A2 and AVG fail

SUBJECT: Trojan.Flush.E

aka: <hgqhp >exe<



SEE: http://securityresponse.symantec.com/avcenter/venc/data/trojan.flush.e.html



Comment:

After well near two decades of surfing the internet nothing has ever bypassed the security setup on computers used by me......until tonight that is. An did the bypassing with grace and charm.


The above mention Trojan totally bypassed every security product installed. The firewall.....anti trogan scanner.....anti virus.....script detectors.....and much more. But thats not what this post is about. After being infected.....before the trojan changed its colors> (this trojan installs itself as <yaemu>exe<> and then changes to <hgqhp>exe<.......I decided to do alittle testing. But only after reading countless posts both pro and con on A2 free and AVG free.........so, both programs were installed and updated......(before shuting the computer down which would have "changed the trojan) the trojan was then allowed to complete its install..... then both programs were given the chance to clean the mentioned trojan.......nither A2 or AVG was even able to notice the trojan much less clean it. Both failed.
For the heck of it adaware was also run an it too did not notice the trojan.


Its possible that other anti trojan and anti virus programs may not notice it as well so this is not a finger pointing at A2 or AVG......its just a simple report........yes, I do use shareware anti virus and trojan scanners but felt it would not be fair to test shareware against freeware....therefore, no scans were done using shareware programs. They may have failed as well....could be.

To remove the trojan I used HijackThis......which worked very well.



There remains the question of how the trojan bypassed all security and entered. Using internet explorer with File Download disabled....activeX disabled....Java disable...no java applets.........the only program download tonight was autoclose....it was fully scanned prior to testing and junking.

No more comments will be posted by me regarding this matter. Just want to post an alert.

 

If your security apps didn't detect this malware on your computer, I am sure it would not before or during download either.

 

BigC.......an you are correct.....its an old habit of mine to check the startup before closing for the day or to change fron one anti virus to another for nightly scans.......thats when the trojan was noticed as "yaemu".........thereafter, I disabled it from starting up at re-boot just in case the computer crashed or whatever.........then, well curious to see what the results would be if allowed to become active.....away we went...........from what I understand now the trojan may prevent internet access........but it did not do so on me.

this is not something that is suggested for others to try........hijackthis was already on the computer if not I would be picking through the registry.

 

Just completed scans by Kav and MaAfee both of which did not detect anything, So it would appear that HijackThis Clears out this trojan completely...............good.


FareTheWell