Anyone come across installer_george_test.exe yet?

[Licensed to Quill]

Seems to be a Trojan back door installer and seems to have been around for a
few months and managed to get into my computer somehow. I have Norton AV
installed which catches most things but didn't manage to catch this as it
came in.

BUT when I ran a full system scan, NAV DID find it and quarantined it!

Curiously enough, when I went to the Symantec site and tried to do a search
on it, NOTHING was found?? Can it be possible that they are unaware of it
even though reports on the internet seem to go back to about the middle of
June? (but that presumably it's activity seems Trojan-installer-like to the
scan process so it quarantined it?)

Anyone know what it does while it is sitting there or does it ONLY work to
install Trojans? Or might it have installed any Trojans on my computer or
done anything (like opening doors which At Guard had or reports as closed)
which NAV failed to find?

Licensed to Quill
PS I have a strong suspicion this is one of those viruses which you can
only see by going to a site which seems to be taking an age to load while
nothing whatsoever appears on the screen but while your 'incoming data'
reported on NetMedic (etc) shows frantic activity

 

[FromTheRafters]

Filenames alone aren't much help in determining anything, usually.
..

Seems to be a Trojan back door installer and seems to have been around for a
few months and managed to get into my computer somehow.

Where are you getting that information from?

I have Norton AV
installed which catches most things but didn't manage to catch this as it
came in.

I don't see how an "installer" named "installer_something.exe" can be
considered a trojan as there is no pretense. ;o)

But that is beside the point.

My searches have resulted in at least one reference to w32/delf.av
backdoor trojan being related to it, but I'm not sure that it is always
specifically related to any particular malware. I have seen it called
a trojan dropper, but I think that depends on what it drops, not what
it is.

Is this that rather generic trojan downloader detection?

BUT when I ran a full system scan, NAV DID find it and quarantined it!

Curiously enough, when I went to the Symantec site and tried to do a search
on it, NOTHING was found?? Can it be possible that they are unaware of it
even though reports on the internet seem to go back to about the middle of
June? (but that presumably it's activity seems Trojan-installer-like to the
scan process so it quarantined it?)

Don't search Symantec by the filename, try by the detection
name. Maybe this one:

http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html

Anyone know what it does while it is sitting there or does it ONLY work to
install Trojans?

As far as I know its only purpose is to pull in a file from
some specific URL and execute it. The filename and URL
are probably configurable by the person using it. The end
result of whatever file was pulled and executed is anybody's
guess.

Or might it have installed any Trojans on my computer or
done anything (like opening doors which At Guard had or reports as closed)
which NAV failed to find?

Anything is possible if the file was successfully pulled and executed.
It is itself an executable file ~ are you under the mistaken impression
that AV software should be able to protect you from such things?

Even if the AV vendors want to get into the trojan detection business
(which it seems they do), doesn't mean they will be able to protect
any better from new (enough) trojans than from new (enough) viruses.

Get your executables from trusted sources, or at least from sources
which offer you some recourse if something goes awry.