A trojan variant?

It was suggested in the Wilders TDS3 forum that maybe NOD would want to know about this. It may or may not be a Trojan variant. NOD32 said that both the original file [zipped though] & also that the executable within the zipfile were OK after being scanned. BTW, NOD had been updated on the previous day, & I run Win98SE.

Well anyway, they weren't OK, I became suspicious when the executable "disappeared" from its folder, and WinPatrol alerted me to this, and allowed me to remove a very suss-sounding running program & a restart command. So then I performed a full system scan with NOD - & NOD reported 5 Trojans & deleted them for me.

It would be easier if you had a look here -

https://www.wilderssecurity.com/showthread.php?t=42414

cos that's where all the relevant info is - & then let me know if Eset would want the original zipfile submitted before I nuke it forever. The Trojan was added to TDS database today.

 

I'm in trouble now & need some help. When performing a C:\ drive scan with TDS3, AMON popped up with a virus warning. TDS3 had again found the same file & said it couldn't read it cos it was locked. So I was pretty happy that AMON was riding to the rescue, or so I thought.

Sorry, I didn't do a screen capture, but that's easily arranged if nec.
This is what AMON said -

NOD32 A/V System warning:AMON – A/V monitor.
Virus detected.

Virus Information
File: C:\program files\defence\xDynamic\TDS.Unpk\Osama Dead.exe
Virus: Win32/Hackarmy .Z trojan
Comment: AMON cannot clean this infiltration. Error while deleting. Error while renaming. Event occurred on a newly created file

Told AMON to quarantine the file & it didn’t say anything. But when I closed the Virus warning, I got another popup with “Error occurred when quarantining file"

So can AMON assist me with this at all, cos right now it sure doesn't look like it.

 

If you browse to C:\program files\defence\xDynamic\TDS.Unpk\ you might find that Osama Dead.exe has already been deleted. Not sure why NOD32 gets its knickers in a twist like this sometimes. It happened to me a lot last time a load of trojans were found.

http://uberish.fastmail.fm/1.jpg

 

Dee,
do you use the latest beta with the HTTP scanner to deny the possibility that the trojan comes from the Internet?

 

It seems I should turn off NOD32 before I scan with TDS3, and then re-enable it. I didn't know this, but I've never had a virus or other malware before & this is going to be my last.

Have submitted the file to Nod32 as suggested in the TDS forum, hope they don't mind.

And no, I don't use the beta version, I have no inflated ideas of my skills as a tester! I like version 2.

 

The Beta is very stable, only the rare glitch. It is a spruked up version 2, like having mag wheels and a fancy paint job, together with all wheel drive and all wheel disc breaks, she looks good, handles a lot better and breaks on a dime

Cheers

 

I wouldn't exactly say that it's stable with only the rare glitch. There are countless posts in this forum from Mele and others who have encountered significant problems! I wouldn't install it on any of my machines!

 

And you are comparing this to what? I have been running the pre-release Beta for quite some time now, until the version installed last night it has been going rather well. You may want to take a look at the previous Beta Forum going from Version 1 to Version 2, there were a lot more problems there...

My only problem is a rare glitch bringing with it a lsass.exe error, which has been posted in new thread...

Cheers

 

As stated in my original thread, I'm comparing it to THIS forum. There are many posters talking about the many problems that are occurring with this Beta, one person that comes to mind is Mele. Simply look through all the threads for yourself and see for yourself.

 

No problem running it on a WinXP Pro machine. I consider it very stable, especially for a beta.

Also great improvements by adding the HTTP scanner, AH option to AMON
and the NOD32 scanner, etc.!

 

See Marcos's reply to Mele:

https://www.wilderssecurity.com/newreply.php?do=newreply&p=224920

Cheers