Trojan in hiding for a year -- & bonus ?

[Slip Kid]

I've been using Zone Alarm w/AV for years...updated on demand of the server.

They want to dump my version in May so I installed a new Firewall (Stand
alone)

I grabbed avast as it was at pricelessware...hey, I've never been let down.

Oh, wait! I've been running Webroot (resident) and S&D (resident) for
over a year -- also updated.

Well, the first time I run avast? It finds three trojans! Been in here
since before last summer?

All three were on the lists of the apps I have in residence and update
and scan with!

I've always believed that a 'false sense of security and no security' is
a difference without distinction?

I have checked out my firewall at the Spinrite outfit ...they said I was
locked down, good.

But if an AV prog (no help anyway with a trojan...) plus Webroot and
S&D missing three common trojans? My confidence level is nill!

I do feel better about avast - it worked! So, what's the best site to
test a firewall.

Oh - I run Mozilla 1x (7?8?) My Bookmarks are three feet long. Is
there a 'horzional' approach available? No, I've not yet figured out
how to sort them by 'date only' either. It appears to only sort by date
'&' alphabetically...

 

[Gordon Darling]

I've been using Zone Alarm w/AV for years...updated on demand of the server.

They want to dump my version in May so I installed a new Firewall (Stand
alone)

I grabbed avast as it was at pricelessware...hey, I've never been let down.

Oh, wait! I've been running Webroot (resident) and S&D (resident) for
over a year -- also updated.

Well, the first time I run avast? It finds three trojans! Been in here
since before last summer?

Probably in Internet Explorer's cache. Almost certainly never executed so
any on access AV will not trigger. As you found an on demand AV will find
any garbage in the cache files.

Regards
Gordon

 

[Slip Kid]

Probably in Internet Explorer's cache. Almost certainly never executed so
any on access AV will not trigger. As you found an on demand AV will find
any garbage in the cache files.

Regards
Gordon

Nope, it was in a app folder - with another .exe...

I have no clue how it got there.

No, it was prolly never executed -- but it wasn't hiding from
anti-spyware either.

 

[dansheen]

Nope, it was in a app folder - with another .exe...

I have no clue how it got there.

No, it was prolly never executed -- but it wasn't hiding from
anti-spyware either.

They could be false positives. I use Avast and have run into that.

 

[Aaron]

They could be false positives. I use Avast and have run into that.

Just curious, run the exe file through the following online scan

http://virusscan.jotti.org/ , do any of the other antiviruses alert on
the file? If not, it's most likely a false positive.

 

[Gordon Darling]

Nope, it was in a app folder - with another .exe...

I have no clue how it got there.

No, it was prolly never executed -- but it wasn't hiding from
anti-spyware either.

What I was really referring to was your comment "But if an AV prog (no
help anyway with a trojan...) plus Webroot and S&D missing three common
trojans? My confidence level is nill!

It shouldn't give you a nil confidence level. (because of the difference
between on access & on demand scanners) However as others have pointed out
it may be a false positive. Running two AV programs in on access mode is a
recipe for trouble. It is worth having a second AV as a backup to give a
second opinion though.

You could try running AntiVir or ClamWin as a second choice.

Or assuming only one AV is flagging a particular file as suspicous you
could submit the file for a second opinion to;

Aladdin (ESafe) <[email protected]>
AntiVir (H+BeDv) <[email protected]>
Avast32 (Alwil) <[email protected]>
BitDefender <[email protected]>
Central Command (Vexira) <[email protected]>
Command Software (US) <[email protected]>, <[email protected]>
Command Software (UK) <[email protected]>
Computer Associates (US) <[email protected]>
Computer Associates (Vet/EZ) <[email protected]>
DialogueScience (Dr. Web) <[email protected]>
Eset (NOD32) <[email protected]>
Eset (NOD32) <[email protected]>
F-Secure Corp. <[email protected]>
Fire Anti-Virus <[email protected]>
Frisk Software (F-PROT) <[email protected]>
Grisoft (AVG) <[email protected]>
Ikarus Software <[email protected]>
Kaspersky Labs (AVP/KAV) <[email protected]>, <[email protected]>
Network Associates (McAfee) <[email protected]>
Norman (NVC) <[email protected]>
Ontrack Data Fix-It Utilities (see Trend Micro)
Panda <[email protected]>
Solo Antivirus <[email protected]>
(Apparently rebranded Fire Anti-Virus)
Sophos Plc. <[email protected]>
Symantec (Norton) <[email protected]>
Trend Micro (PC-cillin) <[email protected]>, <[email protected]>
(Trend only provides support for their own customers)

Regards
Gordon

 

[Slip Kid]

What I was really referring to was your comment "But if an AV prog (no
help anyway with a trojan...) plus Webroot and S&D missing three common
trojans? My confidence level is nill!

