trojandropper.win32.swicer

Discussion in 'malware problems & news' started by controler, Jan 2, 2004.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Today i decided to uninstall the three month version of Norton 2003 Antivirus from my new laptop and install my copy of NOD-32.
    After installing NOD-32 and updating, NOD found the trojandropper.win32.swicer in my application folder.
    To verify, I renamed the file and compressed,zipped using Xp's zipping abilities and copied to my desktop test machine where I am runing KAV 5.0 Beta. I scanned the zipped folder, which found the same trojan.
    The only thing I tried to install on my new laptop that dropped this trojan was bittorent from their home page. After install it asks to reboot. After reboot Bo Clean yelled at me that a trojan dropper was caught and nutralized. Although the file still existed. I also noticed a new process that I was not sure of.
    Now my question is, Was the trojan still active or did Bo Clean clean it and the only thing NOD and KAV found was the file left behind?

    con
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi controler,

    Trojan.Swicer is also known as C2Media aka lop.com
    http://www.doxdesk.com/parasite/lop.html
    or
    http://www.wilderssecurity.com/showthread.php?t=7487

    If you are unsure how to check yourself please feel free to post your HijackThis log
    Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. controler

    controler Guest

    Thanks Pieter

    I have used Hijack this before but may run it again
    Yes the LOP things is what was left over even after I tried to uninstall bittorrent. Hijacked my broswer ect. I was able to clean it all up without a recovery. I love registrycrawler for finding all that hard to find stuff in the registry.
    I still wonder about what Bo Clean did though.
    Am dissapointed in Norton's Av even though it is ment to be a AV not AT
    NOD and KAV are both comming along great in trojan detection these days. I just didn't realize Norton was so far behind now.

    con
     
  4. JSa

    JSa Guest

    controller
    From what i've read on the subject Trojandroppers are used to deploy viruses/trojans to the victims machine they are not actually themselves a trojan and can avoid detection by anti-virus scanners because most cannot scan inside such packages

    I was hit with one recently and was suprised that TDS didn't report it and that KAV did but I think it's better not to expect one product to catch all kinds of malware
     
Thread Status:
Not open for further replies.