Win32/TrojanDownloader.Rameh.B trojan

Anyone know about this one?

See URL:

>> http://themexp.ezthemes.com/pcenhance/ss/preview.phtml?blank 17464

Let me know, OK? Thanks.

Charles

 

I don't understand the connection between the trojan you're asking about and the page at themexp you linked to, but here's a thread from the TDS forum here...see Gavin's response. Dunno if that's the kind of info you're looking for. https://www.wilderssecurity.com/showthread.php?t=27747

Also here's some info on trojan droppers: http://www.viruslist.com/eng/viruslist.html?id=58347

 

Sig,

Thanks for those URLs.

Actually, if you d/l the screensaver and allow it to install is when NOD32 notices the problem. I sent this to tech support already but they have not responded and I wanted some of the superior users here to see what was up for me.

I'm enjoying the posts, have d/l'd Kapersky and see now that the screen saver did a bunch more than I thought. Kapersky is seeing something NOD32 didn't, but I may not have had NOD32 set correctly.

Anyway, I'm hoping I can work this out but will continue in the morning.

Thanks for the reply.

 

be sure to set nod to also scan archived/packet files

for some stupid reason it doesnt by default

but kaspersy also har a problem with packed files

i set it to scan them but it says .rar unknown filetype

but atleast it does zipped

 

thecrow,

I remember setting NOD32 to check archives during the original installation. Even with that one set (I'm not real familiar with all of the specialized settings yet), I still got bit. The problem seemed to be that as the screen saver was installing, I got the virus message from NOD32, I cancelled the installation of the screen saver and got into a situation where I couldn't get out of the installation program. It stalled completely at that point and I just shut WinXP Pro down. NOD32 seemed to handle the first quarantine but when a second one appeared, an error occured, according to the log.

Anyway, I think I'm back having loaded my latest image file and I'm coming up clean on my other hard drive. I'm hoping things are back to normal. That'll teach me about opening these free online files. WOW!

Thanks.

Sig,

I was curious about how to notify the online depository of this virus. Would it be worth the effort? Did you try to install the screen saver yourself? Thanks!

Charles

 

If you still have copies of whatever you say KAV found, it sure couldn't hurt to send them along to ESET at samples@nod32.com.

But you may or may not get a response from ESET. And, according to a new thread here by Sir Carew, ESET may or may not add some submissions to its definitions. I don't know what their selection criteria may be.

I didn't mess with the screensaver. Not feeling particularly adventurous although perhaps someone else might want to take the challenge and see what they find.

I know that the ThemeXP site does bundle some of its downloads with adware/spyware, but they specifically note it (with a red asterisk) when that is the case. It appears they do no screening of screensavers so people are on their own when they download them. ThemeXP has a forum so you might want to ask there if anyone else has found any surprises when downloading screensavers there. You can also provide a sort of alert about the one you downloaded. .

 

Why were you downloading from that site anyhow? They set spyware on you and didn't you see the Gator cookies that try to install? There has been a lot talk recently about that site. I avoid it.

 

Mele20,

I was referred to the site for logon boot screens, etc.

Didn't see the Gator cookies indication. What are you using to detect those?

I didn't hear any talk about the site but you can bet I'll be more cautious next time. What's odd is that I had must d/l'd a disk eraser that didn't have all the junk included. I got caught by surprise.

Thanks for you help!

 

Here are two recent threads in the Security forum at my home site dslreports/broadbandreports:

http://www.dslreports.com/forum/remark,9756928~mode=flat
http://www.dslreports.com/forum/remark,10213124~mode=flat?hilite=Theme XP

As for seeing it try to set Gator cookies at that site, I use Firefox or Mozilla about 95% of the time and I have them set to accept cookies for the originating site only and to ask first before accepting. So, I got a popup box asking if I wanted to accept a Gator cookie. Firefox is supposed to reject all third party cookies without asking me so either Firefox goofed (since it asked) or the Gator cookie is a part of themexp and not a third party cookie! Bad site! Used to be ok but not anymore.

You might put my home site http://www.dslreports.com/
or
http://www.broadbandreports.com/
in your favorites. Lots of great information there especially in the Security forum.