Strange virus alert by Trend Micro

[sdng05]

We are seeing some strange problems while using instant messaging with
Trend Micro antivirus software running. When my friend and I chatted
using Yahoo IM, a popup appears on my friend's computer saying

Trend micro has quarantined a back door Trojan/virus from the chat
window ( ... Instant message. This window should be closed to prevent
further intrusion.

It happened whether I was using my PC at home to chat with her PC at
home or I was using my PC at work to chat with her PC at work. She
was using Trend micro on both of her PCs (at home and at work). I was
using McAfee at home and Norton at work. I thought the problem was my
antivirus was not good enough; hence, I downloaded a trial version of
Trend micro PC-cillin to my home computer to see if the problem would
go away. After installing the Trend micro PC-cillin, I did a full
scan and it found only cookies and a few graywares.

So last night, both my friends and I have PC-cillin Internet Security
running on our PCs (with chat monitor turned on). We were using Yahoo
IM to chat; in less than one hour, suddenly, a popup display on my
friend's computer saying that

Trend micro has quarantined a back door Trojan/virus from the chat
window ( .... Instant message. This window should be closed to
prevent further intrusion.

My first question is if I am running Trend micro PC-cillin Internet
Security, how could a virus on my PC survive to affect my friend's
computer like that? Moreover, when we shut down our Yahoo IM, my
friend attempted to log in to Skype. Even before she was able to
connect to Skype, a similar message pop up on her PC again. How could
a virus go to her PC even before she was able to connect to Skype
server? I wonder if the problem is with my computer or with hers. To
be honest, I don' t think there is any problem with either computer.
She did re-install everything on her home PC a few weeks ago after it
got infected. My computer was scanned with both McAfee and Trend
Micro and no virus was found.

The problem never occurs when she uses Yahoo IM to chat with other
people. It only happened when she chatted with me. And I chatted
with other people and nobody got any virus alert (To be honest, they
all use McAfee or Norton).

I did create a different yahoo ID to chat with my friends, but only a
few days later, the problem occurred again. So far I have used 2
different yahoo ids and 3 different computers, and the message always
occurs on her computers. We see the problem no matter we are using
Yahoo IM, Skype, or Windows Live Messenger.

After the virus warning appeared, even when my friend terminated her
yahoo IM, she still could not send mail to my yahoo account. The
antivirus software kept popping up the alert. I never heard of an
antivirus software tried to stop you from sending out emails. How
could you get infected when sending email? After rebooting her PC,
she was able to send mail again.

Could it possible that the antivirus software at her company has
blacklisted my IP address and tried to scare her from using IM? But
how could it happen with her home computer as well?

Thanks.

 

[Dustin Cook]

(e-mail address removed) wrote in @r23g2000prd.googlegroups.com:

We are seeing some strange problems while using instant messaging with
Trend Micro antivirus software running. When my friend and I chatted
using Yahoo IM, a popup appears on my friend's computer saying

<snip rest>

You might want to forward that information along to Trend Micro, they would
be the ones most qualified to answer those questions and hopefully resolve
the issue for you.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

 

[sdng05]

(e-mail address removed) wrote in @r23g2000prd.googlegroups.com:


<snip rest>

You might want to forward that information along to Trend Micro, they would
be the ones most qualified to answer those questions and hopefully resolve
the issue for you.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..:http://bughunter.it-mate.co.uk
Pad..:http://bughunter.it-mate.co.uk/pad.xml

I did send the questions to Trend Micro and so far, all I got is the
copy-and-paste from some manual about how to run the antivirus
software. They never give me a straight answer on the problem.

Thanks.

 

[(PeteCresswell)]

Per (e-mail address removed):

I did send the questions to Trend Micro and so far, all I got is the
copy-and-paste from some manual about how to run the antivirus
software. They never give me a straight answer on the problem.

I went through that at some length several times.

They're *really* bad at support.

It was one of the reasons I dumped PC-Cillin in favor of the
freebie version of Avast.

 

[amtchvn]

Per (e-mail address removed):


I went through that at some length several times.

They're *really* bad at support.

It was one of the reasons I dumped PC-Cillin in favor of the
freebie version of Avast.

I am not a network admin or a security expert, but I think Trend Micro
has something called Network Outbreak Monitoring/Prevention which
potentially can block traffic in and out of their network. A quick
google gives me this information

Network VirusWall enables organisations to implement proactive and
timely security measures by providing early warning information of
outbreaks in the network segment(s) using heuristics. Monitoring
methods include, but are not limited to analysing traffic flow delta,
number of connections initiated to and from a single client at any
given time, sudden increases in traffic through specific ports or
protocols (TCP, UDP, ICMP, and IGMP).

