Trojan - Poebot.Explorer

P

Pike

Hello,

Giant Anti-Spyware (must be similar to MS beta,they bought company) has
picked
up this trojan but only when connected to AOL.It points to the AOL
'server.lock' file.
Giant cannot seem to quarantine nor remove this thing.
It is not picked up by Ad-Aware pro,Kaspersky Anti-Virus Personal
Pro,Macafee anti-virus.
Anyone have any knowledge of this trojan and how to permanently remove it.

Thanks in advance for any help

Wxp/sp2 with latest security updates.
 
D

David H. Lipman

From: "Pike" <[email protected]>

| Hello,
|
| Giant Anti-Spyware (must be similar to MS beta,they bought company) has
| picked
| up this trojan but only when connected to AOL.It points to the AOL
| 'server.lock' file.
| Giant cannot seem to quarantine nor remove this thing.
| It is not picked up by Ad-Aware pro,Kaspersky Anti-Virus Personal
| Pro,Macafee anti-virus.
| Anyone have any knowledge of this trojan and how to permanently remove it.
|
| Thanks in advance for any help
|
| Wxp/sp2 with latest security updates.
|


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Please submit 'server.lock' to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 16 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

* * * Please post back the EXACT results. * * *
 
P

Pike

Thanks Dave,

Here is result of scans:

Antivirus Version Update Result
AntiVir 6.30.0.7 03.31.2005 no virus found
AVG 718 03.31.2005 no virus found
BitDefender 7.0 03.31.2005 no virus found
ClamAV devel-20050307 03.31.2005 no virus found
DrWeb 4.32b 03.31.2005 no virus found
eTrust-Iris 7.1.194.0 04.01.2005 no virus found
eTrust-Vet 11.7.0.0 03.31.2005 no virus found
Fortinet 2.51 03.31.2005 no virus found
F-Prot 3.16a 03.31.2005 no virus found
Ikarus 2.32 03.21.2005 no virus found
Kaspersky 4.0.2.24 04.01.2005 no virus found
McAfee 4459 03.31.2005 no virus found
NOD32v2 1.1042 03.31.2005 no virus found
Norman 5.70.10 03.31.2005 no virus found
Panda 8.02.00 03.31.2005 no virus found
Sybari 7.5.1314 04.01.2005 no virus found
Symantec 8.0 04.01.2005 no virus found


Giant/MS is researching it using the logs I sent them.Will post back
when I hear something.

Steve
 
D

David H. Lipman

From: "Pike" <[email protected]>

| Thanks Dave,
|
| Here is result of scans:
|
| Antivirus Version Update Result
| AntiVir 6.30.0.7 03.31.2005 no virus found
| AVG 718 03.31.2005 no virus found
| BitDefender 7.0 03.31.2005 no virus found
| ClamAV devel-20050307 03.31.2005 no virus found
| DrWeb 4.32b 03.31.2005 no virus found
| eTrust-Iris 7.1.194.0 04.01.2005 no virus found
| eTrust-Vet 11.7.0.0 03.31.2005 no virus found
| Fortinet 2.51 03.31.2005 no virus found
| F-Prot 3.16a 03.31.2005 no virus found
| Ikarus 2.32 03.21.2005 no virus found
| Kaspersky 4.0.2.24 04.01.2005 no virus found
| McAfee 4459 03.31.2005 no virus found
| NOD32v2 1.1042 03.31.2005 no virus found
| Norman 5.70.10 03.31.2005 no virus found
| Panda 8.02.00 03.31.2005 no virus found
| Sybari 7.5.1314 04.01.2005 no virus found
| Symantec 8.0 04.01.2005 no virus found
|
| Giant/MS is researching it using the logs I sent them.Will post back when I hear
| something. |


I think then there is a high probability that Giant SW made a False Positive declaration.
 
P

Pike

David H. Lipman said:
From: "Pike" <[email protected]>

| Thanks Dave,
|
| Here is result of scans:
|
| Antivirus Version Update Result
| AntiVir 6.30.0.7 03.31.2005 no virus found
| AVG 718 03.31.2005 no virus found
| BitDefender 7.0 03.31.2005 no virus found
| ClamAV devel-20050307 03.31.2005 no virus found
| DrWeb 4.32b 03.31.2005 no virus found
| eTrust-Iris 7.1.194.0 04.01.2005 no virus found
| eTrust-Vet 11.7.0.0 03.31.2005 no virus found
| Fortinet 2.51 03.31.2005 no virus found
| F-Prot 3.16a 03.31.2005 no virus found
| Ikarus 2.32 03.21.2005 no virus found
| Kaspersky 4.0.2.24 04.01.2005 no virus found
| McAfee 4459 03.31.2005 no virus found
| NOD32v2 1.1042 03.31.2005 no virus found
| Norman 5.70.10 03.31.2005 no virus found
| Panda 8.02.00 03.31.2005 no virus found
| Sybari 7.5.1314 04.01.2005 no virus found
| Symantec 8.0 04.01.2005 no virus found
|
| Giant/MS is researching it using the logs I sent them.Will post back
when I hear
| something. |


I think then there is a high probability that Giant SW made a False
Positive declaration.

You were correct.Here is Giant response:

'This appears to be a false positive. A bug in Giant AntiSpyware is
detecting the PoeBot worm when it is not really present. You can safely
ignore any warnings you should receive.'

Thanks again.
Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top