John Bartow
john at winhaven.net
Tue Jan 10 23:35:38 CST 2006
I thought I ran into your trojan tonight. I was working on a PC and cleaning the typical junk off the desktop. I ran into this: http://www.winhaven.net/security/ScreenShot.html To the right you'll see a small quais-icon (scroll down and there's a blow up of it beneath the large image) If I clicked on it I could see that it had the image boundaries the same as a typical icon but when clicked it would not do anything, I could get no short cut menu form it when right clicking (got themenu for the desktop) and I could not select it. Anyone ever see anything that looked like that? -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jon Tydda Sent: Tuesday, January 10, 2006 10:27 AM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Nasty little trojan Not a clue, but I'm hoping that the av companies start including it in their updates, as it's a right pain to get rid of. Jon -----Original Message----- From: John Bartow [mailto:john at winhaven.net] Sent: 10 January 2006 16:16 To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Nasty little trojan Jon, Good catch! It must be very new as I can't find any information on it (including Trojan Hunter info). Have you found anything about how it was delivered? -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jon Tydda Sent: Tuesday, January 10, 2006 8:55 AM To: Dba-Tech (E-mail) Subject: [dba-Tech] Nasty little trojan Had some problems last night... I turned my pc on, fired up Trillian, Outlook and Zmud, and waited a few seconds for them to appear. Trillian and Zmud opened pretty quickly, and I noticed that Outlook hadn't appeared. So I clicked the icon again, and a message box appeared saying "Outlook failed to open correctly last time, would you like to start in safe mode?" So I clicked no, and waited. Nothing. I clicked it again, got the same error message and clicked on yes this time. Again nothing happened. Then it asked if I'd like to do a detect and repair, which I agreed to. The detect and repair started up, and failed halfway through as it claimed to need the installation cd's, despite having the install files on the hard drive... It was at this point I got suspicious, and opened Internet Explorer to look for information on a possible virus. IE closed about 2 seconds after opening. So I opened McAfee virus scan in a vain attempt to scan my pc. McAfee closed about a second after the splash screen appeared. Fortunately, I had a copy of Stinger on my desk top, so I started that and was relieved to see that it stayed open, although in the end, it didn't find anything. Trend Micro's Sysclean didn't find anything either. Sunday night I had run Spybot, Ad-Aware, Giant, and SpySweeper, as well as diskcleanup and defrag, and had updated Windows to include the WMF patch on Friday. The only thing I hadn't run was Trojan Hunter, so I started that up and waited for it to disappear. It didn't. So I updated it, and ran a full scan. This eventually picked up a file called "autoload.exe" and named it as "Runner.100". I can't find information about this infection anywhere, but removing it let me run Outlook and IE again, so I'm kinda pleased. I am a little troubled at how easily my pc got infected despite having good anti-virus software, lots of anti-spyware software, Zonealarm and the hardware firewall in my router. But I can thoroughly recommend Mischel's Trojan Hunter 4.2, available from http://www.trojanhunter.com/ <http://www.trojanhunter.com/> Jon The information in this e-mail is confidential and may also be legally privileged. The contents are intended for recipient only and are subject to the legal notice available on request from : webmaster at alcontrol.co.uk ALcontrol Laboratories is a trading division of ALcontrol UK Limited. Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ. Registered in England and Wales No 4057291 _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com The information in this e-mail is confidential and may also be legally privileged. The contents are intended for recipient only and are subject to the legal notice available on request from : webmaster at alcontrol.co.uk ALcontrol Laboratories is a trading division of ALcontrol UK Limited. Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ. Registered in England and Wales No 4057291 _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com