TrojanDownloader.Win32.Apropo.d

SpywareBlaster has not stop the trojan identified by the Kaspersky Anti-Virus product. I can send you a file under rar-archive. Should I?
SysAI.exe - TrojanDownloader.Win32.Apropo.d

 

Spyware Blaster, isnt a trojan defense system, it is a spyware defense, it adds info (killbits) to the registry, 2 stop sites from showing activex

it also has cookie & restricted site protection

hope this helps a bit

 

I think it's ActiveX-based trojan. It was self-downloaded using popup-window and I couldn't do anything. Can you advise me something to prevent such cases in future?

 

i would say a good antivirus is KEY nod32 is what i use

also, make sure your browser isnt set 2 auto-accept activex or use mozilla/firefox which i also use and a good popup blocker(i like firefox's default popup blocker), & firewall, i use kerio Personal firewall

hope this helps

 

Make sure u have all the current Windows Updates.


snowbound

 

ya, sorry, i forgot 2 mention that when replying 2 his post..

 

There's also some good info here on tightening up security,

https://www.wilderssecurity.com/showthread.php?t=27971


snowbound

 

2 all!
Thanks for a piece of advice.
First of all I’d like to say – My post should be read as a wish to improve SpywareBlaster.
I’ve got all Microsoft updates, SpywareBlaster is running too. Anyway. I’ve been infected by this trojan.
I’ve found that ****ing url. Plz, be very confident in your security before visit it.
h**p://www.soundclick.com/bands/2/millerboymusic.htm
It contains code like

<!-- FASTCLICK.COM 468x60 v1.4 for soundclick.com -->
<script language="Javascript"><!--
var i=j=p=t=u=x=z=dc='';var id=f=0;var f=Math.floor(Math.random()*7777);
id=237; dc=document;u='ht'+'tp://media.fastclick.net/w'; x='/get.media?t=n';
z=' width=468 height=60 border=0 ';t=z+'marginheight=0 marginwidth=';
i=u+x+'&sid='+id+'&m=1&f=b&v=1.4&c='+f+'&r='+escape(dc.referrer);
u='<a hr'+'ef="'+u+'/click.here?sid='+id+'&m=1&c='+f+'" target="_blank">';
dc.writeln('<ifr'+'ame src="'+i+'&d=f"'+t+'0 hspace=0 vspace=0 frameborder=0 scrolling=no>');
if(navigator.appName.indexOf('Mic')<=0){dc.writeln(u+'<img src="'+i+'&d=n"'+z+'></a>');}
dc.writeln('</iframe>'); // --></script><noscript>
<a href="http://media.fastclick.net/w/click.here?sid=237&m=1&c=1" target="_blank">
<img src="http://media.fastclick.net/w/get.media?sid=237&m=1&d=s&c=1&f=b&v=1.4"
width=468 height=60 border=1></a></noscript>
<!-- FASTCLICK.COM 468x60 v1.4 for soundclick.com -->

 

<!-- FASTCLICK.COM POP-UNDER CODE v1.7 for soundclick.com -->
<script language="javascript"><!--
var doc=document; var url=escape(doc.location.href); var date_ob=new Date();
doc.cookie='h2=o; path=/;';var bust=date_ob.getSeconds();
if(doc.cookie.indexOf('e=llo') <= 0 && doc.cookie.indexOf('2=o') > 0){
doc.write('<scr'+'ipt language="javascript" src="http://media.fastclick.net');
doc.write('/w/pop.cgi?sid=237&m=2&v=1.7&u='+url+'&c='+bust+'"></scr'+'ipt>');
doc.cookie='he=llo; path=/;';} // -->
</script>
<!-- FASTCLICK.COM POP-UNDER CODE v1.7 for soundclick.com -->

 

Today I've increased security of my ie6, installed Spyware Guard and tried to connect this site again. It offered me to start ActiveX script marked as safe.
Report log of Spyware Guard:
--------------------------------------------------------------------------------
BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
On 22:07:45 05.23.2004 a browser page change was detected.
Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
Value Name: Start Page
Old Value: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
New Value: http://ya.ru/
User Action Taken: KEEP NEW VALUE

--------------------------------------------------------------------------------
NEW BHO DETECTION ALERT
On 22:13:56 05.23.2004 a new BHO installation attempt was detected.
BHO: {7559B76E-0222-4d77-9499-CCE9EB4EDC2F}
ProgramID: AdShield.AdShield
File Location: C:\PROGRA~1\AdShield\AdShield\AdShield.dll
User Action Taken: KEEP BHO

 

ProgramID: AdShield.AdShield
File Location: C:\PROGRA~1\AdShield\AdShield\AdShield.dll

Here it is.
SpawareBlaster automatically configures ie setting to accept ActiveX scripts marked as safe.

 

Posts 8-11 is off the mark. Sorry))