[THIN] Re: Rerit.b

  • From: "Doug Rooney" <doug@xxxxxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 8 Aug 2005 14:19:40 -0700

Directly form the McAfee site....
 
Trojan  <javascript:legendwindow('/vil/legend.htm#Charactieristics');>
Characteristics:        

AVERT is currently investigating possible incorrect identification of
this Rewrit.b.  If you are observing this detection and believe it to be
incorrect, you may install the following negative extra.dat file to
suppress the detection:

*       EXTRA.DAT -
http://download.nai.com/products/mcafee-avert/135339.zip 
*       SDAT (self-installing EXTRA.DAT) -
http://download.nai.com/products/mcafee-avert/sdat135339.zip 

Information  <http://vil.nai.com/vil/SystemHelpDocs/Extradat.htm> about
EXTRA.DAT files

I find it interesting that Mcafee says it may not be a correct find,
once again another vote for Symantec.

Sorry to the McAfee lovers, I am not in your ranks, too many issues just
like this one.

 
 

Thank You 

-Doug Rooney 
Sonoma TileMakers 
IT Systems Administrator 
7750 Bell Rd. 
Windsor Ca, 95492 
(707) 837-8177 X11
(707) 837-9472 FAX 
it@xxxxxxxxxxxxxxxxxxxx 

The information contained in this e-mail may be confidential and is
intended solely for the use of the named addressee.
Access, copying or re-use of the e-mail or any information contained
therein by any other person is not authorized.
If you are not the intended recipient please notify us immediately by
returning the e-mail to the originator.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Selinger, Stephen
Sent: Monday, August 08, 2005 2:13 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Rerit.b


Hi,
 
Ya.....that is what I am wondering too......

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Monday, August 08, 2005 3:12 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Rerit.b



What does it do?  What is the payload?  The link to the nai site states
nothing..

 

Joe

 


  _____  


From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Monday, August 08, 2005 1:02 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Rerit.b

 

WARNING! 

Watch for new virus, JUST out, "rerit.b". 

Boot sector virus. 

Got 6 servers so far, 3 of which are Citrix servers....yeah!

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 08-2005