Real-life threats from any of these?

Discussion in 'Trojan Defence Suite' started by Notok, Dec 5, 2004.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Another Norton customer with over 400 infections.. :rolleyes:

    I'm going to be reformatting his hard drive, but I just need to know if any of these warrant him changing account numbers, etc. I can't seem to find a lot of information about some of these.

    Thanks in advance!

    TDS-3 found the following:
    DDoS.RAT.WootBot.aa, .ad, .cn, .bc, .x, & .o
    DDoS.RAT.rBot.dh
    DDoS.RAT.SpyBot
    DDoS.RAT.SDBot
    RAT.Omega
    RBot.bhe, .bdl, .avg, .avl, .zy
    TrojanDropper.Small.ky
    TrojanProxy.Mitglieder.bz
    NoCheat.a
    TrojanProxy.Win32.Ranky.bb & .bc
    TrojanClicker.Win32.Agent.ah1, .ah2, & .ah4
    Java.Bytverify
    TrojanDownloader.1stBar.a
    Korgo.z
    Krepper.l
    Baglet.a
    Purityscan.v

    (sorry I don't have the full names of everything, I got tried of writing trojan.rat.win32.etc at some point. I know a few of those are just adware, but though I'd include them anyway. NOD32 found plenty of unknowns, too, so I'll have plenty of samples for you guys in a couple days :) )
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Some very big threats there, the DDoS bots, the proxies mostly :( thats one badly infected machine !
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Notok, Wow! After 400 infections I would re-account everything :eek: and probably give up computing! :D
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yup. Unpatched machine with no firewall that's been running for about a year. The automatic update was signaling that updates were ready to install, I didn't check for how long, lol. Whoever worked on his computer last only updated Norton to the latest version.. which found bagle... :blink:

    Unfortunately he has some rather sensitive data on there. Should we assume that it's all compromised?
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    With all the RAT and others you MUST assume that everything was compromised and he needs to change all passwords etc and notify banks etc that it is likely that all his financial info was stolen

    I would definitely assume that everything on the computer was now in the hands of the hackers and take appropriate steps to safeguard myself against anyone using that info
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Totally agree Derek, Identity theft is still very much on the rise around the world and can cause the "casualties" monumental grief.

    Pilli
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Indeed..

    dvk01: Thanks for bringing it back into perspective. This will be no small task for him, but the effort will all pay off in the end.
     
Thread Status:
Not open for further replies.