It shouldn't give you a nil confidence level. (because of the difference
between on access & on demand scanners) However as others have pointed out
it may be a false positive. Running two AV programs in on access mode is a
recipe for trouble. It is worth having a second AV as a backup to give a
second opinion though.

Why a "recipe for trouble"? I thought "what one doesn't catch, the
other will".

But, they (three hits) weren't false positives - they were for real,
quite common I believe - and, now they're gone. I'll check the log -I
don't recall the names, now.

I'm not paranoid, I keep a close eye on things and have other security
measures and have a tight lid on my -mail and browser. But I was 'more'
confident before. I didn't believe I had three trojans sitting on the
drive for nearly a year...

No, near as I can tell, they never 'did' anything!

[I still sleep well]

Any thought about my other queston concerning the bookmark issue in Mozilla?

Oh, thanks!

 

[Susan Bugher]

Any thought about my other queston concerning the bookmark issue in
Mozilla?

Use folders? (Bookmark Manager/right click/new folder)

Susan

 

[Gordon Darling]

On Tue, 08 Mar 2005 16:30:02 +0000, Slip Kid wrote:

I'm not paranoid, I keep a close eye on things and have other security
measures and have a tight lid on my -mail and browser. But I was 'more'
confident before. I didn't believe I had three trojans sitting on the
drive for nearly a year...

Sometimes it pays to be paranoid! As they say "Just because you're
paranoid doesn't mean they aren't out to get you"

No, near as I can tell, they never 'did' anything!

[I still sleep well]

Any thought about my other queston concerning the bookmark issue in Mozilla?

Sorry, can't help with that one. I use Opera and the only way I can keep
bookmarks under control is Susan's suggestion of sub folders. It still
gets messy after a while and I have to clean things up!

Regards
Gordon

 

[Slip Kid]

Use folders? (Bookmark Manager/right click/new folder)

Susan

Thank you Susan...That isn't what I had in mind? But I was able to
organize things in but a few folders. Some sites didn't have a 'place'
to go to, but I must have reduced the length of the list by at least 75%.

 

[Susan Bugher]

Thank you Susan...That isn't what I had in mind? But I was able to
organize things in but a few folders. Some sites didn't have a 'place'
to go to, but I must have reduced the length of the list by at least 75%.

That sounds like progress. There always seem to be some bookmarks
that don't fit into my folder categories. FWIW - I use folders named "0"
or "temporary" to stash bookmarks until I can figure out the best place
for them.

Susan

 

[Slip Kid]

That sounds like progress. There always seem to be some bookmarks
that don't fit into my folder categories. FWIW - I use folders named "0"
or "temporary" to stash bookmarks until I can figure out the best place
for them.

Susan

I'm getting a headache...

Hey, I've got a job you'd love. Closets, shelves and a few filing
cabinets.

I'll bet you're the type of person who'd pay me for the opportunity!

 

[Susan Bugher]

On or about 3/10/2005 9:00 AM, Susan Bugher with due consideration,
replied :

I'm getting a headache...

The temporary folders are to hide the clutter. Ever hear of Fibber
McGee's closet?

Hey, I've got a job you'd love. Closets, shelves and a few filing
cabinets.

I'll bet you're the type of person who'd pay me for the opportunity!

hahahahahahahahahahahahahahahahahahaha

I'll take that bet. How much can you afford to lose.

Susan

 

[Slip Kid]

The temporary folders are to hide the clutter. Ever hear of Fibber
McGee's closet?



hahahahahahahahahahahahahahahahahahaha

I'll take that bet. How much can you afford to lose.

Susan

Messy people don't _bother_ to hide clutter...