I'm surprised that no one has mentioned rkhunter yet - loads of lib exploits allow system access, and there's a pretty solid argument that says that compromising a user account on the average *nix system allows enough resourses to do a lot of malicious activity without even needing privilege escalation. On Oct 30, 2011 1:06 p.m., "Mick" <michaelkintz...@gmail.com> wrote:
> On Saturday 29 Oct 2011 19:40:49 Mick wrote: > > On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote: > > > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintz...@gmail.com> wrote: > > > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO. > > > > > > If pagefile.sys is detected as a malware, most likely the actual > malware > > > was once loaded into (Windows XP's) memory got swapped, and avast! > picked > > > up its remnant. Loaded into memory doesn't mean that the malware was > > > active, if the Windows XP was equipped with a good antivirus. > > > > Interesting! The WinXP has Microsoft Security Essentials on it. I'll > ask > > my wife if it picked up anything lately. > > She can't recall any MSE reports of malware. I did check the WinXP fs for > all > the files and registry entries that this trojan is meant to create and none > were present. Then I've zero'ed the pagefile and a second scan did not > flag > anything up. > > I also checked for a reported trojan in a Windows 7 vdi file (in > virtualbox). > Nothing found there either. I am tempted to think that avast! is rather > super-sensitive. However, avast! also picked up some php files from a > backed > up website - so this may be a worthwhile find. > > Anyway, I can't make it integrate with kmail which was the original user > requirement. Tried this script but the kmail Antivirus Wizard will not > pick > it up: > > http://forum.avast.com/index.php?topic=17898.0 > > So I am now heading for clamav to see how that works with a Linux desktop. > > -- > Regards, > Mick >