Prev: antivir za win98
Next: Ping: David Kaye
From: Jenn on 22 Apr 2010 23:04 See below.. I put all your definitions together (thanks, btw) to see if I could make sense of it all... I do understand what Malware is now. >Malware: >Ant: Malware is a shortening of "malicious software" and includes both the >above and any other terms people use for this stuff. > >Dustin:Malware is a general classification for all of them. > >FromTheRafters: Malware is a sort of contraction for malicious software. It >doesn't >matter what *kind* of malicious software. Software is both code and >data, you can have maliciously crafted data as well as maliciously >applied "programs". > --- So far I understand this about Virus's......... >Virus: >Ant says: A virus infects other files so it can spread (like the biological >virus). --- This part I'm confused about. How does it replicate and why?... what's an appender/prepender/cavity infector? >Dustin: A virus replicates it's own code either into your programs, >documents, >html, or by companion (.com files will execute before .exes; so a >companion virus would pick the name notepad.com, and leave your >notepad.exe). An appender, prepender or cavity infector on the other hand >will modify your notepad.exe and not create a seperate .com file. ------------ >Trojan: >Ant: A trojan is something you wouldn't want pretending to be something >harmless or that you might want (like the famous horse of Troy). It >doesn't spread by file-infection. > >Dustin: A trojan is a program which claims to do one thing, but does >something >else; often without the user knowing. ok.. I understand the first 2 comments above... Below.. I'm kind of not understanding..... >FromTheRafters: A trojan is a program that does something undesired by the >user, instead >of or in addition to what the users desires. One such 'trojan' has a >unique feature, the 'undesired' aspect can replicate itself - and can >infect other programs with the replicant, thus making them trojans as >well. Because of the replication and infection properties (generating >trojans as it goes about), emergent behavior (and the ability to >"evolve" or polymorph) makes it worthy of its own classification. >So...we call it a virus - and leave the term trojan to cover the >non-replicators. >As far as I can tell, the current thinking is: >It is a trojan, unless it self-replicates, in which case it is called a >virus, unless it doesn't *need* to infect programs in order to replicate >and spread, in which case it is a worm. > >It bears keeping in mind that just because something is undesired, >doesn't make it *malicious*. Just because something replicates, doesn't >mean it is *malicious*. Just because it infects, doesn't make it >*malicious* (but you would be hard pressed to find an example of >non-malicious infection). -- Jenn (from Oklahoma)
From: Jenn on 9 May 2010 00:22 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message news:hqs1gd$lj1$1(a)news.eternal-september.org... > "Jenn" <nope(a)noway.atnohow.anyday> wrote in message >>>It is a trojan, unless it self-replicates, in which case it is called a >>>virus, unless it doesn't *need* to infect programs in order to replicate >>>and spread, in which case it is a worm. >>> >>>It bears keeping in mind that just because something is undesired, >>>doesn't make it *malicious*. Just because something replicates, doesn't >>>mean it is *malicious*. Just because it infects, doesn't make it >>>*malicious* (but you would be hard pressed to find an example of >>>non-malicious infection). > > Is there anything specific in there that you want claified? > Have you heard of something called: Trojan.Dropper ? What is it? One of the computers I use had it on there but Malwarbytes got rid of it. -- Jenn (from Oklahoma)
From: ~BD~ on 9 May 2010 02:49 Jenn wrote: > "FromTheRafters"<erratic(a)nomail.afraid.org> wrote in message > news:hqs1gd$lj1$1(a)news.eternal-september.org... >> "Jenn"<nope(a)noway.atnohow.anyday> wrote in message > >>>> It is a trojan, unless it self-replicates, in which case it is called a >>>> virus, unless it doesn't *need* to infect programs in order to replicate >>>> and spread, in which case it is a worm. >>>> >>>> It bears keeping in mind that just because something is undesired, >>>> doesn't make it *malicious*. Just because something replicates, doesn't >>>> mean it is *malicious*. Just because it infects, doesn't make it >>>> *malicious* (but you would be hard pressed to find an example of >>>> non-malicious infection). >> >> Is there anything specific in there that you want claified? >> > > > Have you heard of something called: Trojan.Dropper ? What is it? One of > the computers I use had it on there but Malwarbytes got rid of it. > Hi Jenn :) A Trojan.Dropper is a type of Trojan