| Next: ad-aware & spybot |
| Author |
Message |
bettersurfing
External
Since: Aug 01, 2006
Posts: 6
|
 Posted: Tue Aug 01, 2006 3:30 pm Post subject: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't
Archived from groups: alt>comp>anti-virus, others (more info?) |
|
|
I usually run an Avast bootscan along with Ad-Aware and Spybot once a week.
Today I did all three PLUS ran a Zone Alarm full system scan:
Here's what Zone Alarm just quarantined and the other three missed:
Win32.YOK.SuperSearch Trojan
RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
\{00021494-0000-0000-C000-000000000046}
Backdoor.Win32.mIRC. based Trojan
RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
The last one is interesting since I haven't installed Mirc or any internet
chat programs. I'm wondering if it was installed by any "spyware free"
freeware or the akamaitechnologies.com IP address I kept seeing in TCPview?
I also have the MVPS HOSTS file loaded and take alot of precautions (I have
all the Avast shields running + MS Defender).
It may be time for the MULTI-AV scan. |
|
| Back to top |
|
 |
Postman delivers
External
Since: Aug 01, 2006
Posts: 9
|
Posted: Tue Aug 01, 2006 3:30 pm Post subject: Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
bettersurfing.DeleteThis@usersnospam.org has brought this to us :
> I usually run an Avast bootscan along with Ad-Aware and Spybot once a week.
> Today I did all three PLUS ran a Zone Alarm full system scan:
>
> Here's what Zone Alarm just quarantined and the other three missed:
>
> Win32.YOK.SuperSearch Trojan
>
> RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
> \{00021494-0000-0000-C000-000000000046}
>
> Backdoor.Win32.mIRC. based Trojan
>
> RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
>
>
> The last one is interesting since I haven't installed Mirc or any internet
> chat programs. I'm wondering if it was installed by any "spyware free"
> freeware or the akamaitechnologies.com IP address I kept seeing in TCPview?
>
>
> I also have the MVPS HOSTS file loaded and take alot of precautions (I have
> all the Avast shields running + MS Defender).
>
> It may be time for the MULTI-AV scan.
bettersurfing,
I updated ad-aware today and it stops running after one or two seconds.
I have webroot's spy sweeper running all the time, and it just now
seems ad-aware no longer runs, without shutting down webroot's spy
sweeper.
I run ad-aware free, because it finds numerous things that webroot does
not deem important or can't locate... On the other side, webroot's spy
sweeper finds things that ad-aware does not locate... And it has
tripped several Trojans during scans that AVG does not discover...
This is the first time ad-aware and spy sweeper will not co-exist...
Something has changed it appears...
JR the postman |
|
| Back to top |
|
|
David H. Lipman
External
Since: Jul 04, 2003
Posts: 2116
|
Posted: Tue Aug 01, 2006 9:11 pm Post subject: Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
From: <bettersurfing.TakeThisOut@usersnospam.org>
| I usually run an Avast bootscan along with Ad-Aware and Spybot once a week.
| Today I did all three PLUS ran a Zone Alarm full system scan:
|
| Here's what Zone Alarm just quarantined and the other three missed:
|
| Win32.YOK.SuperSearch Trojan
|
| RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
| \{00021494-0000-0000-C000-000000000046}
|
| Backdoor.Win32.mIRC. based Trojan
|
| RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
|
| The last one is interesting since I haven't installed Mirc or any internet
| chat programs. I'm wondering if it was installed by any "spyware free"
| freeware or the akamaitechnologies.com IP address I kept seeing in TCPview?
|
| I also have the MVPS HOSTS file loaded and take alot of precautions (I have
| all the Avast shields running + MS Defender).
|
| It may be time for the MULTI-AV scan.
|
Give the Multi AV Scanning Tool and try and let us know the results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm |
|
| Back to top |
|
|
Lukas Mariman
External
Since: Jun 19, 2006
Posts: 7
|
Posted: Tue Aug 01, 2006 11:03 pm Post subject: Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
"Postman delivers" <JR_the_postman.RemoveThis@xyzahoo.com> schreef in bericht
news:mn.0b3b7d68fd1ce147.49378@xyzahoo.com...
