A Trojan from one of the websites that I was at, or from my computer?

Discussion in 'malware problems & news' started by RCGuy, Jun 18, 2006.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Earlier this morning, my AOL Spyware Protection anti-spyware program alerted me on a trojan that it had detected. It listed the Name of the trojan was as InfoStealer and when I clicked on the plus sign next to InfoStealer to get more information about this trojan, this appeared:

    hkey_current_user \soft ware\microsoft\internet explorer\main

    Also, during the time that I was alerted about the trojan, I had a webpage opened at a message board, I was also writing a Note in my Yahoo e-mail account, plus, I had a webpage opened at dictionary.com where I had just looked up a word. Now what I would like to know is: Could I have gotten the trojan from one of the websites that I was at, or is it more likely that my computer is infected with a trojan(s) and it(or one of them) decided to rear it's ugly head this morning?
     
  2. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, I know the difference between a trojan and a virus, but I'm just wondering if what I was inquiring about in this thread:

    Help! I have a virus that my McAfee program couldn't zap!

    has anything to do with the trojan that showed up on my computer this morning. Any help or feedback would be appreciated.
     
  3. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    While I'm waiting for some feedback, could someone let me know whether or not it's a good idea that I post a hijack log at a forum that analyzes hijack logs? Also, I have a rather "unique" question about trojans(or perhaps it's not so unique ;) ), but I've noticed that on other occasions when my computer has been infected with something, during boot up after the first disk drive screen comes up and between the period before the second screen(or it could be the third screen) comes up and the screen is black momentarily, I see a kind of reddish orange screen flashby real quick within a split second before the next regular screen comes up. It's almost like it's hidden in that little area between the regular screens, however, it becomes slightly exposed during the boot up process. Has anyone here ever experienced that reddish orange screen or ever heard of it? Also, when my computer is clean or has just came back from the repair shop, I don't see that reddish orange screen flash by during boot up. I only see it after I've had an infection of some kind on my computer.
     
  4. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    By the way, this just in: I just completed a Trend Micro scan and there was a Windows Registry suspect found which turned out to be a TSPY_AnalogXProxy Trojan.(AnalogX being the company that makes CookieWall.) Also, when I clicked on more information about this infection, I got this:

    http://img161.imageshack.us/img161/7714/resizedanalogxproxytrojan8su.jpg

    Therefore, I guess the conclusion can be made that this is probably where the trojan that I had on my computer came from, plus, AnalogX can probably be deemed as a rogue anti-spyware site.
     
    Last edited: Jun 19, 2006
  5. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, I just tried to uninstall CookieWall and got a dialogue box that said:

    "Unable to find previous installation; files could not be removed." :rolleyes:
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    I think what you got is a false positive. Could be wrong, don't think so though. And when Trend dealt with the "trojan". That f'd up the uninstall of the program.
     
  7. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Well, AnalogX/CookieWall is a goner now. I manually deleted all the files and folders associated with AnalogX and CookieWall from my computer.(Didn't really like the program all that much anyway.) Also, in regards to the trojan that my AOL Spyware Protection detected, my AOL SP actually blocked it, but I'm wondering if I should actually delete the trojan in order for it to "be the end of the matter" as mentioned in this similar thread: Trojan blocked
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Can you give the full and complete file path of the file found?

    The only info given was the name of the trojan and the following Reg Key:-

    hkey_current_user \software\microsoft\internet explorer\main

    As it happens, that Key can be attacked by malware, 'cos it has values relating to Search Page, Start Page, Local Page etc., all of which Spyware like to change. But the Key certainly isn't malware in itself!
     
  9. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hi, Topper. Well, I'm not sure. That's the only information that I saw when my AOL SP blocked the trojan. Is there anywhere else where I could look to find this information? Also, would it help for me to post a hijackthis log at one of the forums that analyzes them?
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I have never used AOL SP and therefore cannot help with it; but if there is a records/log or quarantine section, that is where you would look.
    You would only do that if you had reason to believe you have an active infection that required identification and removal. That does not seem to be so in your case.
     
  11. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Well, unfortunately, AOL SP's "Blocked Items" section doesn't provide anymore information than that.

    But I thought with trojans, you really don't know. I was always under the impression that some of them could sometimes slip through a person's best line of defenses and could be hidden on one's computer, either dormant or secretly doing what it was programmed to do.
     
    Last edited: Jun 24, 2006
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Plus, the fact that, "I had a webpage opened at a message board, I was also writing a Note in my Yahoo e-mail account, plus, I had a webpage opened at dictionary.com where I had just looked up a word," when my AOL SP detected and blocked the trojoan, does actually lead me to believe that I may have an active infection and that the trojan came from somewhere hidden inside my computer. Unless of course, it came from either the message board that I was at, my Yahoo e-mail account, or dictionary.com.(Which actually was my original question in this thread.)

    I don't think it came from either of the three, unless of course, there are things about these three websites that I don't know about. :eek:
     
  13. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    582
    Location:
    South Carolina, USA
    if i had a file that was flagged as malware, i would want to determine whether or not it was a false-positive..

    the aol antispyware is some version of etrust's pestpatrol.. both pestpatrol and trendmicro's antispware are prone to flag false-positives..

    no matter what was flagged by whatever program, i would want to determine whether or not it was a false-positive..

    i trust analog-x, but, for a "cookie wall", i think you should use the cookie settings in IE/tools/options/privacy..

    you can do scans with other programs and see if they flag anything.. you could scan with adaware, spybot, ewido, a-squared, trojanhunter..superantispyware..spyware doctor.. kaspersky's online-scanner..

    i don't think very highly of pestpatrol, and i think that that is what aol's antispyware is.. i heard that it will only remove regkeys while not removing the malware-files..
     
  14. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Thanks for the info, Redwolfe. And it might have been a false positive because I have already scanned with some of the other scanners that you mentioned and nothing has showed up.
     
  15. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    RedWolfe, you are right about AOL Spyware Protection and eTrust PestPatrol:

    PestPatrol Helps AOL Stomp Spyware

    Also, even though this recent trojan alert may have been a false positive, I just noticed what you said about how AOL's antispyware only removes the regkeys and not the malware-files, therefore, as I mentioned in another thread that I recently posted:

    Help! I have a virus that my McAfee program couldn't zap!

    for peace of mind, I think that I'm going to go ahead and post a hijackthis log at one of the forums. Especially in view of the fact that recently, my internet has been stalling a lot and has been acting kind of strange.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.