I-phone AV?

[Duh_OZ]

Just trying to cover all bases..........

Get an e-mail with cousin's e-mail addy in the from field and a bunch
of CC'ed including sisters e-mail address. The message source shows
the originating IP from Tennessee, but cousin in Illinois and his
computer is off when the e-mail goes out.

I am going to have him send a hijack this log from his computer but
his I-Phone, which is synced to his address book could be the one
infected?

I can't see anyone else having my cousins, mine and my sisters e-mail
address, especially in Tennessee as AFAIK don't know anyone from that
area (zombied computer spewing out the e-mails I assume?)

So anyway, a recommended AV for an I-Phone please? I'm still low-
tech on the phone side, having one that can send a text and place a
call. No web browsing, etc.

BTW, saw another post (non AV forum) of someone e-mail being comprised
followed by someone else (in the UK) having a relatives e-mail account
being SPAM central with his entire address book.

 

[David H. Lipman]

From: "Duh_OZ" <[email protected]>

| Just trying to cover all bases..........

| Get an e-mail with cousin's e-mail addy in the from field and a bunch
| of CC'ed including sisters e-mail address. The message source shows
| the originating IP from Tennessee, but cousin in Illinois and his
| computer is off when the e-mail goes out.

| I am going to have him send a hijack this log from his computer but
| his I-Phone, which is synced to his address book could be the one
| infected?

| I can't see anyone else having my cousins, mine and my sisters e-mail
| address, especially in Tennessee as AFAIK don't know anyone from that
| area (zombied computer spewing out the e-mails I assume?)

| So anyway, a recommended AV for an I-Phone please? I'm still low-
| tech on the phone side, having one that can send a text and place a
| call. No web browsing, etc.

| BTW, saw another post (non AV forum) of someone e-mail being comprised
| followed by someone else (in the UK) having a relatives e-mail account
| being SPAM central with his entire address book.

Jailbroken ? LOL

 

[Duh_OZ]

Jailbroken ?  LOL

--

Had to look that term up

After talking to my cousin he definitely didn't go that route. Hell,
I had to step him through the process of downloading hijackthis.

Anyway looks like he be infected: O16 - DPF:
{1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

There were other entries also - I just had him use hijackthis to clear
them but they may be back. I also ask him when the was the last
time he applied patches. His reply "quite a while back". Seems he
had the typical M$ experience of losing all his data after doing a SP
upgrade. Told him this time turn off your AV (Norton 360? on
Crapcast) before trying it. That will have to wait.

Next time I talk to him I am going to try and have him find
counter.cab (or is it counter.exe?) and upload it to VT. I cringe
of trying to show him the way to enable system files to be seen or do
I dare say it "safe mode" so he has a better chance of accessing the
file.

Anyway, if I do ever figure out what the actual trojan is, I'll post
it.

 

[David H. Lipman]

From: "Duh_OZ" <[email protected]>

| Had to look that term up

| After talking to my cousin he definitely didn't go that route. Hell,
| I had to step him through the process of downloading hijackthis.

| Anyway looks like he be infected: O16 - DPF:
| {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

| There were other entries also - I just had him use hijackthis to clear
| them but they may be back. I also ask him when the was the last
| time he applied patches. His reply "quite a while back". Seems he
| had the typical M$ experience of losing all his data after doing a SP
| upgrade. Told him this time turn off your AV (Norton 360? on
| Crapcast) before trying it. That will have to wait.

| Next time I talk to him I am going to try and have him find
| counter.cab (or is it counter.exe?) and upload it to VT. I cringe
| of trying to show him the way to enable system files to be seen or do
| I dare say it "safe mode" so he has a better chance of accessing the
| file.

| Anyway, if I do ever figure out what the actual trojan is, I'll post
| it.

OK