trojan sample

i have sent a sample of trojan to submit@diamondcs.com.au and i have got a response from them that they will add this detection today so were i can see that they had added that detection

 

Hi,

Once you have the latest database (it is on its way to the update sites now) then just click Help > Primary List

If I'm right then you submitted that legitimate looking program which also included a nasty in it - TrojanDownloader.Win32.VB.aa

This was added, as was detection for the installer since it is a dropper, AND the program also dropped an adware type of program known as TrojanClicker.Win32.WinPup.d (2 copies of it actually). These should be detected when you update and you can remove them.

Thanks again for your submission

 

Well done Melissa! Have a nice Karma cookie for your trouble

 

hey thanks for your reply . but this trojan was first detected by kaspersky anti virus in dec 2003

 

Hi Melissa,

It doesnt seem like a major danger, since it is actually adware. Its nice to know that you use Kaskersky AV though, since its one of only 2 AV software i recommend to people I know

Again, thanks for sending us a copy of it to add to the detection list. The reason I didnt get one sooner is simply that antivirus companies receive more submissions than anyone, and all the very common malware. This is fast becoming adware and its amazing to see how much of it gets on nearly every PC. Any shop which sells a PC should really have information on how to stop adware junk from sites and/or offer after sales help. Does ANY ISP include Spybot S&D or AdAware on their free CD's yet ?

 

No Gavin, we'll recommend they include TDS-4 evaluation with a large ad-spyware detection database in that so let everybody submit their nasties for your collection!

For that i would like an extra administrative tool logging or flagging which files we submitted already via the submission tool and decided to keep on your system as they're still there. It could ease finding them back if submission answer is "all clean" or "remove immediately!", where we could click a switch if we keep it if we want, whatever.

 

Its getting to the point where that SHOULD be done, to help new users who have a default setup. Just scripting and ActiveX enabled by default means soon after getting online many adware programs are on the PC just from using it normally, browsing a few sites

 

From my experience, A lot suppliers appear to install spys as part of their & their "partners" marketing processes

 

True:
to be able to visit my ISP's sites i need to allow every security risk with flash and java and scripting and activeX and cookies and banners and animation and browser header reference and and and oh and some settings more in the browser and ... etc else i only might see just an empty page with the addressbar. And i'm sure lots of files and cookies after that. So better added them to my trusted zone, saves lots of work.