> bettersurfing.RemoveThis@usersnospam.org has brought this to us :
>> I usually run an Avast bootscan along with Ad-Aware and Spybot once a
>> week.
>> Today I did all three PLUS ran a Zone Alarm full system scan:
>>
>> Here's what Zone Alarm just quarantined and the other three missed:
>>
>> Win32.YOK.SuperSearch Trojan
>>
>> RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
>> \{00021494-0000-0000-C000-000000000046}
>>
>> Backdoor.Win32.mIRC. based Trojan
>>
>> RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
>>
>>
>> The last one is interesting since I haven't installed Mirc or any
>> internet chat programs. I'm wondering if it was installed by any
>> "spyware free" freeware or the akamaitechnologies.com IP address I kept
>> seeing in TCPview?
>>
>>
>> I also have the MVPS HOSTS file loaded and take alot of precautions (I
>> have all the Avast shields running + MS Defender).
>>
>> It may be time for the MULTI-AV scan.
>
> bettersurfing,
>
> I updated ad-aware today and it stops running after one or two seconds. I
> have webroot's spy sweeper running all the time, and it just now seems
> ad-aware no longer runs, without shutting down webroot's spy sweeper.
>
> I run ad-aware free, because it finds numerous things that webroot does
> not deem important or can't locate... On the other side, webroot's spy
> sweeper finds things that ad-aware does not locate... And it has tripped
> several Trojans during scans that AVG does not discover...
>
> This is the first time ad-aware and spy sweeper will not co-exist...
> Something has changed it appears...
>
> JR the postman
Check the recent threads on Spy Sweeper - if you "upgraded" to version 5.0
there might be some "issues"... |
|
| Back to top |
|
|
David H. Lipman
External
Since: Jul 04, 2003
Posts: 2116
|
Posted: Fri Aug 04, 2006 11:20 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
From: <bettersurfing.TakeThisOut@usersnospam.org>
| It appears (from rechecking the Zone Alarm url's) that the
| yok.supersearch is not a trojan but adware and may be legit (but my
| computer had none of the yok.* files listed in the Zone Alarm forum other
| than the registry setting that Zone Alarm removed).
|
| The Backdoor.Win32.mIRC.based trojan was a false positive that Zone Alarm
| corrected with a future definition update.
|
| Just great - Zone Alarm made me waste about 4 hours checking the net and
| rerunning several anti-spyware programs plus an Avast bootscan and normal
| start-up virus scan.
|
| I almost did a Multi-AV scan, too!
Thanx for updating the thread.
Good Luck !
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm |
|
| Back to top |
|
|
Virus Guy
External
Since: Aug 05, 2005
Posts: 407
|
Posted: Sat Aug 05, 2006 1:12 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
bettersurfing RemoveThis @usersnospam.org wrote:
> Just great - Zone Alarm made me waste about 4 hours ...
As I've said before, software firewalls are a useless waste of time
and computer resources.
Get a NAT router (to act as an incoming firewall) and be done with
it. The incremental benefit of an outgoing software-firewall is
none-existant.
When are you people gonna learn that? |
|
| Back to top |
|
|
bettersurfing
External
Since: Aug 01, 2006
Posts: 6
|
Posted: Sat Aug 05, 2006 3:30 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:MCQAg.127$rd1.107@trnddc01:
> From: <bettersurfing.TakeThisOut@usersnospam.org>
>
>| It appears (from rechecking the Zone Alarm url's) that the
>| yok.supersearch is not a trojan but adware and may be legit (but my
>| computer had none of the yok.* files listed in the Zone Alarm forum
>| other than the registry setting that Zone Alarm removed).
>|
>| The Backdoor.Win32.mIRC.based trojan was a false positive that Zone
>| Alarm corrected with a future definition update.
>|
>| Just great - Zone Alarm made me waste about 4 hours checking the net
>| and rerunning several anti-spyware programs plus an Avast bootscan
>| and normal start-up virus scan.
