Infection: Trojan horse Downloader.Generic9.AQZF
in [Viruses]
|
Prev: VIRUS QUESTION
Next: Ping: David H Lipman
From: David W. Hodgins on 21 Mar 2010 16:00 On Sun, 21 Mar 2010 15:28:40 -0400, Virus Guy <Virus(a)guy.com> wrote: > In this case, the reader wanted to know how Downloader.Generic9.AQZF > might have come to reside on his system. > Knowing how a specific piece of malware got on your system in the first > place is usually of far more interest. Take note of the name. Anytime you see generic, in the name, you can assume it's been detected by heuristics, not a signature. This means that, while it's most likely malware, without examining the binary, there is no way to know what it might have downloaded, or what else it may do, such as opening a back door, etc. Without knowing exactly what it is (not just the type of trojan), there is no way of knowing how the system became infected, or what the full extent of the damage is. Even if you know exactly what trojan is involved, that doesn't necessarily tell you how it was installed. With a true virus, or a worm, you can usually figure out how it got into the system. With a trojan, it may be social engineering, or it may be a drive by download, exploiting the browser, or one of it's plugins. The op needs to learn safe hex, to minimize the chances of getting malware on their system. Simple things like - Don't use an admin account, for anything except installing/updating software. - Don't use Internet Explorer, for any site, except windows update. - Keep all software updated regularly. For keeping track of which software needs updates, one site that can help is http://secunia.com/vulnerability_scanning/online/?task=load (Requires java) While using safe hex doesn't guarantee the system will not get infected, it greatly reduces the chances, and can make the cleanup much easier. Most rootkits require admin access, in order to install. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Dustin Cook on 21 Mar 2010 16:01 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:ho5o1h$d1d$1 @news.eternal-september.org: > "Virus Guy" <Virus(a)Guy.com> wrote in message > news:4BA63FEF.DB097C65(a)Guy.com... > Here, I agree. It would be much better if the important distinctions > were laid out. However, many folks just don't care about the details. Which is why we see so many of them posting here with the same stupid questions over time. They don't want to know the details, they can't prepare to deal with it when it comes again. > ...but it offers a substantial opportunity to educate readers. When the reader is interested in education, and not simply a hand out. Confusing virus with trojan to me is akin to the dummy lights on some older cars. By the time the overheat light came on; something was already broken. The funny noises etc didn't stop the careless driver, and neither did lighting the light. In those cases, when the car dies and refuses to start back is when they begin to pay attention. An often costly mistake. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: ~BD~ on 21 Mar 2010 18:16 The Real Truth MVP wrote: > MS calls them Trojan virus so nobody is wrong or right. > http://support.microsoft.com/kb/129972 > > > Good catch, TRT It states quite clearly:- "Symptoms of worms and *trojan horse viruses* in e-mail messages" -- Dave
From: David H. Lipman on 21 Mar 2010 18:20 From: "~BD~" <BoaterDave(a)hot.mail.co.uk> | The Real Truth MVP wrote: >> MS calls them Trojan virus so nobody is wrong or right. >> http://support.microsoft.com/kb/129972 | Good catch, TRT | It states quite clearly:- | "Symptoms of worms and *trojan horse viruses* in e-mail messages" / And Microsoft is *dead wrong* ! / -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David H. Lipman on 21 Mar 2010 18:28
From: "~BD~" <BoaterDave(a)hot.mail.co.uk> | Good catch, TRT | It states quite clearly:- | "Symptoms of worms and *trojan horse viruses* in e-mail messages" If you take it into conext then it has a different meaning. The sentence isn't stating that a particular malware as a trojan or a virus but is qualifying the email viruese as being trojan horse viruses. Defining a email virus as a Trojan horse Virus is describing the email carrier of the email virus as a trojan horse. It is confusing, yes. But it is "typing" a malware as one or the other but is qualifying the delivery vehicle of the virus, email, as the trojan horse. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |