Piylzq2tOn: what is this?
in [Viruses]
|
Prev: spybot registey change notice
Next: bios virus
From: ijones on 8 Jul 2008 16:52 >What AV software are you using ? I'm using NOD32 v.3 thanks for your news
From: David W. Hodgins on 8 Jul 2008 17:09 On Tue, 08 Jul 2008 15:52:31 -0400, <ijones(a)togliinterfree.it> wrote: > Avast 4.8.1195.0 2008.07.08 Win32:Dialer-JC > CAT-QuickHeal 9.50 2008.07.08 TrojanDownloader.Agent.spb Ouch. Looks like you're using an adsl connection. Hopefully you don't have a dialup modem connected to the phone line in the computer. If you do, you may have a problem with your phone bills. I'd start by installing Spybot Search & Destroy from http://www.safer-networking.org/en/download/index.html Download, install and run the program, download and install the updates, then have it scan. It has a good history for dealing with diallers and downloaders. I'm surprised that some of the "better" av scanners like Kaspersky didn't flag it. No telling what else the downloader part of the trojan may have installed. Ideally, you should back up any important data, wipe the drive, and switch to a more secure os. If you decide to reinstall windows, make sure you have a router between the computer and the net, to protect it until you can reinstall all of the updates. If you don't want to wipe the drive, it's probably a good idea to use David Lipman's Mult-av. See http://groups.google.ca/group/comp.security.misc/msg/44b220e258f61904? Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: David H. Lipman on 8 Jul 2008 17:15 From: <ijones(a)TOGLIinterfree.it> >>What AV software are you using ? | I'm using NOD32 v.3 | thanks for your news Unfortunately it looks like Eset doesn't have signatures for this pr0n dialer. You might want to send a sample to Eset by placing the EXE in a pssword protected ZIP file with the password being; infected. { password = infected } sample(a)nod32.com -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David W. Hodgins on 8 Jul 2008 17:52 On Tue, 08 Jul 2008 17:15:51 -0400, David H. Lipman <DLipman~nospam~@verizon.net> wrote: > You might want to send a sample to Eset by placing the EXE in a pssword protected ZIP As nod32 is used by virustotal, wouldn't submitting a copy there automatically get a copy sent to all of participating av companies? Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: David H. Lipman on 8 Jul 2008 18:28
From: "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> | On Tue, 08 Jul 2008 17:15:51 -0400, David H. Lipman <DLipman~nospam~@verizon.net> | wrote: >> You might want to send a sample to Eset by placing the EXE in a pssword protected ZIP | As nod32 is used by virustotal, wouldn't submitting a copy there automatically get | a copy sent to all of participating av companies? | Regards, Dave Hodgins There's a delay factor. Julio does send samples to participating companies but, enmasse. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |