Re: [PEN-TEST] Suspect .EXE Trojan

["Jensen, Greg" <Greg_Jensen () NAI COM>]

yes. go to www.mcafeeb2b.com and go to the AVERT page. This is the
Anti-Virus Emergency Response Team.  There are tools there that allow you to
do some work on your own, and you can provide these files to AVERT for
analysis.

-----Original Message-----
From: Bob Dog
To: PEN-TEST () SECURITYFOCUS COM
Sent: 12/15/00 2:28 PM
Subject: Re: [PEN-TEST] Suspect .EXE Trojan

I would like to respond to this with my own question.
Is there an orginization that I could send a suspected
file to that could tell me whether or not it was
malicious? Will AV vendors give you such information?


--- "Ruso, Anthony" <aruso () POSITRON QC CA>
> wrote:
> Hi,
>
> I have a suspect executable that I think may be a Trojan. A search on
the
> .exe doesn't return any result with any virus vendor. Are there any
tools
> that would allow me to execute the file in isolation and actually see
what's
> going on. The file was already executed on two workstations and it
killed
> Outlook in both cases. I know I can use tripwire and similar products
to see
> what files it makes changes to but I don't want to risk killing outlook
> again.
>
> Thanks
>
> Anthony Ruso

_____________________________________________________________
Visit these sites today
Blink 182 Fan Site - www.blink182.co.nz
NZ Skateboarding - www.nzskate.com