These two trojans were not fully detected.

Ok I've sent the samples but I also want you guys to be on a lookout for theese files on your system. Theese files are Payload.dat which is dropped in your c:\ by msmsgri32.exe which will be in your taskmanager and located in c:\winnt\system32

Was a bit dissapointed since Symantec got them but oh well.

 

Sorry missed a few points.

The other was:

NTOSKRNL.exe (yes I know it's a valid process and a valid file so don't be alarmed with that, just give it a scan to make sure it's fine....Nod32 detected it as a unknown virus on one system and on the other it was fine...so it looks like some strain has hooked itself into the ntoskrnl.exe)

 

Can you name the virus please?
I want to check to dates of when Nod updated it's files regarding it.

Thanks.

 

Not to sure about the name since it was killed.
Nod32 ID it as an uknown virus.
While the trojan was ID by Symantec as Backdoor.Roxy and the Payload.dat was ID by NOD as Slanper.B Trojan that was only the Payload.dat and NOT msmsgri32.exe (which drops the payload.dat).

 

Sorry again missed a few ponits.
The virus was killed by a symantec on my testbed, I have the log file there but now I am at home and not at work thus unable to check the logs (the machine is a stand alone non networked testbed).

 

Thanks for that.

I noticed that the Backdoor.Roxy gets in through your ports, did you have the XP firewall turned on. And was it up to date with it's patches from windows update?

 

Hi,

>Ok I've sent the samples but I also want you guys to be on a lookout for theese files on your system. Theese files are Payload.dat which is dropped in your c:\ by msmsgri32.exe which will be in your taskmanager and located in c:\winnt\system32

We received some samples, but would it be possible for anyone to send the file that drops the payload.dat - testg says it is "msmsgri32.exe" - to samples@eset.com with cc to support@eset.com with a subject "two trojans were not fully detected".?Zipped, pls.

Thanks,

jan