>|
>| I almost did a Multi-AV scan, too!
>
>
> Thanx for updating the thread.
>
> Good Luck !
>
Actually, I do it not only for the benefit of future surfers, but for
myself, too. In the future, I'll be able to do Google newsgroup searches
and see the ZA threads.
I was amazed at how little there was on the net and in the newsgroups
regarding these two bits of spyware.
All the AV and anti-spyware companies (especially the one I use - Avast)
give precious little info on trojans and spyware. Sure they may block it
at the point of impact, but it would be nice to see what files or registry
strings they plant, so we could do a file or reg search just to be sure. |
|
| Back to top |
|
|
bettersurfing
External
Since: Aug 01, 2006
Posts: 6
|
Posted: Sat Aug 05, 2006 3:37 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Virus Guy <Virus.RemoveThis@Guy.com> wrote in news:44D4D184.D38996E9@Guy.com:
> Get a NAT router (to act as an incoming firewall) and be done with
> it. The incremental benefit of an outgoing software-firewall is
> none-existant.
>
> When are you people gonna learn that?
My Netgear RP614v3 says it gives SPI and NAT protection and I don't see it
blocking the trojans and spyware that Avast or ZA catches. |
|
| Back to top |
|
|
kurt wismer
External
Since: Jul 04, 2003
Posts: 1496
|
Posted: Sat Aug 05, 2006 3:44 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Virus Guy wrote:
> bettersurfing.RemoveThis@usersnospam.org wrote:
>
>> Just great - Zone Alarm made me waste about 4 hours ...
>
> As I've said before, software firewalls are a useless waste of time
> and computer resources.
usually this is said because malware can (though it doesn't always
bother) disable the software firewall or find some other way to bypass it...
unfortunately that ignores the fact that a) not all malware does and b)
there's plenty of more or less legitimate software that tries to make
outgoing connections that i don't want it to make...
> Get a NAT router (to act as an incoming firewall) and be done with
> it. The incremental benefit of an outgoing software-firewall is
> none-existant.
definitely agree about getting a nat router, but as above, not about
dumping the software firewall... at the very least the redundant system
is useful for fault tolerance ('hey my connection stopped working, maybe
the router's broken, i'll have to try connecting without it to see')...
also, some software firewalls include features that are outside the
scope of a firewall but are useful none-the-less (such as the
application launch whitelisting functionality in kerio)...
> When are you people gonna learn that?
"you people"? probably not the best way to sway opinion...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?" |
|
| Back to top |
|
|
Ernie B.
External
Since: Feb 26, 2006
Posts: 95
|
Posted: Sat Aug 05, 2006 5:25 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?) |
|
|
| This message is not archived |
|
| Back to top |
|
|
kurt wismer
External
Since: Jul 04, 2003
Posts: 1496
|
Posted: Sat Aug 05, 2006 5:26 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Ernie B. wrote:
> On Sat, 05 Aug 2006 13:12:36 -0400 Virus Guy wrote:
>
>> bettersurfing DeleteThis @usersnospam.org wrote:
>>
>>> Just great - Zone Alarm made me waste about 4 hours ...
>> As I've said before, software firewalls are a useless waste of time
>> and computer resources.
>>
>> Get a NAT router (to act as an incoming firewall) and be done with
>> it. The incremental benefit of an outgoing software-firewall is
>> none-existant.
>>
>> When are you people gonna learn that?
>>
> When things like Real Player quit trying to call home.
psst - real alternative (http://www.codecguide.com/)...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?" |
|
| Back to top |
|
|
Virus Guy
External
Since: Aug 05, 2005
Posts: 407
|
Posted: Sat Aug 05, 2006 5:38 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
"Ernie B." wrote:
> > When are you people gonna learn that?
> >
> When things like Real Player quit trying to call home.
