[dba-Tech] Nasty little trojan

Jon Tydda Jon.Tydda at alcontrol.co.uk
Tue Jan 10 08:54:38 CST 2006 

Had some problems last night...
 
I turned my pc on, fired up Trillian, Outlook and Zmud, and waited a few
seconds for them to appear. Trillian and Zmud opened pretty quickly, and I
noticed that Outlook hadn't appeared. So I clicked the icon again, and a
message box appeared saying "Outlook failed to open correctly last time,
would you like to start in safe mode?" So I clicked no, and waited. Nothing.
I clicked it again, got the same error message and clicked on yes this time.
Again nothing happened. Then it asked if I'd like to do a detect and repair,
which I agreed to. The detect and repair started up, and failed halfway
through as it claimed to need the installation cd's, despite having the
install files on the hard drive...
 
It was at this point I got suspicious, and opened Internet Explorer to look
for information on a possible virus. IE closed about 2 seconds after
opening. So I opened McAfee virus scan in a vain attempt to scan my pc.
McAfee closed about a second after the splash screen appeared.
 
Fortunately, I had a copy of Stinger on my desk top, so I started that and
was relieved to see that it stayed open, although in the end, it didn't find
anything. Trend Micro's Sysclean didn't find anything either.
 
Sunday night I had run Spybot, Ad-Aware, Giant, and SpySweeper, as well as
diskcleanup and defrag, and had updated Windows to include the WMF patch on
Friday. The only thing I hadn't run was Trojan Hunter, so I started that up
and waited for it to disappear. It didn't. So I updated it, and ran a full
scan. This eventually picked up a file called "autoload.exe" and named it as
"Runner.100". I can't find information about this infection anywhere, but
removing it let me run Outlook and IE again, so I'm kinda pleased.
 
I am a little troubled at how easily my pc got infected despite having good
anti-virus software, lots of anti-spyware software, Zonealarm and the
hardware firewall in my router.
 
But I can thoroughly recommend Mischel's Trojan Hunter 4.2, available from
http://www.trojanhunter.com/ <http://www.trojanhunter.com/> 
 
 
Jon


The information in this e-mail is confidential and may also be legally
privileged. The contents are intended for recipient only and are subject
to the legal notice available on request from : webmaster at alcontrol.co.uk
ALcontrol Laboratories is a trading division of ALcontrol UK Limited.
Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ.
Registered in England and Wales No 4057291

More information about the dba-Tech mailing list