What is this and how did I get it-- more queries

[MB_]

I am still a bit confused. I posted earlier that AVG discovered
"Backdoor.Small.3.AG" It identified the trojan file.

It SEEMS to have been eliminated. I'll see if it pops up again.

My concerns:

1) What does the Small.3.AG mean? I can't seem to find it via Google or even
on looking on the AVG site. I am wondering what that particular beast tends
to do.

2) Is there any way for me to see if any damage was done.

3) I'm still confused on how I could have gotten this. I do not open any
email attachments. I run AVG, AdAware regularly (and sometimes Spybot). I
use Zopne Alarm. Now sometimes I might open an attached .jpg from a relative
as we have gotten into photography and will send pictures taken with our
digital camera. Those are the only attachments I open. So, any ideas??

MB

 

[Max M.Wachtel III]

I am still a bit confused. I posted earlier that AVG discovered
"Backdoor.Small.3.AG" It identified the trojan file.

It SEEMS to have been eliminated. I'll see if it pops up again.

My concerns:

1) What does the Small.3.AG mean? I can't seem to find it via Google or even
on looking on the AVG site. I am wondering what that particular beast tends
to do.

2) Is there any way for me to see if any damage was done.

3) I'm still confused on how I could have gotten this. I do not open any
email attachments. I run AVG, AdAware regularly (and sometimes Spybot). I
use Zopne Alarm. Now sometimes I might open an attached .jpg from a relative
as we have gotten into photography and will send pictures taken with our
digital camera. Those are the only attachments I open. So, any ideas??

MB

Did you read my post in a.c.v.?
You should scan your system to make sure it is gone,read this:
Virus Removal Instructions: http://www.geocities.com/maxpro4u/
Install more protection read these:
Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
-max

 

[Beauregard T. Shagnasty]

3) I'm still confused on how I could have gotten this.

What browser do you use?

http://home.rochester.rr.com/bshagnasty/tips.html#browsers

 

[kurt wismer]

I am still a bit confused. I posted earlier that AVG discovered
"Backdoor.Small.3.AG" It identified the trojan file.

It SEEMS to have been eliminated. I'll see if it pops up again.

My concerns:

1) What does the Small.3.AG mean? I can't seem to find it via Google or even
on looking on the AVG site. I am wondering what that particular beast tends
to do.

that's the family name (as assigned by the anti-virus vendor) and
variant identifier (also as assigned by the anti-virus vendor)... i
don't know what the 3 is for...

2) Is there any way for me to see if any damage was done.

it's a backdoor trojan... it gave people remote access to your pc...
there's no general way to see what a person may have done to your pc
through that backdoor... at the very least you should probably expect
that your passwords (for everything you do online) have been
compromised and need to be changed... using a anti-virus and/or
anti-trojan and/or anti-ad/spyware software is pretty much all you can
do to see if they planted anything else on your computer through that
backdoor...

3) I'm still confused on how I could have gotten this. I do not open any
email attachments. I run AVG, AdAware regularly (and sometimes Spybot). I
use Zopne Alarm. Now sometimes I might open an attached .jpg from a relative
as we have gotten into photography and will send pictures taken with our
digital camera. Those are the only attachments I open. So, any ideas??

are you up to date on your patches? do you avoid heavily exploited
client software like Internet Explorer, Outlook Express, and Outlook?
safe hex is more than simply not opening attachments - it's also fixing
your software so it can't be tricked into opening the attachments for
you and or simply not using software that can be tricked in that way...

there are all kinds of ways it 'could' have been introduced to your
system... there's no way for us to know for sure exactly how it was
introduced...

 

[MB_]

Thanks for the info Kurt. I'm hoping that trojan is gone. AVG has been
indicating no viruses. I've run it about 3 times in the last 24 hours. I've
also run Ad-Aware SE.

I've changed passwords at selected sites.

MB

 

[MB_]

Yes, Max, I did read it. If you read MY email, you'll note that I still had
some specific questions (eg: trying to decipher the name
Backdoor.Small.3.AG).

Anyway, I appreciate your help. In fact, Max, your site led me to a really
neat program, BeClean. That works so smoothly and so well. It really
automates in one step
what I've sometimes done in many steps.

Mel

 

[Roger Wilco]

1) What does the Small.3.AG mean? I can't seem to find it via Google or even
on looking on the AVG site. I am wondering what that particular beast tends
to do.

Backdoor descriptions on AVG's site are very general.

http://www.grisoft.com/virbase/virbase.php?lng=us&type=web&action=view&qvirus=069cdab865664000

I chose a link for "Simali" only because it seemed close to the real
name that AVG gave you - not because I thought this was the one.

Small may be given to any ones below a certain size. AVers sometimes
look through the malware code for arbitrary names like kids look at
clouds to see everyday objects. Small programs don't have as much fodder
for the name grazers and they can't all be named after soft-drinks like
code-red was.

2) Is there any way for me to see if any damage was done.

If the backdoor was used, you have no idea what else might have been
done. The filename and its location would be helpful too because false
positive detections do happen, and some AVs check within archives and
alert to non-threats because they are potential threats.

3) I'm still confused on how I could have gotten this. I do not open any
email attachments.

This is only one of the many ways things can get on your computer.

I run AVG, AdAware regularly (and sometimes Spybot). I
use Zopne Alarm. Now sometimes I might open an attached .jpg from a relative
as we have gotten into photography and will send pictures taken with our
digital camera. Those are the only attachments I open. So, any ideas??

Not even those can be completely trusted -
http://www.securityfocus.com/bid/11173/exploit

 

[WolfGang]

FYI
There's a post dated 2/3 2005 9:17AM that has these links: (I inserted the
word TROJAN)

http://www.virusbulletin.TROJANcom/vb100/archives/products.xml

http://www.av-comparatives.TROJANorg/seiten/ergebnisse_2004_11.php
(but they haven't bothered to list AVG in their tests)

After I surfed these links for info, AVG7 signalled a backdoor trojan.
Clicking "Heal" got rid of it.