I was chatting to someone called "Gravedigger" on ICQ - He sent me 2 files, which I virus scanned (Landesk V5.03, pattern file updated Nov'99). The first file was the Netbus trojan, the second was an executable video from his webcam, which Landesk reported clean, so I ran it - It was a video of him waving to his victims as he hacked their PCs (if they'd run the executable with Netbus). Very cool, very funny but VERY annoying.
I reported him to the authorities, copied the files to floppy for evidence (& deleted them) & updated my scanner pattern file.
Now for the weirdest bit: To test the new pattern file, I scanned the floppy & it showed up clean, as did the copy of the files in the Recycle bin.
The scanner still works (I tested it on another infected floppy). My PC is showing no signs of unusual disk or modem activity, so I'm not under attack at present. I can't see anything in the Registry startup bits that might be Netbus (tho' I'm not very familiar with the registry).
Now for the questions:
Would Landesk Realtime protection clean the files as they were being copied?
Is the latest version of the pattern file defective?
Could the video file contain another virus/trojan that hid the Netbus one?
Is there anywhere I can send the files to, to have them checked?
Thanks in advance