Trojans are crazy !

Discussion in 'other anti-trojan software' started by coldplay, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    VGADown, GHook, mppds

    I just found out that these 3 trojans or types of trojans or one of these 3 penetrated my system without me installing anything and protected by antivir PP+ Prevx1

    I dont even know how they did that. They were not there a couple of days ago and I have not installed anything. I only go to reputable sites. I survived .ANI threat. And both antivir PP and Prevx1 advise that they can detect trojans. Well, They failed me on this one.

    Any suggestion about what I should do? change softwares or add dedicate anti-trojans ? or continue reply on antivir pp and prevx1 and start pray.

    PS. just did a search , the file was " upxdnd.dll "
    see post #9
     
    Last edited: Apr 10, 2007
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: One silly question: How did you find out their presence? None of your trusted apps has done so. o_O
     
  3. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I found out those during a routine check by using another on-demand scanner which was not SAS ( >_< ).
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Coldplay: Trojans can stay dormant for a long time w/o executing its codes. When it is inactive, only on demand scanner can detect it. When it commences execution, realtime guard,such as prevx1's , can instantly pick it up. BTW, have you done a complete file scan w/ prevx1 ? If not done so, why not try it, may be a surprise to you.
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Thank you for the informative inputs. Now I know that trojans can sneak into my box even w/ web browsing(see Sopho's note), not necessarily by installation. This theory will definitely cement my firm belief in true value of sandbox/virtualization apps. I do my routine web surfing in frozon mode of DeepFreeze. When the task is done, reboot, and no more worries. I think I have made a wise investment on this one. Truly. :thumb:
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I took interest in this thread because I am considering installing Prevx1. I'm wondering if you were notified that this was a unknown/caution file and allowed it? I'm not accusing, I'm just wondering. I'm still trying to wrap my head around how prevx works. I know it checks your database of files and if not known then the community database. Also, do you run as a limited user or admin?

    I agree with the infection from visiting sites being scary. I guess they are called drive by downloads. I trust myself to not install something bad (at least 90% of the time :D ). But for something to sneak up and bite ya from behind is just nasty. I really need to get a backup system going and some sort of sandboxing or vm program running.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I ,now, have my full faith in Prevx1, although it is not a 100% airtight. That is why I use DeepFreeze to back it up. What I have done w/ prevx1 is these. First I install it for free until the first incident, then x days of trial kicks in. After that period, I subscribed for 3 months. Then I got lucky receiving a key as a gift from one member of this forum. I would give it a very serious consideration. Good luck.
     
  9. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I am pretty sure those files or that file was newly resided in my system. I have done complete scans once every week with antivir pp, prevx1 and SAS.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Let me get this right. Was SAS the one that detected the file with an on-demand scan? Have you removed and or cleaned your system of the malware?
     
  11. EASTER.2010

    EASTER.2010 Guest

    Please hear me out. Even the best AS/AT scanners will never be enough, you have got to employ a HIPS of one name or another. That way you get alerted IMMEDIATELY irregardless of any blacklist database that can't keep up with everything as fast as they like.

    I use System Safety Monitor (beta tester/fully licensed) and i have trialed Cyberhawk, Spyware Terminator, and others with resounding success. I was given a URL to a "known" drive-by site, my "resident guard" anti-spyware program was totally blind that a fierce dropper had made entry but SSM was johnny-on-the-spot and instantly SUSPENDED the file and afforded me time to make a decision to DENY it, and that was all she wrote. No problem, no issue.

    You have to get that web shielding in place along with your scanners & resident AS's because they can't identify everything, HIPS does! and stops anything which exhibits itself as a process to hand over full control to you, the user, so you know what the heck is going on.

    My 2-cents worth if it matters.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Easter.2010, Isn't Prevx1 'an easy to use HIPS' type of program? That's why I was asking if the OP had perhaps allowed an unknown/caution file to run. I'm just learning, but I do see the importance and power that my right finger on the mouse has as to allowing or denying a file. I guess somewhere between the alert and click I need to insert a few brain cells. You bring up that point also because SSM alerted you and you could either allow or deny the malware.

    FWIW, I would run SSM free in a heartbeat if I had a little more knowledge. Also, your 2 cents matters to at least 1 person.
     
  13. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    It wasn't SAS, post #3 stated it . I have removed the file or registry already.

    -------------

    @EASTER

    Isn't Prevx1 a HIPS software.

    ---------

    @ innerpeace

    Prevx1 has not been warning anything. I checked the link you gave, they helped , thx.
     
    Last edited: Apr 10, 2007
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi coldplay, good to hear you removed the malware. I just did a quick search for the file you mentioned upxdnd.dll. There was many other hits too when searching google. You might check those out too. Being that its a trojan, you might try other free scanners too, just to be sure that everything is gone. I wish you luck and I'm off to bed. Take care
     
  15. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: As I stated earlier, if a trojan stays dormant, not active, none of the mighty HIPS CAN sense its presense(correct me, if you will). Only the moment it starts to make a move, bingo, some of your defense mechanisms will sound off the alarm. To get rid of those sleep-cell type of malwares, on demand scanner or sandbox model , IMO, still are the better solution. Trojan will not harm you until it EXECUTES. Among your firewall's O/S firewall, AV's behavior control, AS's shield, AT's guard and of course, HIPS, one ought to function accordingly. Otherwise, you better realign your defense team! Have a nice one.
     
  16. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Is there some reason you don't want to name the other scanner that found the trojans?
    Best,
    Jerry
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Panda.:cool:
     
  18. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    Its a Chinese anti-malware scanner, I dont think many ppl here are willing to give it a try . Also, I said some good things about this scanner before , some guy called me a adviser. the software is call " ArSwp " and it doesn't have an English site but software itself has English interface though. www.arswp.com
     
  19. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Coldplay: I read Chinese and I have gone to the site d/l,inst the app (green copy), it has English version, during the scan, it requests an internet access. Is this safe to allow? I did not go any further w/o investigating its purpose of connecting to internet, to its server(data base)? Can you hlp me w/ this issue. Seems a good product. I am very interesting in it. Thanks.
     
  20. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I allowed it, you can't trust any anti-virus/malware softwares if they dont need Internet connection. it updates signatures at startup. what i like about this software is it doesn't ask you to install which makes it perfect on-demand scanner with Dr.web cure it. Also it has found some nasty stuff other programs are not able to find for me.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks for the reply, Coldplay.

    Regards,
    Jerry
     
  22. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,Coldplay: I did a scan, and it find two nasties in memory, to my surprise. Because I just did a complete scan w/ SAS and AVG AS, none are found. The app's black/white list are not in English and its scan results are not either. My pc can not read those scripts. I think I need to seek help from friend for modification. Thanks anyway.
     
  23. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    download Chinese language package from microsoft, sorry I dont know the link but I believe google will bring it up on first link
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    I'm still wondering how you contracted the disease.
    What browser are you using?
    Mrk
     
  25. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191

    So am I .

    IE 7
     
Thread Status:
Not open for further replies.