Win32 Salty

Monday, July 10, 2006 by PoSmedley | Discussion: Personal Computing

Avast just found this

updater.exe

location- C:\Program Files\Mozilla Firefox
Win32:Salty

Anyone familiar with this? It says it's a worm and I can't find anything on it.
12 Reply 151 Referrals
Jafo
Reply #1 Monday, July 10, 2006 8:06 AM

http://www.fbmsoftware.com/spyware-net/process/updater_exe/2656/

Seems difficult to find exact info....


Jafo
Reply #2 Monday, July 10, 2006 8:12 AM

http://72.14.235.104/search?q=cache:slxZEfOHu5MJ:www.71office.com/xml/xml.xml+updater.exe+spyware+firefox+win32+salty&hl=en&gl=au&ct=clnk&cd=2

Egad...that didn't help any.....


Erk.
Reply #3 Monday, July 10, 2006 8:25 AM

http://www.badaga.org/forum/viewtopic.php?p=2589

about two-thirds of the way down that page there's an entry about "Win32 salty" ...which is claimed to be a virus... usually sent as an email attachment.

...Perhaps someone's found another way of distributing it.


Jafo
Reply #4 Monday, July 10, 2006 8:51 AM
Erk....looking at the rest of that page it's hard to place much credit on the veracity of that post...

Erk.
Reply #5 Monday, July 10, 2006 9:38 AM

Ah ...guess I should've read the whole page.

I just scanned over it till I found the bit I was looking for.

Oh well, I had the best intentions ...and it's all I could find on the subject. What you said in #1 is true ...hard to find anything about it.

Good luck, Po'


yrag
Reply #6 Monday, July 10, 2006 12:04 PM
It's a false positive. Go here: http://virusscan.jotti.org/ browse to the updater. exe file on your hard drive and it will scan the file against it's data base. When it's done and it shows nothing, go about worrying about something else.........  

PoSmedley
Reply #7 Monday, July 10, 2006 5:41 PM
yrag...I scanned it from that link (which uses AVAST as one of it's sources) and it came up clean. I did this after I restored it to it's location from Avasts virus chest.

So, now I'm confused.
avast


site scan




Is it clean now, since it was in the chest (have to ask cause I'm a dumazz)

Was something attached to it?

PoSmedley
Reply #8 Monday, July 10, 2006 5:58 PM
I found it. It seems it's a bug with avast. (yrag- "False Positive)

I'm posting the Mozilla forum link here for anyone else who uses Avast and runs into this. It seems to be a bug in their last update and can be corrected.
http://forums.mozillazine.org/viewtopic.php?t=437465&highlight=avast+worm

Jafo
Reply #9 Monday, July 10, 2006 9:26 PM

Ah....I'd come across 'updater.exe' having potential issues in the past...but not with the firefox ver ....so it looks like the other ones' history caused the false Pos with firefox's.

Maybe Avast is almost as iffy as Norton...which is famous for false positives...


starkers
Reply #10 Tuesday, July 11, 2006 12:06 PM
Maybe Avast is almost as iffy as Norton...which is famous for false positives..


I've been using Avast for about 6 -7 months now, Firefox for longer, and have not encountered this issue/false positives, either....

Nevertheless, thanks for the link, Po', in the event I come across this...

BX
Reply #11 Wednesday, July 12, 2006 10:59 AM
From a site:



This message is notification to let you know that you do not open file attachment with extension file name: exe, pif, scr, bat, zip, doc, txt, HQX, BHX, mim, uu, uue,,, etc. and its size file within 50KB - 181KB because they are dangerous virus. Even though you know that the sender as your friend, your group moderator, the name of yourself or any one who wellkown in the world such as celebrity. Some examples of the attachment, you can see the list below:

File-name-attachment -----> Virus name
================ ============
Details.exe -----> Win32/Salty
love_me.exe -----> Win32/Salty
love_me_now.exe -----> Win32/Salty
mssage.scr -----> Worm/Netsky.Q
message.zip -----> Worm/Netsky.Q
your_document.pif -----> Worm/Netsky.Q
details03.zip -----> Worm/Netsky.Q
data.txt -----> Worm/Netsky.Q
data.zip -----> Worm/Netsky.Q
websitefirst01.zip -----> Worm/Netsky.Q
bill.zip -----> Worm/Netsky.Q
Attachment00.HQX -----> Worm/VB.6.AN
Attachment01.BHX -----> Worm/VB.6.AN
Video_part.mim -----> Worm/VB.6.AN
data.pif -----> Worm/Mytob.AA
documen.pif -----> Worm/Mytob.AA
document.zip -----> Worm/Mytob.AA
doc.scr -----> Worm/Mytob.AA
body.zip -----> Worm/Mytob.AA
important_info.doc -----> Worm/Mytob.AA
readme.zip -----> Worm/Mytob.C
text.pif -----> Worm/Mytob.C
important_detail.zip -----> Worm/Mytob.IS

Erk.
Reply #12 Wednesday, July 12, 2006 7:55 PM

BX ...that comes from the site I linked to above. If you read the rest of that page, you'll see that the information there is of a somewhat dubious nature ..as Jafo kindly pointed out.


Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!
Login

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
Copyright © Stardock Corporation. All Rights Reserved.


web-wc01