ewido and Trojan and spyware problems

Discussion in 'ewido anti-spyware forum' started by privateperson, Nov 2, 2005.

Thread Status:
Not open for further replies.
  1. privateperson

    privateperson Guest

    Ewido found the following in mt PC C:\Documents and
    Settings\myname\Local Settings\Temporary Internet Files\Content.IE5\ TrojanDownloader.Inor.a :

    Can trojan s execute from the temp int files.There was nothing found in egistry.I searched here and at spywareguide and could not find any reference to this or chitika also found
     
    privateperson, Nov 2, 2005
    #1
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It's possible, however it won't happen on it's own. It would probably need a script to exploit a vulnerability that would execute it. It is also very possible that it managed to download but never run, or ran but the location of the trojans it tries to download were blocked. I would definitely do some more scans, however.. there are plenty of free online scans available in the second link in my sig :)
     
    Notok, Nov 2, 2005
    #2
  3. privateperson

    privateperson Guest

    Well it is deleted now and so is CHitika. I was unable to googler much about either and chititka is claimed as a false positive.Thanks
     
    privateperson, Nov 2, 2005
    #3
  4. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    peter.ewido, Nov 3, 2005
    #4
  5. privateperson

    privateperson Guest

    I surfed the same sites to see if I would get hit again. I did Chitika spyware is a JScript Script File.I was afraid to run it from temp files and cannot see in properties where it came from. How could I find out safely where it came from.

    And is it correct that maware cannot run from within system restore. Do I have do disable System restore each time I find malware and reboot and turn on sys restore

    Thanks for replies
     
    privateperson, Nov 3, 2005
    #5
  6. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    As far as I know, there isn't any yet that will run from SR.
    Malware may get "backed up" into SR - BTW, anything in the TIF folder will not. That's the reason for the recommendation to turn SR off/on. BUT, if its a reletively minor infection, in my opinion you should not clear restore points, that infection can be dealt with again. If you run into a far larger problem and no restore points to fall back on, you're up the creek.

    Regards - Charles
     
    zcv, Nov 3, 2005
    #6
  7. privateperson

    privateperson Guest

    Thanks for tip re TIF and SR. Much appreciated
     
    privateperson, Nov 4, 2005
    #7
  8. privateperson

    privateperson Guest

    privateperson, Nov 4, 2005
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...