Equiped with this tool, the network admin can block your IP address
based on some predefined pattern. It could be anything like when your
session starts, how long your session lasts, or even based on the
existence of some string in your dialog. Once your IP is identified,
using a different id does not help. Even when you try to use a
different IP, as a lot of virus did, if the pattern is the same, the
new IP address will be blacklisted also. I never understand why
employers go through so much trouble to do that; sending a warning to
the employee is probably much more effective.

On the other hand, it could only explain the problem you have from
your workstation. I am not quite sure why you have the same problem
from your home computer. I don't believe any individual would set up
his home computer to blacklist his friend nor would he has the tool to
do that.

Having said that, I think you are getting off easy. It sounds like
you are spending way too much time IM'ing at work instead of working.
This could be a blessing in disguise for you and your friend.

Cheers,

 

[kend9u]

We are seeing some strange problems while using instant messaging with
Trend Micro antivirus software running. When my friend and I chatted
using Yahoo IM, a popup appears on my friend's computer saying

Trend micro has quarantined a back door Trojan/virus from the chat
window ( ... Instant message. This window should be closed to prevent
further intrusion.

. . .

Could it possible that the antivirus software at her company has
blacklisted my IP address and tried to scare her from using IM? But
how could it happen with her home computer as well?

Thanks.

There is some truth to what AMTC... has said. It's true that your IP
address could be
blocked by the network admin or somebody else. Anyway, you and your
friend(s) should
heed his advice:

"Having said that, I think you are getting off easy. It sounds like
you are spending way too much time IM'ing at work instead of working.
This could be a blessing in disguise for you and your friend."

Maybe some admin has been lenient with you because he/she could've
just notified
your boss and get you reprimanded for chatting at work instead of
going through
the trouble of "warning" you. The fact that you're pursuing the
matter about
not being able to chat somehow indicates that there's some addiction
to chatting.
It could ruin you.

Ken

 

[kend9ee]

We are seeing some strange problems while using instant messaging with
Trend Micro antivirus software running. When my friend and I chatted
using Yahoo IM, a popup appears on my friend's computer saying

Trend micro has quarantined a back door Trojan/virus from the chat
window ( ... Instant message. This window should be closed to prevent
further intrusion.

. . .

Could it possible that the antivirus software at her company has
blacklisted my IP address and tried to scare her from using IM? But
how could it happen with her home computer as well?

Thanks.

There is some truth to what AMTC... has said. It's true that your IP
address could be blocked by the network admin or somebody else.
Anyway, you and your
friend(s) should heed his advice:

"Having said that, I think you are getting off easy. It sounds like
you are spending way too much time IM'ing at work instead of working.
This could be a blessing in disguise for you and your friend."

Maybe some admin has been lenient with you because he/she could've
just notified your boss and get you reprimanded for chatting at work
instead of
going through the trouble of "warning" you. The fact that you're
pursuing the
matter about not being able to chat somehow indicates that there's
some addiction
to chatting. It could ruin you.

Ken

 

[tracewilliams07]

It's possible that packets reassembled after some IP checkpoints got
misinterpreted by TM. The recipient's end should be cautious
nevertheless.

Trace Williams

 

[sdng05]

There is some truth to what AMTC... has said. It's true that your IP
address could be blocked by the network admin or somebody else.
Anyway, you and your
friend(s) should heed his advice:

"Having said that, I think you are getting off easy. It sounds like
you are spending way too much time IM'ing at work instead of working.
This could be a blessing in disguise for you and your friend."

Maybe some admin has been lenient with you because he/she could've
just notified your boss and get you reprimanded for chatting at work
instead of
going through the trouble of "warning" you. The fact that you're
pursuing the
matter about not being able to chat somehow indicates that there's
some addiction
to chatting. It could ruin you.

Ken

Actually, I am more concerned about whether my computer got infected.
I have scanned it with multiple antivirus and antispyware and nothing
was found. I just want to make sure that my computer is clean.

 

[Leythos]

Actually, I am more concerned about whether my computer got infected.
I have scanned it with multiple antivirus and antispyware and nothing
was found. I just want to make sure that my computer is clean.

No matter how many cleaning tools you run, you will never be able to
certify that you machine is 100% clean - none of them detect everything
and they certainly never detect all the newest malware.

The only way to clean a compromised machine is to wipe it completely and
reinstall in a clean environment.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.