SubSARI?

Discussion in 'malware problems & news' started by Steff Wiltersen, Feb 24, 2002.

Thread Status:
Not open for further replies.
  1. When I scanned my computer for trojans, I found a trojan on my harddrive. The name on the trojan, was SubSARI.
    Do you no about this trojan? Is this a dangerous trojan? And what meaning have the word "SARI"?

    Thanks for all help!

    -Steff
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Steff - Welcome to the forum!

    A little info here: http://www.safersite.com/PestInfo/S/Subsari.asp . Pete
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Steff,

    In addition to Pete's reply:

    You didn't mention what software you have been using to detect this one. Be sure to remove/delete the malware from your system.

    After doing so, change all passwords. Although your system has been cleaned, passwords most probably are known by several, and thus can be abused.

    Finally: practicing safe computing  will avoid infections like these. Any idea how it ended up in your system?

    regards.

    paul
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    BOClean found Subsari on my drive while I was installing Editpad lite.
    According to both Kevin McAleavy and Jan Goyvaerts of JGSoft this was a false positive because of BOClean somehow misjudging the Editpad installer.

    As usual Kevin was lighntning fast in providing a fix, which entailed editing BOClean.ini, but unfortunately, whatever we tried, we couldn't get BC to accept Editpad.

    However, I hasten to add, this is the only false positive I've ever had with BOClean.

    Otherwise it's proved failsafe and completely reliable.

    Greetz,  Tony
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for the info, Tony  ;)

    regards.

    paul
     
  6. FanJ

    FanJ Guest

    Hi Tony,

    A big, warm welcome !  :)
    It's very nice that you visit the forum!!!

    And thanks for the info with respect to BOClean and Editpad Lite. Yep, Kevin always tries to help you; absolutely first class customer support.

    Cheers, Jan.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Hi Jan and Paul,

    Thanks for the warm welcome!

    I've been in and out, checking this place out, and I must say you guys have done a  fine job!.

    It looks great, and you seem to have gathered an absolutely first rate band of moderators and regulars.

    Although I've always been interested in everything concerning computer security,  I still feel very much the newbie in this respect, and I'll be sure to drop by regularly to deepen my understanding of these matters.

    About the SubSARI issue,  I'm sure we'd have cornered it in the end,  if we'd kept at it,  but it wasn't that important to me, and I decided to install Notepad lite instead, which BOClean didn't object to...:)

    Cheers,  Tony
     
  8. FanJ

    FanJ Guest

    Thanks Ton !  :)

    Please be assured I have very much respect for the way you are helping others!

    Cheers, Jan.
     
Thread Status:
Not open for further replies.