Lembit Soobik
lembit.dbamail at t-online.de
Wed Jan 11 07:09:12 CST 2006
John, did you check the folder Desktop - also for 'All Users' and 'Default User'? any (hidden) file there that could cause it? Lembit ----- Original Message ----- From: "John Bartow" <john at winhaven.net> To: "'Discussion of Hardware and Software issues'" <dba-tech at databaseadvisors.com> Sent: Wednesday, January 11, 2006 6:35 AM Subject: Re: [dba-Tech] Nasty little trojan >I thought I ran into your trojan tonight. I was working on a PC and >cleaning > the typical junk off the desktop. I ran into this: > http://www.winhaven.net/security/ScreenShot.html > > To the right you'll see a small quais-icon (scroll down and there's a blow > up of it beneath the large image) > > If I clicked on it I could see that it had the image boundaries the same > as > a typical icon but when clicked it would not do anything, I could get no > short cut menu form it when right clicking (got themenu for the desktop) > and > I could not select it. > > Anyone ever see anything that looked like that? > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jon Tydda > Sent: Tuesday, January 10, 2006 10:27 AM > To: 'Discussion of Hardware and Software issues' > Subject: Re: [dba-Tech] Nasty little trojan > > Not a clue, but I'm hoping that the av companies start including it in > their > updates, as it's a right pain to get rid of. > > > Jon > > -----Original Message----- > From: John Bartow [mailto:john at winhaven.net] > Sent: 10 January 2006 16:16 > To: 'Discussion of Hardware and Software issues' > Subject: Re: [dba-Tech] Nasty little trojan > > > Jon, > Good catch! It must be very new as I can't find any information on it > (including Trojan Hunter info). Have you found anything about how it was > delivered? > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jon Tydda > Sent: Tuesday, January 10, 2006 8:55 AM > To: Dba-Tech (E-mail) > Subject: [dba-Tech] Nasty little trojan > > Had some problems last night... > > I turned my pc on, fired up Trillian, Outlook and Zmud, and waited a few > seconds for them to appear. Trillian and Zmud opened pretty quickly, and I > noticed that Outlook hadn't appeared. So I clicked the icon again, and a > message box appeared saying "Outlook failed to open correctly last time, > would you like to start in safe mode?" So I clicked no, and waited. > Nothing. > I clicked it again, got the same error message and clicked on yes this > time. > Again nothing happened. Then it asked if I'd like to do a detect and > repair, > which I agreed to. The detect and repair started up, and failed halfway > through as it claimed to need the installation cd's, despite having the > install files on the hard drive... > > It was at this point I got suspicious, and opened Internet Explorer to > look > for information on a possible virus. IE closed about 2 seconds after > opening. So I opened McAfee virus scan in a vain attempt to scan my pc. > McAfee closed about a second after the splash screen appeared. > > Fortunately, I had a copy of Stinger on my desk top, so I started that and > was relieved to see that it stayed open, although in the end, it didn't > find > anything. Trend Micro's Sysclean didn't find anything either. > > Sunday night I had run Spybot, Ad-Aware, Giant, and SpySweeper, as well as > diskcleanup and defrag, and had updated Windows to include the WMF patch > on > Friday. The only thing I hadn't run was Trojan Hunter, so I started that > up > and waited for it to disappear. It didn't. So I updated it, and ran a full > scan. This eventually picked up a file called "autoload.exe" and named it > as > "Runner.100". I can't find information about this infection anywhere, but > removing it let me run Outlook and IE again, so I'm kinda pleased. > > I am a little troubled at how easily my pc got infected despite having > good > anti-virus software, lots of anti-spyware software, Zonealarm and the > hardware firewall in my router. > > But I can thoroughly recommend Mischel's Trojan Hunter 4.2, available from > http://www.trojanhunter.com/ <http://www.trojanhunter.com/> > > > Jon > > > The information in this e-mail is confidential and may also be legally > privileged. The contents are intended for recipient only and are subject > to > the legal notice available on request from : webmaster at alcontrol.co.uk > ALcontrol Laboratories is a trading division of ALcontrol UK Limited. > Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ. > Registered in England and Wales No 4057291 > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > > The information in this e-mail is confidential and may also be legally > privileged. The contents are intended for recipient only and are subject > to > the legal notice available on request from : webmaster at alcontrol.co.uk > ALcontrol Laboratories is a trading division of ALcontrol UK Limited. > Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ. > Registered in England and Wales No 4057291 > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.17/226 - Release Date: > 10.01.2006 >