Lots of trojans :(

Discussion in 'NOD32 version 2 Forum' started by sard, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Recently NOD32 has been detecting lots of Trojans and worms on my system. I'm careful what I install, run Kerio firewall and only permit programs I'm sure of to access the Internet. I have also been using Firefox and Opera for many years for almost everything but windows update so I'm not sure where the Trojans came from.

    http://uberish.fastmail.fm/1.jpg

    What do they do? Are they key loggers, or spam forwarders or something else. I've been on broadband for 18 months and apart from a few viruses sent by email I've been completely clean.

    After deleting each one, hours later more would appear so I got a bit paranoid and ran TDS3 and KAV 15 day trial in case NOD32 (using advanced Heuristics shell) was missing anything. Sure enough they both found these 2

    Trojan.Win32.Starter
    Backdoor.SDBot.ja.

    I sent a sample of the backdoor one to ESET (deleted the other before I remembered)

    I used to think I was taking enough precautions by being careful and running NOD32 with a firewall but it looks like I was wrong. Do I also need a resident Trojan scanner as NOD32 seems deficient in this department? Would KAV be a better choice, I've heard good things about Boclean but there's no free trial.

    Sorry for all the questions it's just that the infections have come as a bit of a shock and I want to stop it happening again.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Is your Windows fully up-to-date?

    Cheers :D
     
  3. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Yep. Windows 2000 all up to date, so's NOD32.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Last edited: Jul 17, 2004
  5. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Thanks. Unfortunately NOD32 failed to detect some of them so I'm going to have to find another Trojan scanner though.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I have always used an Antitrojan program to run with NOD as part of a layered defense.

    There are a number of free AT programs, but personally I think one of the Big 3 commercial ones, BOClean, TDS-3 or TrojanHunter would be better choices.

    Do not be put off by the lack of a trial for BOClean, as they have an iron-clad money back guarantee if you are not happy with the program.

    My experience is that trojans seem more prevalent of late ( obviously depends upon your surfing habits ) so you need good protection and cleaning abilities in your defense programs against this threat.
     
  7. bbbsss

    bbbsss Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    2
    Take care!
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I would suggest that you run Belarc Advisor to make sure that all your Microsoft hot fixes are working properly and that none have failed. I was surprised yesterday when I routinely ran Belarc Advisor (it had been about a month since I last ran it and I wanted a current report as I print them out) and it found a critical patch had failed. This was a biggie too!
    MS04-012: Cumulative Update for Microsoft RPC/DCOM. It has to be reinstalled. You might have a similar situation with a failed security critical update that might be allowing trojans onto your box. Belarc Advisor has saved me many times on both my W98SE box and this XP one. I highly recommend it. It is free.

    http://www.belarc.com/free_download.html
     
Thread Status:
Not open for further replies.