Windows Defender Beta 2 and Win32!Lager

[Guest]

Using latest version of Defender and lates Signature-updates but
unfortunately the Trojan Win32!Lager will not be recognized. (Infected Files
stored in systemroot/system32 are "TASKDIR.EXE", "zlbw.dll", "winsub.xml".
This Trojan may also be known as "Downloader".
This trojan can be removed by deleting this files and cleaning the registry
(XP-Pro-SP2, all updates) HKLM/..../Run. Also the entry in
%systemroot%/Prefetch must be deleted. Before this disable Systemrecovery.
greetings
Harry

 

[Joe Faulhaber[MSFT]]

Hi Harry,

Thanks for the report. Can you follow the spyware submission instructions
in the help to make sure we have your samples if you still have them?
Also, what AV are you running? Usually, flat out malware like this is in
your AV signatures.

Thanks for trying Windows Defender,
Joe

 

[Guest]

Hi Joe,

Thanks for your reply. As AV I am using eTrust from ComputerAssociates v7.1
German, updated twice a day from the ftp location of CA. The people there
told me, that this is a Trojan and will not be recogniced from the software,
i have to use Pest Patrol or update to Integrated Thread Management software
(v8.0) which is the lates release.

I will submit the files in question within the next few days.

Thanks again and have a nice weekend

Greetings Harry

 

[Guest]

Hi Joe;

So now I am back again and have the samples of this trojan within a *.zip
archive. There must be another file, responsible for this "taskdir.exe" cause
after having cleaned the machine, some days later on this thing was back
again.

Now I will send the files in question to the MD-Team.

Thanks and have a nice weekend

regards Harry