135.exe

Discussion in 'malware problems & news' started by Dundertaker, Mar 2, 2010.

Thread Status:
Not open for further replies.
  1. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    391
    Location:
    Land of the Mer Lion
    Hi;

    Had an encounter with an "135.exe". I was only informed of it when my firewall Online Armor was alerting me of said program wanting to access the internet. I blocked it and place it in the quarantine of Avira Premium. I also uploaded the file to Avira via the upload feature it has.

    There is still no confirmation of receipt/reply from them in my email up to now.

    I uploaded it to VirusTotal uploader and was shocked to know that it's a backdoor trojan. It is only while I was uploading it to VirusTotal that Avira detect it and gave me an warning. Wow, "Late detection".

    I am wondering why Avira did not detect it the first time. It only detected it as such when from quarantine I uploaded it to VirusTotal. But before I self-quarantined it only Online Armor was the one who alerted me of an unusual behavior.

    I did a full system scan with Avira / Mbam and HitmanPro to check if it's still there. There was no infection whatsoever.

    Next day as I was downloading programs Coretemp / CPU-Z / Superpi / GPU-Z / OCCT for an overclocking project I again was alerted by Online Armor about 135.exe again but blocked it(it's a good thing that I did not changed the OA setting when I have already successfully deleted 135.exe, if not it will only alert me and not block it outight). I ran HitmanPro and it too detected it. Same procedure I did, placed it in Avira quarantine. No alerts frm Avira.

    Afterwards I got an alert from Avira of a Firefox updater-- "TR/Crypt.CFI.Gen" which I learned through VirusTotal is a backdoor trojan. Same thing I did, quarantined it after confirmation it's a virus deleted it.

    Avira missed 135.exe as a virus twice in a row and only after I try to upload it via VirusTotal uploader does it detect it as a "BDS/Zegost.B.465".

    Surely I must have caught this as I was downloading the software (from their respective sites) but how can I prevent my system from re-infection?

    The 2 episodes showed Avira as "late" in detecting it.

    What is:

    (a) Firefox updater-- "TR/Crypt.CFI.Gen"
    (b) 135.exe -- "BDS/Zegost.B.465"

    What can I further do to make sure it would not bypass Avira again?

    I'll stay me settings for Online Armor Premium to automatically block it if get's in my system and try to access the internet again.



    I use Sandboxie paid all the time when surfing what may I do to prevent it from getting into C:\Windows? I have placed C:\Windows in the Resource Access>File Access>Read-Only of my sandbox. I have also Drop my rights enabled.

    What measures can I do to prevent such backdoor trojans?

    Regards!
     
    Dundertaker, Mar 2, 2010
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...