On Wednesday 05 February 2014, Gene Heskett wrote: >Greetings; > >I recently brought a daily system scan by clamscan back to life, and its >emailing me this: > >/home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND >/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt: >MBL_400944.UNOFFICIAL FOUND > >Repeat for several other kernel trees. >FP or ?? > >Cheers, Gene
Someone thought its an FP, so I took this to the clamav list and got some links, it is a highest threat Password revealer first seen by <http://www.threatexpert.com/reports.aspx?find=PSWTool.Win32.PassViewer.av&x=11&y=9> on 12/07/2011. Over on <http://www.malwarepatrol.net/cgi/search.pl?id=400944> You will see more history. So that file needs sanitized. I was under the impression that a file with the .txt extension was supposed to be pure ascii text, but its loaded to the gills with some sort of markup crap. And I have at least 20 copies of it. Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> NOTICE: Will pay 100 USD for an HP-4815A defective but complete probe assembly. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/