trojan sample

Discussion in 'Trojan Defence Suite' started by melissa, Jan 23, 2004.

Thread Status:
Not open for further replies.
  1. melissa

    melissa Registered Member

    Joined:
    Jan 10, 2004
    Posts:
    23
    i have sent a sample of trojan to submit@diamondcs.com.au and i have got a response from them that they will add this detection today so were i can see that they had added that detection
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Once you have the latest database (it is on its way to the update sites now) then just click Help > Primary List

    If I'm right then you submitted that legitimate looking program which also included a nasty in it - TrojanDownloader.Win32.VB.aa

    This was added, as was detection for the installer since it is a dropper, AND the program also dropped an adware type of program known as TrojanClicker.Win32.WinPup.d (2 copies of it actually). These should be detected when you update and you can remove them.

    Thanks again for your submission :)
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Well done Melissa! Have a nice Karma cookie for your trouble :D
     
  4. melissa

    melissa Registered Member

    Joined:
    Jan 10, 2004
    Posts:
    23
    hey thanks for your reply . but this trojan was first detected by kaspersky anti virus in dec 2003
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Melissa,

    It doesnt seem like a major danger, since it is actually adware. Its nice to know that you use Kaskersky AV though, since its one of only 2 AV software i recommend to people I know :)

    Again, thanks for sending us a copy of it to add to the detection list. The reason I didnt get one sooner is simply that antivirus companies receive more submissions than anyone, and all the very common malware. This is fast becoming adware and its amazing to see how much of it gets on nearly every PC. Any shop which sells a PC should really have information on how to stop adware junk from sites and/or offer after sales help. Does ANY ISP include Spybot S&D or AdAware on their free CD's yet ?
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    No Gavin, we'll recommend they include TDS-4 evaluation with a large ad-spyware detection database in that so let everybody submit their nasties for your collection!

    For that i would like an extra administrative tool logging or flagging which files we submitted already via the submission tool and decided to keep on your system as they're still there. It could ease finding them back if submission answer is "all clean" or "remove immediately!", where we could click a switch if we keep it if we want, whatever.
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Its getting to the point where that SHOULD be done, to help new users who have a default setup. Just scripting and ActiveX enabled by default means soon after getting online many adware programs are on the PC just from using it normally, browsing a few sites
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    From my experience, A lot suppliers appear to install spys as part of their & their "partners" marketing processes :mad:
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    True:
    to be able to visit my ISP's sites i need to allow every security risk with flash and java and scripting and activeX and cookies and banners and animation and browser header reference and and and oh and some settings more in the browser and ... etc else i only might see just an empty page with the addressbar. And i'm sure lots of files and cookies after that. So better added them to my trusted zone, saves lots of work.
     
Thread Status:
Not open for further replies.