared three times total. The link is closed now and the virus attack has not repeated.

Here's a copy of my NAV report log if it helps:

Source: C:\DOCUME~1\LOCALS~1\Temp\VQOj0.exe
Source: C:\DOCUME~1\LOCALS~1\Temp\rj4Vrdh.exe
Source: C:\DOCUME~1\LOCALS~1\Temp\5YTcph.exe

Hacktool.Flooder

Hacktools are programs that are used by hackers for various purposes. Examples of such tools include:

Port scanners.
Network sniffers and spoofers.
Computer vulnerability scanners and exploiters. These can be used over networks or the Internet.
Password stealers, which save the stolen passwords locally (that is, they do not send them out).
Mail spammers that attack one victim by flooding the mailbox with mail.
News group flooders that flood Usenet newgroups with messages.

These programs are in themselves, nonviral and generally do not cause harm to the hacker who deploys them. However, deployment of these utilities is usually harmful to the victims of the attacks, and they are usually considered a threat by network administrators.

NOTE: As these are tools that are used to create threats, rather than threats themselves, they do not have their own spreading mechanism. If you find one of these tools on your computer or network, in most cases it is there because someone download it or copied it there.

Symantec Security Response suggests that if your Symantec antivirus product detects Hacktool.Flooder (or variations such as Hacktool.Spammer or Hacktool) that you just delete it. If you see a message that it cannot be deleted, it may be running in memory. In this case, restart the computer in Safe mode, run a full system scan, and delete the threat when it is detected. All Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document How to start the computer in Safe Mode.