Beef/It.up
September 11th, 2005, 11:48 PM
SUBJECT: Trojan.Flush.E
aka: <hgqhp >exe<
SEE: http://securityresponse.symantec.com/avcenter/venc/data/trojan.flush.e.html
Comment:
After well near two decades of surfing the internet nothing has ever bypassed the security setup on computers used by me......until tonight that is. An did the bypassing with grace and charm.
The above mention Trojan totally bypassed every security product installed. The firewall.....anti trogan scanner.....anti virus.....script detectors.....and much more. But thats not what this post is about. After being infected.....before the trojan changed its colors> (this trojan installs itself as <yaemu>exe<> and then changes to <hgqhp>exe<.......I decided to do alittle testing. But only after reading countless posts both pro and con on A2 free and AVG free.........so, both programs were installed and updated......(before shuting the computer down which would have "changed the trojan) the trojan was then allowed to complete its install..... then both programs were given the chance to clean the mentioned trojan.......nither A2 or AVG was even able to notice the trojan much less clean it. Both failed.
For the heck of it adaware was also run an it too did not notice the trojan.
Its possible that other anti trojan and anti virus programs may not notice it as well so this is not a finger pointing at A2 or AVG......its just a simple report........yes, I do use shareware anti virus and trojan scanners but felt it would not be fair to test shareware against freeware....therefore, no scans were done using shareware programs. They may have failed as well....could be.
To remove the trojan I used HijackThis......which worked very well.
There remains the question of how the trojan bypassed all security and entered. Using internet explorer with File Download disabled....activeX disabled....Java disable...no java applets.........the only program download tonight was autoclose....it was fully scanned prior to testing and junking.
No more comments will be posted by me regarding this matter. Just want to post an alert.
aka: <hgqhp >exe<
SEE: http://securityresponse.symantec.com/avcenter/venc/data/trojan.flush.e.html
Comment:
After well near two decades of surfing the internet nothing has ever bypassed the security setup on computers used by me......until tonight that is. An did the bypassing with grace and charm.
The above mention Trojan totally bypassed every security product installed. The firewall.....anti trogan scanner.....anti virus.....script detectors.....and much more. But thats not what this post is about. After being infected.....before the trojan changed its colors> (this trojan installs itself as <yaemu>exe<> and then changes to <hgqhp>exe<.......I decided to do alittle testing. But only after reading countless posts both pro and con on A2 free and AVG free.........so, both programs were installed and updated......(before shuting the computer down which would have "changed the trojan) the trojan was then allowed to complete its install..... then both programs were given the chance to clean the mentioned trojan.......nither A2 or AVG was even able to notice the trojan much less clean it. Both failed.
For the heck of it adaware was also run an it too did not notice the trojan.
Its possible that other anti trojan and anti virus programs may not notice it as well so this is not a finger pointing at A2 or AVG......its just a simple report........yes, I do use shareware anti virus and trojan scanners but felt it would not be fair to test shareware against freeware....therefore, no scans were done using shareware programs. They may have failed as well....could be.
To remove the trojan I used HijackThis......which worked very well.
There remains the question of how the trojan bypassed all security and entered. Using internet explorer with File Download disabled....activeX disabled....Java disable...no java applets.........the only program download tonight was autoclose....it was fully scanned prior to testing and junking.
No more comments will be posted by me regarding this matter. Just want to post an alert.