Schlegel, Justin wrote:
My company has recently been hit with some variety of virus that is
rebooting our machines. As far as I can tell the process causing the
problem is wintbp.exe. I have searched in google and all the major AV
vendors for this file with no luck. Does anyone have any information on
this process as I do not know what virus I am up against?
Filenames _ALONE_ are next to entirely useless as diagnostic cues for
such things. Sadly "causes the machine to reboot" is not particularly
individualistic either...
Please send a sample to your preferred AV vendor(s) (and perhaps CC a
few of their competitors you trust to hurry them along). Should they
happen to be on the following list, then I've saved you the trouble of
looking up a suitable address.
Authentium (Command Antivirus) <virus@authentium.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <vsamples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@nai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis@norman.no>
Panda Software <labs@pandasoftware.com>
Sophos Plc. <samples@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
(Trend may only accept files from users of its products)
In general, you may find the advice under the McAfee entry best
followed for any of the others as well.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
