Lots of trojans :(

Recently NOD32 has been detecting lots of Trojans and worms on my system. I'm careful what I install, run Kerio firewall and only permit programs I'm sure of to access the Internet. I have also been using Firefox and Opera for many years for almost everything but windows update so I'm not sure where the Trojans came from.

http://uberish.fastmail.fm/1.jpg

What do they do? Are they key loggers, or spam forwarders or something else. I've been on broadband for 18 months and apart from a few viruses sent by email I've been completely clean.

After deleting each one, hours later more would appear so I got a bit paranoid and ran TDS3 and KAV 15 day trial in case NOD32 (using advanced Heuristics shell) was missing anything. Sure enough they both found these 2

Trojan.Win32.Starter
Backdoor.SDBot.ja.

I sent a sample of the backdoor one to ESET (deleted the other before I remembered)

I used to think I was taking enough precautions by being careful and running NOD32 with a firewall but it looks like I was wrong. Do I also need a resident Trojan scanner as NOD32 seems deficient in this department? Would KAV be a better choice, I've heard good things about Boclean but there's no free trial.

Sorry for all the questions it's just that the infections have come as a bit of a shock and I want to stop it happening again.

 

Is your Windows fully up-to-date?

Cheers

 

Yep. Windows 2000 all up to date, so's NOD32.

 

More info about it here:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

And here:

http://www.viruslist.com/eng/viruslist.html?id=51544

Basically it is a IRC Trojan.

I would advise setting up a weekly scan with Nod32, to do so, see the following thread from post #20 onwards:

https://www.wilderssecurity.com/showthread.php?t=37509&page=1

Cheers

 

Thanks. Unfortunately NOD32 failed to detect some of them so I'm going to have to find another Trojan scanner though.

 

I have always used an Antitrojan program to run with NOD as part of a layered defense.

There are a number of free AT programs, but personally I think one of the Big 3 commercial ones, BOClean, TDS-3 or TrojanHunter would be better choices.

Do not be put off by the lack of a trial for BOClean, as they have an iron-clad money back guarantee if you are not happy with the program.

My experience is that trojans seem more prevalent of late ( obviously depends upon your surfing habits ) so you need good protection and cleaning abilities in your defense programs against this threat.

 

Take care!

 

I would suggest that you run Belarc Advisor to make sure that all your Microsoft hot fixes are working properly and that none have failed. I was surprised yesterday when I routinely ran Belarc Advisor (it had been about a month since I last ran it and I wanted a current report as I print them out) and it found a critical patch had failed. This was a biggie too!
MS04-012: Cumulative Update for Microsoft RPC/DCOM. It has to be reinstalled. You might have a similar situation with a failed security critical update that might be allowing trojans onto your box. Belarc Advisor has saved me many times on both my W98SE box and this XP one. I highly recommend it. It is free.

http://www.belarc.com/free_download.html