whose purpose is to deliver an enclosed payload onto a destination host computer. A dropper is a means to an end rather than the end itself. In other words, the dropper is usually used at the start or in the early stages of a malware attack. Once a dropper is executed, its own code is simply to load itself into memory and then extract the malware payload and write it to the file system. It may perform any installation procedures and execute the newly dropped malware. The dropper usually ceases to execute at this point as its primary function has been accomplished. Droppers are used by malware creators to disguise their malware. They create confusion amongst users by making them look like legitimate applications or well known and trusted files. They may also perform actions that mislead the user into thinking that nothing untoward is happening on the computer when in fact the Trojan may have already dropped and executed other malicious software. HTH -- Dave - the wording was borrowed! ;-) http://www.symantec.com/security_response/writeup.jsp?docid=2002-082718-3007-99
From: FromTheRafters on 9 May 2010 06:36 "Jenn" <nope(a)noway.atnohow.anyday> wrote in message news:hs5dcp$b7v$1(a)news.eternal-september.org... > > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hqs1gd$lj1$1(a)news.eternal-september.org... >> "Jenn" <nope(a)noway.atnohow.anyday> wrote in message > >>>>It is a trojan, unless it self-replicates, in which case it is >>>>called a >>>>virus, unless it doesn't *need* to infect programs in order to >>>>replicate >>>>and spread, in which case it is a worm. >>>> >>>>It bears keeping in mind that just because something is undesired, >>>>doesn't make it *malicious*. Just because something replicates, >>>>doesn't >>>>mean it is *malicious*. Just because it infects, doesn't make it >>>>*malicious* (but you would be hard pressed to find an example of >>>>non-malicious infection). >> >> Is there anything specific in there that you want claified? >> > > > Have you heard of something called: Trojan.Dropper ? What is it? > One of the computers I use had it on there but Malwarbytes got rid of > it. Trojan.Dropper can refer to the initial non-replicating trojan that drops a virus (for instance a germ file that pretends to be a screen saver) or one that drops another non-replicating malware instance. Something like a trojan downloader except that instead of downloading and executing the additional malware it carries it within itself as a deliverable payload.
From: Jenn on 9 May 2010 11:21
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message news:hs636u$qhk$1(a)news.eternal-september.org... > "Jenn" <nope(a)noway.atnohow.anyday> wrote in message > news:hs5dcp$b7v$1(a)news.eternal-september.org... >> >> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message >> news:hqs1gd$lj1$1(a)news.eternal-september.org... >>> "Jenn" <nope(a)noway.atnohow.anyday> wrote in message >> >>>>>It is a trojan, unless it self-replicates, in which case it is called a >>>>>virus, unless it doesn't *need* to infect programs in order to >>>>>replicate >>>>>and spread, in which case it is a worm. >>>>> >>>>>It bears keeping in mind that just because something is undesired, >>>>>doesn't make it *malicious*. Just because something replicates, doesn't >>>>>mean it is *malicious*. Just because it infects, doesn't make it >>>>>*malicious* (but you would be hard pressed to find an example of >>>>>non-malicious infection). >>> >>> Is there anything specific in there that you want claified? >>> >> >> >> Have you heard of something called: Trojan.Dropper ? What is it? One of >> the computers I use had it on there but Malwarbytes got rid of it. > > Trojan.Dropper can refer to the initial non-replicating trojan that drops > a virus (for instance a germ file that pretends to be a screen saver) or > one that drops another non-replicating malware instance. Something like a > trojan downloader except that instead of downloading and executing the > additional malware it carries it within itself as a deliverable payload. > To both BD and Rafter... It did behave like it was asking me to install a virus program, which I didn't respond to anything except X out of the window... it wouldn't let me run malwarebytes initially so I rebooted into safe mode, did a restore point that was a few weeks ago, and booted normally... then I could run malwarebytes... and if found the trojan.dropper and it deleted it. I rebooted again ... and ran malwarebytes a 2nd time and nothing was found. That was yesterday afternoon. Last night I did an update on malwarebytes to make sure I had the most recent version and then did a 3rd scan and nothing showed up. Could I have gotten that from a link I opened that had a malvertizement in it? -- Jenn (from Oklahoma) |