On 2 Mar 99, at 12:29, Bobby Herring wrote:
> I received the following messages last night on my pc:
>
> Infection warning:
> Infected object c:\WIN95\SYSTEM\QC13KF32.DLL.
> (A) Netbus.trojan.54272
> Cannot verify this virus.
> File check completed.
> 5012 files and boot records were checked for viruses.
> c:\WIN95\SYSTEM\QC13KF32.DLL was erased.
> Any one know what this file is for?
No, but I'm not enthusiastic about software that erases a file (!) when
it "Cannot verify this virus." Sounds like a recipe for trouble to me.
> What about the Netbus.trojan.54272?
NetBus now bills itself as "a network-based remote administration
tool for Windows" that happens to have a "stealth" mode. Historically,
though, it was designed to be stealthy so that it could be installed
without legitimate users knowing it; it allows a remote user to "take
over" the machine and do anything, from renaming/moving/deleting files
to watching every keystroke as it is entered. If you've never heard of
it, you don't want it; if you've been seeing strange things happen when
you're online, this could be why/how.
David G
Curious about the people moderating your
messages? Visit our staff web site:
http://nospin.com/pc/staff.html
|