his is a multi-part message in MIME format.
Hi:
I found the Constructor.Win32.Downldr.ek virus in a MS file I had lying around in My Documents. Zone Alarm Security Suite 7.0.483.000 picked it up on a scheduled scan.
The file is named: WindowsXP-KB838079-SupportTools-ENU.exe
and can be downloaded from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&DisplayLang=en
After it was quarantined, I tried downloading it again as a fresh copy from the MS download link above. It too showed the:
Constructor.Win32.Downldr.ek
virus.
I submitted the newly downloaded file to www.virustotal.com
It showed that both Kaspersky and F-Secure detect that same virus. F-Prot shows it to be a damaged file. The other 33 engines found nothing wrong in this file
I'm puzzled by these findings.
Could it be that Microsoft has an infected and/or damaged file on its download site?
Or is this a false positive?
Thanks in advance:
-Eli
================
Windows XP Profesional Edition SP3
Zone Alarm Security Suite 7.0.483.000
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16705" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Arial size=2>Hi:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I found the
<STRONG>Constructor.Win32.Downldr.ek</STRONG> virus in a MS file I had
lying around in My Documents. Zone Alarm Security Suite 7.0.483.000 picked it up
on a scheduled scan.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The file is named:
<STRONG>WindowsXP-KB838079-SupportTools-ENU.exe</STRONG></FONT></DIV>
<DIV><STRONG><FONT face=Arial size=2></FONT></STRONG> </DIV>
<DIV><FONT face=Arial size=2>and can be downloaded from:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&DisplayLang=en">http://www.microsoft..com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&DisplayLang=en</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>After it was quarantined, I tried downloading it
again as a fresh copy from the MS download link above. It too showed
the:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT size=2><FONT
face=Arial><STRONG>Constructor.Win32.Downldr.ek</STRONG>
</FONT></FONT></DIV>
<DIV><STRONG><FONT face=Arial size=2></FONT></STRONG> </DIV>
<DIV><FONT face=Arial size=2>virus.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I submitted the newly downloaded file to <
Constructor.Win32.Downldr.ek in newly downloaded Microsoft file
2 posts
• Page 1 of 1
- MS EXCEL
- MS EXCEL
- clarion
- Windows XP
- JAVA
- jobs
- linux
- Visual Basic
- msn
- Axapta
Jump to:
- 1. Windows Firewall automatically disabled
I have the latest Service Pack for Win XP I am runnign Norton Antivirus 2005 with its Firewall turned on. Would there be any reason why Windows Firewall would be disabled after every reboot of the machine. I've ran Norton antivirus scan of the machine. Nothing infected shows up. Also, I'bve ranth e virus check and security checker via web brwoser from the Symantec Security center. Nothing shows up. I have no spyware issues of the machine. I have ran Spybot...many times I have even looked ont eh web to make sure that alll the processes seen int he Task Manager are a valid. They all are valid. Any help is appreciated. I have looked up solutions on the MS Knowledgebase and still nothing works. - 2. trojan.startup.nameshifter.EW/wingu/EZ
Hello, Microsoft AntiV picked up the above referenced trojans, with over 100,000 certificates/signatures. MAV keeps freezing during the removal process and I can't remove them. Anyone have ideas on removal? M. - 3. Gaobot is driving me mad
I have all secutiry updates & Norton loaded but I have got GAOBOT.SN somewhere on my PC. I think it is in the temp files biy when I try to delete it is says I don't have the authority or the file is in use by another programme. I've run Norton & windoes scans but they can't find this virus. I';ve tried in safe mode & still can't find it ANy suggestions? - 4. WINTBP.exe Worm!!!!! ARGH!
I have had this worm on one of my PC's that run windows 2000. Just installed PAck 4 and ran the patch for this wee worm BUT, the worm created a removeable disk while it was in my system, yes thats right, created it all by itself (I swear) anyway I am trying to delete this drive and can't do it. It tells me that this drive does not exist however, when I try to delete this apparent non existant disk it won't let me because there is nothing in 'The drive' to open! Any idea's? My tutors don't know, I don't know and it is nothign short of excessively irratating!
Next
Constructor.Win32.Downldr.ek in newly downloaded Microsoft file
by eli » Mon, 29 Sep 2008 19:52:37 GMT
Re: Constructor.Win32.Downldr.ek in newly downloaded Microsoft file
by David H. Lipman » Mon, 29 Sep 2008 20:39:15 GMT
From: "eli" < XXXX@XXXXX.COM > | I found the Constructor.Win32.Downldr.ek virus in a MS file I had lying around in My | Documents. Zone Alarm Security Suite 7.0.483.000 picked it up on a scheduled scan. | The file is named: WindowsXP-KB838079-SupportTools-ENU.exe | and can be downloaded from: | http://www.**--****.com/ | ba8011fabf38&DisplayLang=en | After it was quarantined, I tried downloading it again as a fresh copy from the MS | download link above. It too showed the: | Constructor.Win32.Downldr.ek | virus. | I submitted the newly downloaded file to www.virustotal.com | It showed that both Kaspersky and F-Secure detect that same virus. F-Prot shows it to | be a damaged file. The other 33 engines found nothing wrong in this file | I'm puzzled by these findings. | Could it be that Microsoft has an infected and/or damaged file on its download site? | Or is this a false positive? | Thanks in advance: | -Eli | ================ | Windows XP Profesional Edition SP3 | Zone Alarm Security Suite 7.0.483.000 WindowsXP-KB838079-SupportTools-ENU.exe is a self extracting archive file. It consists of three .CAB files and a Microsft Installer, .MSI file. The False Positive declaration was in; support.cab These are file from the Windows NT Resource Kit. I did not track down the specific file in the CAB file but it is a False Positive declaration. BTW: F-Secure did NOT detect anything in my test. -- Dave http://www.**--****.com/ Multi-AV - http://www.**--****.com/
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 96 guest