>>>> Heads up <<<<

I just got a warning from Norton that "PamelaSetup-Basic.exe" has a virus 
in it.  The name is "VirusBurst"

Luckily, I did not install this software and Norton's quarantined it so I 
could delte it, which I have done.

Symantec has not completed analysis of this particular piece of garbage but 
it did catch the sig.

If you have installed Pamela, you may be in trouble.
-2
Duffy
3/26/2007 7:52:01 PM
grc.spyware 3226 articles. 0 followers. Follow

4 Replies
1828 Views

Similar Articles

[PageSpeed] 48
Get it on Google Play
Get it on Apple App Store

Duffy wrote:
> I just got a warning from Norton that "PamelaSetup-Basic.exe" has a virus 
> in it.  The name is "VirusBurst"
> 
> Luckily, I did not install this software and Norton's quarantined it so I 
> could delte it, which I have done.
> 
> Symantec has not completed analysis of this particular piece of garbage but 
> it did catch the sig.
> 
> If you have installed Pamela, you may be in trouble.

And where pray tell did you get this file? It seems like something
circulating around the P2P, warez crowd with a reference to a certain
American TV star.

  http://www.viruslist.com/en/find?search_mode=full&words=pamela&x=0&y=0

Ron :)
-2
Ron
3/27/2007 2:05:46 AM
On Mon, 26 Mar 2007 in grc.spyware, Duffy wrote
>I just got a warning from Norton that "PamelaSetup-Basic.exe" has a virus
>in it.  The name is "VirusBurst"

Could be a false positive, assuming that it's the Skype program I found 
using Google.

>Luckily, I did not install this software and Norton's quarantined it so I
>could delte it, which I have done.

Since you deleted it, you can't upload it here for more testing.
http://www.virustotal.com/en/indexf.html

>Symantec has not completed analysis of this particular piece of garbage but
>it did catch the sig.
>
>If you have installed Pamela, you may be in trouble.

Let us know what Symantec says.
-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
3/27/2007 2:06:20 AM
Kevin A. wrote:

> On Mon, 26 Mar 2007 in grc.spyware, Duffy wrote
> 
>>I just got a warning from Norton that "PamelaSetup-Basic.exe" has a virus
>>in it.  The name is "VirusBurst"
> 
> Could be a false positive, assuming that it's the Skype program I found 
> using Google.

This led me to believe that it might not be legitimate, Kevin.

  http://preview.tinyurl.com/27xsuy

If you got the file from a source authorized by a legitimate software
developer, Duffy, post the link.

Ron :)
0
Ron
3/27/2007 3:07:24 AM
On article <Xns98FF973CA4883duffytag@4.79.142.203>, Duffy wrote:

> I just got a warning from Norton that "PamelaSetup-Basic.exe" has a virus 
> in it.  The name is "VirusBurst"
> 
> Luckily, I did not install this software and Norton's quarantined it so I 
> could delte it, which I have done.
> 
> Symantec has not completed analysis of this particular piece of garbage but 
> it did catch the sig.
> 
> If you have installed Pamela, you may be in trouble.
> 

This is what VirusTotal found in a file got from 
http://preview.tinyurl.com/27xsuy which obtained it from 
http://www.pamela-systems.biz/download/files/PamelaSetup_Basic.exe :

