Revop C and spywareguard

Discussion in 'SpywareBlaster & Other Forum' started by donlon, Apr 12, 2004.

Thread Status:
Not open for further replies.
  1. donlon

    donlon Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    31
    Hi

    I just survived a Win32/trojan downloader vb.ca, a "revop C" bastard :)

    Nod32 did discover it and popped up with a warning, but it found it in my memory and couldn't delete it, so I have to do it manually (shut it down in tasklist and then NOD it )

    It copied itself to my HD as my Windows mediaplayer exe (wmplayer.exe), and deleted/renamed the original file, so when activated it tried to download something.

    It was a little difficult to locate the file that set NOD32 off, because NOD32 did not see anything wrong with the wmplayer.exe.

    I got this little fu**er, from a website (I got the URL, if anybody want to take a look at it) and my Q is, if i had installed SpyWareGuard would it had caught it before it could infect my Computer o_O?
     
  2. donlon

    donlon Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    31
    A little update

    I installed Spywareguard and HTAStop (Just in case) and went back to the website and guess what ...... I got the bastard right back.

    So Spywareguard got uninstalled again, if it can't stop that kind of sh** there is no point in have it running and "eat" up my RAM ... ;)

    PS. I thought that HTAStop was designed to prevent this kind of spyware
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for the heads up.

    That's enterily up to you no doubt. Just curious: will you do the same in case your software firewall is bypassed, your Antivirus updated 1 minute too late or your Antitrojan? :)

    Anyway, please email me the URL in question (my addy is in my profile), so we can have a look at it, for the benefit of all.

    That's a different story - and off topic in this forum. Better contact the software developers from HTAStop on that one.

    regards.

    paul
     
Thread Status:
Not open for further replies.