Recently NOD32 has been detecting lots of Trojans and worms on my system. I'm careful what I install, run Kerio firewall and only permit programs I'm sure of to access the Internet. I have also been using Firefox and Opera for many years for almost everything but windows update so I'm not sure where the Trojans came from. http://uberish.fastmail.fm/1.jpg What do they do? Are they key loggers, or spam forwarders or something else. I've been on broadband for 18 months and apart from a few viruses sent by email I've been completely clean. After deleting each one, hours later more would appear so I got a bit paranoid and ran TDS3 and KAV 15 day trial in case NOD32 (using advanced Heuristics shell) was missing anything. Sure enough they both found these 2 Trojan.Win32.Starter Backdoor.SDBot.ja. I sent a sample of the backdoor one to ESET (deleted the other before I remembered) I used to think I was taking enough precautions by being careful and running NOD32 with a firewall but it looks like I was wrong. Do I also need a resident Trojan scanner as NOD32 seems deficient in this department? Would KAV be a better choice, I've heard good things about Boclean but there's no free trial. Sorry for all the questions it's just that the infections have come as a bit of a shock and I want to stop it happening again.
More info about it here: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html And here: http://www.viruslist.com/eng/viruslist.html?id=51544 Basically it is a IRC Trojan. I would advise setting up a weekly scan with Nod32, to do so, see the following thread from post #20 onwards: https://www.wilderssecurity.com/showthread.php?t=37509&page=1 Cheers
Thanks. Unfortunately NOD32 failed to detect some of them so I'm going to have to find another Trojan scanner though.
I have always used an Antitrojan program to run with NOD as part of a layered defense. There are a number of free AT programs, but personally I think one of the Big 3 commercial ones, BOClean, TDS-3 or TrojanHunter would be better choices. Do not be put off by the lack of a trial for BOClean, as they have an iron-clad money back guarantee if you are not happy with the program. My experience is that trojans seem more prevalent of late ( obviously depends upon your surfing habits ) so you need good protection and cleaning abilities in your defense programs against this threat.
I would suggest that you run Belarc Advisor to make sure that all your Microsoft hot fixes are working properly and that none have failed. I was surprised yesterday when I routinely ran Belarc Advisor (it had been about a month since I last ran it and I wanted a current report as I print them out) and it found a critical patch had failed. This was a biggie too! MS04-012: Cumulative Update for Microsoft RPC/DCOM. It has to be reinstalled. You might have a similar situation with a failed security critical update that might be allowing trojans onto your box. Belarc Advisor has saved me many times on both my W98SE box and this XP one. I highly recommend it. It is free. http://www.belarc.com/free_download.html