-< begin >-----------------------------------------------------------
Antivirus       Version         Update      Result
--------------  --------------  ----------  --------------
AhnLab-V3       2007.3.27.0     03.27.2007  no virus found
AntiVir         7.3.1.44        03.27.2007  no virus found
Authentium      4.93.8          03.26.2007  no virus found
Avast           4.7.936.0       03.27.2007  no virus found
AVG             7.5.0.447       03.27.2007  no virus found
BitDefender     7.2             03.27.2007  no virus found
CAT-QuickHeal   9.00            03.27.2007  no virus found
ClamAV          devel-20070312  03.27.2007  no virus found
DrWeb           4.33            03.27.2007  no virus found
eSafe           7.0.14.0        03.27.2007  no virus found
eTrust-Vet      30.6.3515       03.27.2007  no virus found
Ewido           4.0             03.27.2007  no virus found
FileAdvisor     1               03.27.2007  no virus found
Fortinet        2.85.0.0        03.27.2007  no virus found
F-Prot          4.3.1.45        03.26.2007  no virus found
F-Secure        6.70.13030.0    03.27.2007  no virus found
Ikarus          T3.1.1.3        03.27.2007  no virus found
Kaspersky       4.0.2.24        03.27.2007  no virus found
McAfee          4993            03.27.2007  no virus found
Microsoft       1.2306          03.27.2007  no virus found
NOD32v2         2148            03.27.2007  no virus found

Aditional Information
File size: 3767665 bytes
MD5: 0bb0395becebf93c6beb6db1aaa7b846
SHA1: b78ea5ade1f62f2c022a41bd273b6cfc83b928be
packers: BINARYRES
-------------------------------------------------------------< end >-

Can you please check if your scanner is up to date, and if we're 
talking on the same "infected" file?

-- 
Kind regards,
Euler German

Please, reply preferably to the list.
Reply-To: partially ROT13, invalid=com
0
Euler
3/27/2007 8:02:59 PM
Reply:

Similar Artilces:

>>>> ROOT Exploit in SAMBA <<<<<<
"A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445." http://us3.samba.org/samba/samba.html Binaries are available from Samba for RedHat, and some other distributions. So far as I can tell, the RedHat update mirrors I norm...

>>>> BUY RAM <<<<
.. ~~~*@@@*~~~ ================================================== ================================================== ENTER HERE: >>> http://web-for-you.cn/about/buy-ram <<< ================================================== ================================================== .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ...

>>>> CAPITALS GAMES <<<<
.. ~~~!!!~~~ ================================================== ================================================== CLICK HERE TO ENTER: >>> http://web-paradise.cn/3/capitals-games <<< ================================================== ================================================== .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ....

C<< >> vs C<< >> vs C<< x >>
Ugh. So we all know that there's this syntax for formatting codes (n=E9s "interio= r sequences") like C<< x >>. And that tokenizes as three tokens: "C<< ", open-C code "x", content " >>" close-code matching the C open-code And this is explicated by what I wrote in perlpodspec where I say that such a code... * starts with a capital letter (just US-ASCII [A-Z]) followed by two or more "<"'s, one or more whitespace characters, * any number of characters * one or more whit...

>>>> BLU-RAY MOVIES <<<<
.. ~~~!!!~~~ ================================================== ================================================== CLICK HERE TO ENTER: >>> http://web-paradise.cn/2/blu-ray-movies <<< ================================================== ================================================== .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ....

[PATCH] correctly handle C<< >> and C<<< >>> in diagnostics
This is just a quick hack; ideally someone would make it use an actual pod parser. --- perl/lib/diagnostics.pm.orig 2003-12-30 15:48:47.000000000 -0800 +++ perl/lib/diagnostics.pm 2004-05-25 01:54:31.735904000 -0700 @@ -314,10 +314,10 @@ sub noop { return $_[0] } # spensive for a noop sub bold { my $str =$_[0]; $str =~ s/(.)/$1\b$1/g; return $str; } sub italic { my $str = $_[0]; $str =~ s/(.)/_\b$1/g; return $str; } - s/[BC]<(.*?)>/bold($1)/ges; + s/C<<< (.*?) >>>|C<< (.*?) >>|[BC]<(.*?)>/bold($+)/ges; ...

How to strip a string of <html>, ,</html>, <body>, </body>, <form ... >, </form> tags?
I have stream which is the HTML input of a page. Now I want to use only that part of this page, that is within <form .....> and </form> tags, and excluding these tags.How would I go about stripping <html>, ,</html>, <body>, </body>, <form ... >, </form>, <head> and </head> tags? I have to make sure that <head ...javascript..> and its corresponding </head> tags are not stripped in this process.sun21170    Wait... you said you wanted to strip the head tags, and you're also saying you need to NOT strip the ...

