Ethereal: [Ethereal-users] Recent virus warnings

Ethereal-users: June 2002

Subject: [Ethereal-users] Recent virus warnings
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sat, 8 Jun 2002 00:18:46 -0500 (CDT)

Several people have reported that Sophos Anti-Virus with the latest IDEs
(July 2002, v 3.59) reports that the Ethereal installer for Windows
contains the Momma-B trojan.

According to the information at
http://www.sophos.com/virusinfo/analyses/trojmommab.html, Momma-B creates
a directory named "\INF\internet\" in the Windows folder, as well as the
registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\InternetExplorer.  I
checked the machine that the 0.9.4 installer was built on, and neither of
these are present.  I've also run a full scan on the machine using NAV
2002 with the latest (6/6/2002) virus definitions loaded.  It didn't find
anything.  The original installer file on the build machine and on
www.ethereal.com both have the same MD5 sum, so it doesn't look like it
was tampered with after it was uploaded.

Has the 0.9.4 installer triggered any virus scanners besides Sophos?  Is
it possible that Sophos is generating false positives?

Prev by Date: [Ethereal-users] poss infection
Next by Date: [Ethereal-users] IP Fragment Reassembly
Previous by thread: Re: [Ethereal-users] poss infection
Next by thread: [Ethereal-users] IP Fragment Reassembly
Index(es):
- Date
- Thread