Get "Real Alternative".
http://www.free-codecs.com/download/Real_Alternative.htm |
|
| Back to top |
|
|
Virus Guy
External
Since: Aug 05, 2005
Posts: 407
|
Posted: Sat Aug 05, 2006 5:43 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
bettersurfing RemoveThis @usersnospam.org wrote:
> My Netgear RP614v3 says it gives SPI and NAT protection and I
> don't see it blocking the trojans and spyware that Avast or ZA
> catches.
Your software firewall won't "catch" it either when it first comes
into and installs itself on your system. And the nasty stuff, like
root kits, will bypass your firewall like it wasn't even there.
Where do you surf? Geeze, I never get fun stuff like that.
You must not us a hosts file, or adaware/spybot/spyware blaster, or
update your Java, or maybe you're still running XP-SP1 (or XP-gold). |
|
| Back to top |
|
|
Ernie B.
External
Since: Feb 26, 2006
Posts: 95
|
Posted: Sat Aug 05, 2006 8:24 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?) |
|
|
| This message is not archived |
|
| Back to top |
|
|
bettersurfing
External
Since: Aug 01, 2006
Posts: 6
|
Posted: Sat Aug 05, 2006 8:24 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Ernie B. <ebaresch_REMOVE_.DeleteThis@cox._THIS_net> wrote in
news:MPG.1f3eba92451860a898adb7@127.0.0.1:
> Yeah I've got it, thanks. I used Real Player as an infamous example,
> there are others also.
like Windows Media Player doesn't?
We all use and recommend Media Player Classic intead with Real Alternative
and QT alternative, but do we really know the entire program structure? |
|
| Back to top |
|
|
Ernie B.
External
Since: Feb 26, 2006
Posts: 95
|
Posted: Sat Aug 05, 2006 8:54 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?) |
|
|
| This message is not archived |
|
| Back to top |
|
|
Ernie B.
External
Since: Feb 26, 2006
Posts: 95
|
Posted: Sat Aug 05, 2006 11:21 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?) |
|
|
| This message is not archived |
|
| Back to top |
|
|
Dustin
External
Since: Aug 06, 2006
Posts: 41
|
Posted: Sun Aug 06, 2006 6:09 pm Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
In article <44D5110B.2EC681D8.DeleteThis@Guy.com>, Virus.DeleteThis@Guy.com says...
> You must not us a hosts file, or adaware/spybot/spyware blaster, or
> update your Java, or maybe you're still running XP-SP1 (or XP-gold).
I don't use much of a hosts file, don't have adware/spybot/spyware
blaster running... Java is updated...  , and I am still running xp-sp1,
the benefits of sp2 weren't worth it to me.
--
Dustin
Author of BugHunter - MalWare Removal Tool
Current Version: 1.9.1 Released July 28th, 2006
Last Pattern Update: August 2nd, 2006
http://bughunter.it-mate.co.uk |
|
| Back to top |
|
|
bughunter.dustin
External
Since: Jun 06, 2006
Posts: 8
|
Posted: Mon Aug 07, 2006 7:19 am Post subject: Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Virus Guy wrote:
> Why not? It's free, and so are:
Don't really need one? I rarely surf with IE...
> and have you uninstalled all older versions of Java?
My system never had older versions...
> Benefits like not being prone to network hacking?
I'm behind a linksys NAT router, good luck with the network hacking,
chum.
All ports except for one are not forwarded, uPNP is disabled, remote
access is entirely disabled. Machines inside the lan communicate via
IPSEC to each other.
> How can you use the MS Update web site (and retrive updates) when you
> haven't first updated your system to SP-2? Doesn't the update web
Because the site doesn't force me to use sp-2 yet, not until October.
I really don't need every single update under the sun. I do practice
safe hex, so I'm not concerned because of some new 0day exploit for IE
or ms office package, or a windows media player issue.
The real concerns I have with are the partially open max amount of
sockets; sp2 limits this to 10, this would seriously crampin my
torrenting.
Other concerns are running older software... which sp2 doesn't do well
with.
--
Dustin
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk |
|
| Back to top |
|
|
Virus Guy
External
Since: Aug 05, 2005
Posts: 407
|
|
| Back to top |
|
|
|
Computer Security