The Man Who Debunks Virus Myths <<<hero???>>>R.Rosenberger Vmyths.com!!!<<<SIGH>>>
http://www.securitynewsportal.com/article.php?sid=1368&mode=thread&order=0 -- Regard: Joh@nnes´┐Ż 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" Take a look at the following from the article: (Begin quote) "Rosenberger is not just a random ornery writer with a website and a bone to pick. He's an experienced programmer, a systems administrator and a man of mystery with high-level CIA security clearance. Information about Rosenberger's status with the CIA was confirmed by an inquiry to a government office, and Ro...

Difference between <% %> <%# %> <%= %> ?
I have some server controls to which I want to assign the visible property using the server tags instead of code behind, but I can't manage to do it, so far I'm using:     Public Shared Function accesible(ByVal user As USERRow) As Boolean        Select Case user.rol            Case "Administrator"                Return True            Cas...

<<<THUD>>>
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3882364&sliceId=1&docTypeID=DT_TID_1_1&dialogID=104807193&stateId=0%200%20104803654 Novell actually gave a projected release date for something? <ponders if this date is before or after the new maintenance policy kicks in> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First, terrible subject line. Second, the offender has been shot. ;-) Not really.... this guy is awesome just because he is crazy like that. Third, before the patch date stuff (February I think). Goo...

>>>BOOKMARKS<<<
I dont understand the hep page for Lsot Bookmarks - can someone guide me please? I need to know what to look for (instructions in how to do it) As I dont know what im doing im new to using PC's RAJA SINGH wrote: > I dont understand the hep page for Lsot Bookmarks - can someone guide me > please? I need to know what to look for (instructions in how to do it) As I > dont know what im doing im new to using PC's please keep your posting together so we can follow whats going on. Thanks. Close FF. Now, using your file manager, locate the FF profile. To l...

How about <<< and >>> ops?
This has probably come up before, but I think it would be good if perl had two additional arithemetic operators: >>> would be a right shift _without_ sign extension under use integer (currently, under use integer, >> is at the mercy of the underlying C lib). <<< would be a left roll ($x <<< $y would be equivalent to ( ($x << $y) | (2**$y-1) & ($x >> (32-$y)) ) these two ops would come in handy when implementing cryptographic algorithms. I guess you could argue that >>> should be a right roll, but then I don'...

[PATCH] Fix POD: C<...->...> => C<< ...-> ... >>
--=-0nPiZliXhb80VRfJ/8qX Content-Type: text/plain Content-Transfer-Encoding: 7bit See the attached patch, it fixes some POD which gets rendered wrong by newer POD rendering tools. Thanks, Frank --=-0nPiZliXhb80VRfJ/8qX Content-Disposition: attachment; filename="0001-Fix-POD-C-.-.-C.patch" Content-Type: text/x-patch; name="0001-Fix-POD-C-.-.-C.patch"; charset="UTF-8" Content-Transfer-Encoding: 7bit From ed46d8dd56e57d51347cb0a7a6397687ee15a950 Mon Sep 17 00:00:00 2001 From: Frank Wiegand <frank.wiegand@gmail.com> Date: Thu, 19 Nov 2009 1...

"<table></table>" and "<frameset><frame></frame></frameset>" in perl/tk
Dear my friends... Anybody would be so kind telling me what is similar in perl/tk to arrange the location of a form written in perl/tk? I want a nice look for my perl/tk application. Somewhat like this below: 1. Name : <place to type-in> 2. Address : <place to type-in> 3. Telephone : <place to type-in> I have made the main menu of my application with "Menubutton". And I want if the user click on the menu that what the user see is only the aimed application displayed on the determined area (under the main menu) but the menu has no change in po...

Web resources about - >>>> Heads up <<<< - grc.spyware

Resources last updated: 12/31/2015 2:33:52 PM