Found A Trojan!

puns · Sep 1, 2005

I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!

Art · Sep 1, 2005

I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!

Not surprising. You should use some version of KAV (or a product that
uses the KAV scan engine) for on-demand scanning. It will alert you to
both virus and Trojan droppers that NOD32 won't.

Art

http://home.epix.net/~artnpeg

puns · Sep 1, 2005

Art,
Do you use the KAV Suite or stand alone KAV anti-virus program?

JRS · Sep 1, 2005

NOD32's weakness is Trojan detection. I would advise running a Trojan
scanner in tandem with it. I use Trojanhunter and it works fine.

Jon

Morgan Ohlson · Sep 1, 2005

I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!

Where is the Kaspersky located on the web?

Urgent need of more scan-power!!! (se "Shit storm" below)

Morgan O.

puns · Sep 1, 2005

Jon,
I downloaded the trial version of "Trojan Hunter" & it did NOT detect the
trojan that Kaspersky did!

Art · Sep 1, 2005

Art,
Do you use the KAV Suite or stand alone KAV anti-virus program?

I use KAV 3.5.133 from the Swiss site:

http://www.avp/ch

I don't use or need its realtime monitor though since I practice "safe
hex"

Art

http://home.epix.net/~artnpeg

Boris Mohar · Sep 1, 2005

Where is the Kaspersky located on the web?

Have you heard of Google?

--

ABC · Sep 1, 2005

puns said:
Jon,
I downloaded the trial version of "Trojan Hunter" & it did NOT detect the
trojan that Kaspersky did!

Did you do an update straight after the download?

puns · Sep 1, 2005

yes...i made an immediate update

ABC said:
Did you do an update straight after the download?

Gabriele Neukam · Sep 1, 2005

On that special day, Morgan Ohlson, ([email protected]) said...

Where is the Kaspersky located on the web?

You could always try www.kaspersky.com

It seems logical, after all.

Gabriele Neukam

(e-mail address removed)

Art · Sep 1, 2005

Where is the Kaspersky located on the web?

Urgent need of more scan-power!!! (se "Shit storm" below)

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:

cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N <a
href="ftp://updates1.kaspersky-labs.com/updates_x/*.avc">ftp://updates1.kaspersky-labs.com/updates_x/*.avc</a>
wget -N <a
href="ftp://updates1.kaspersky-labs.com/updates_x/avp.*">ftp://updates1.kaspersky-labs.com/updates_x/avp.*</a>
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan

David H. Lipman · Sep 1, 2005

From: "puns" <[email protected]>

| I use NOD32 as my main anti-virus program. As an experiment i tried the
| Kaspersky on line scanner & it found the following:
| Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
| NOD32 would/should have found the same!
|

Not surprising. You will often find that not all AV companies recognize a given infector at
the same time. Some will be quicker to deploy signatures for a given infector even when
supplied a sample submission.

This is why it good to have one active "On Access" capable AV application installed and use
multiple "On Demand" scanners to verify a system. Online scanners are web based form of "On
Demand" scanner. Albeit, they are limited due to their use of a Browser and some detect
without removal.

Art · Sep 1, 2005

Oooops! Prior post had garbled instruction. Try this instead:

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:

cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan

Art · Sep 1, 2005

Oooops! Prior post had garbled instruction. Try this instead:

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:

cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan

I'm having a bad morning

You also need wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

Art

http://home.epix.net/~artnpeg

David H. Lipman · Sep 1, 2005

From: "Art" <[email protected]>

|
| I'm having a bad morning

You also need wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| Art
|
| http://home.epix.net/~artnpeg

Maybe you need to create a web page on this or a template response with all the pertinet
data such that when this type of response is needed to you point to your web page or Copy &
Paste the template response into your reply.

It is definitely good information worth repeating.

Art · Sep 1, 2005

From: "Art" <[email protected]>
|
| I'm having a bad morning You also need wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| Art
|
| http://home.epix.net/~artnpeg

Maybe you need to create a web page on this or a template response with all the pertinet
data such that when this type of response is needed to you point to your web page or Copy &
Paste the template response into your reply.

It is definitely good information worth repeating.

Well, I had sworn off this sort of thing, remember? Why don't you
offer it as a alternative?

Anyway, I have now saved the instruction so I can cut and paste it.
If you don't pick up on it, I'll probably post it from time to time.

Art

http://home.epix.net/~artnpeg

David H. Lipman · Sep 1, 2005

From: "Art" <[email protected]>

|
| Well, I had sworn off this sort of thing, remember? Why don't you
| offer it as a alternative?
|
| Anyway, I have now saved the instruction so I can cut and paste it.
| If you don't pick up on it, I'll probably post it from time to time.
|
| Art
|
| http://home.epix.net/~artnpeg

I was thinking about doing it myself. Right now, its your "baby" ;-)

What's in a Name? · Sep 1, 2005

Well, I had sworn off this sort of thing, remember?

If you don't mind me asking-Why did you feel you need to "swear off"
that kind of thing?
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236

Buffalo · Sep 1, 2005

Art said:
I'm having a bad morning You also need wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

Worked great, thanks.
I did use C:\mwav, but couldn't I have named that folder almost anything on any
drive?
Ex: F:\Kaspersky or would that long folder name mess it up?
PS:For those that have WinZip, you don't need to dl and install the 7-zip
program (7z423.exe)

safe or not?	9	Nov 27, 2006
RAZOR.EXE from Tiberian Sun game	7	Oct 20, 2005
Nirsoft.net's Mail passview utility - trojan or not?	4	Sep 11, 2006
virus or not ?	7	Dec 3, 2008
Trojan Scanner ???	5	Sep 30, 2004
Kaspersky Question	8	Sep 3, 2005
Kryptik.AB trojan	2	Nov 1, 2008
how can i get rid of mppds.dll from my computer?	1	Apr 2, 2007

Found A Trojan!

puns

Art

puns

JRS

Morgan Ohlson

puns

Art

Boris Mohar

ABC

puns

Gabriele Neukam

Art

David H. Lipman

Art

Art

David H. Lipman

Art

David H. Lipman

What's in a Name?

Buffalo

Ask a Question

Similar Threads