Trojans are crazy !

Discussion in 'other anti-trojan software' started by coldplay, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    VGADown, GHook, mppds

    I just found out that these 3 trojans or types of trojans or one of these 3 penetrated my system without me installing anything and protected by antivir PP+ Prevx1

    I dont even know how they did that. They were not there a couple of days ago and I have not installed anything. I only go to reputable sites. I survived .ANI threat. And both antivir PP and Prevx1 advise that they can detect trojans. Well, They failed me on this one.

    Any suggestion about what I should do? change softwares or add dedicate anti-trojans ? or continue reply on antivir pp and prevx1 and start pray.

    PS. just did a search , the file was " upxdnd.dll "
    see post #9
     
    Last edited: Apr 10, 2007
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: One silly question: How did you find out their presence? None of your trusted apps has done so. o_O
     
  3. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I found out those during a routine check by using another on-demand scanner which was not SAS ( >_< ).
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, Coldplay: Trojans can stay dormant for a long time w/o executing its codes. When it is inactive, only on demand scanner can detect it. When it commences execution, realtime guard,such as prevx1's , can instantly pick it up. BTW, have you done a complete file scan w/ prevx1 ? If not done so, why not try it, may be a surprise to you.
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: Thank you for the informative inputs. Now I know that trojans can sneak into my box even w/ web browsing(see Sopho's note), not necessarily by installation. This theory will definitely cement my firm belief in true value of sandbox/virtualization apps. I do my routine web surfing in frozon mode of DeepFreeze. When the task is done, reboot, and no more worries. I think I have made a wise investment on this one. Truly. :thumb:
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    I took interest in this thread because I am considering installing Prevx1. I'm wondering if you were notified that this was a unknown/caution file and allowed it? I'm not accusing, I'm just wondering. I'm still trying to wrap my head around how prevx works. I know it checks your database of files and if not known then the community database. Also, do you run as a limited user or admin?

    I agree with the infection from visiting sites being scary. I guess they are called drive by downloads. I trust myself to not install something bad (at least 90% of the time :D ). But for something to sneak up and bite ya from behind is just nasty. I really need to get a backup system going and some sort of sandboxing or vm program running.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: I ,now, have my full faith in Prevx1, although it is not a 100% airtight. That is why I use DeepFreeze to back it up. What I have done w/ prevx1 is these. First I install it for free until the first incident, then x days of trial kicks in. After that period, I subscribed for 3 months. Then I got lucky receiving a key as a gift from one member of this forum. I would give it a very serious consideration. Good luck.
     
  9. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I am pretty sure those files or that file was newly resided in my system. I have done complete scans once every week with antivir pp, prevx1 and SAS.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    Let me get this right. Was SAS the one that detected the file with an on-demand scan? Have you removed and or cleaned your system of the malware?
     
  11. EASTER.2010

    EASTER.2010 Guest

    Please hear me out. Even the best AS/AT scanners will never be enough, you have got to employ a HIPS of one name or another. That way you get alerted IMMEDIATELY irregardless of any blacklist database that can't keep up with everything as fast as they like.

    I use System Safety Monitor (beta tester/fully licensed) and i have trialed Cyberhawk, Spyware Terminator, and others with resounding success. I was given a URL to a "known" drive-by site, my "resident guard" anti-spyware program was totally blind that a fierce dropper had made entry but SSM was johnny-on-the-spot and instantly SUSPENDED the file and afforded me time to make a decision to DENY it, and that was all she wrote. No problem, no issue.

    You have to get that web shielding in place along with your scanners & resident AS's because they can't identify everything, HIPS does! and stops anything which exhibits itself as a process to hand over full control to you, the user, so you know what the heck is going on.

    My 2-cents worth if it matters.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    Easter.2010, Isn't Prevx1 'an easy to use HIPS' type of program? That's why I was asking if the OP had perhaps allowed an unknown/caution file to run. I'm just learning, but I do see the importance and power that my right finger on the mouse has as to allowing or denying a file. I guess somewhere between the alert and click I need to insert a few brain cells. You bring up that point also because SSM alerted you and you could either allow or deny the malware.

    FWIW, I would run SSM free in a heartbeat if I had a little more knowledge. Also, your 2 cents matters to at least 1 person.
     
  13. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    It wasn't SAS, post #3 stated it . I have removed the file or registry already.

    -------------

    @EASTER

    Isn't Prevx1 a HIPS software.

    ---------

    @ innerpeace

    Prevx1 has not been warning anything. I checked the link you gave, they helped , thx.
     
    Last edited: Apr 10, 2007
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    Hi coldplay, good to hear you removed the malware. I just did a quick search for the file you mentioned upxdnd.dll. There was many other hits too when searching google. You might check those out too. Being that its a trojan, you might try other free scanners too, just to be sure that everything is gone. I wish you luck and I'm off to bed. Take care
     
  15. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: As I stated earlier, if a trojan stays dormant, not active, none of the mighty HIPS CAN sense its presense(correct me, if you will). Only the moment it starts to make a move, bingo, some of your defense mechanisms will sound off the alarm. To get rid of those sleep-cell type of malwares, on demand scanner or sandbox model , IMO, still are the better solution. Trojan will not harm you until it EXECUTES. Among your firewall's O/S firewall, AV's behavior control, AS's shield, AT's guard and of course, HIPS, one ought to function accordingly. Otherwise, you better realign your defense team! Have a nice one.
     
  16. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    Is there some reason you don't want to name the other scanner that found the trojans?
    Best,
    Jerry
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,101
    Location:
    North Carolina USA
    Panda.:cool:
     
  18. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    Its a Chinese anti-malware scanner, I dont think many ppl here are willing to give it a try . Also, I said some good things about this scanner before , some guy called me a adviser. the software is call " ArSwp " and it doesn't have an English site but software itself has English interface though. www.arswp.com
     
  19. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, Coldplay: I read Chinese and I have gone to the site d/l,inst the app (green copy), it has English version, during the scan, it requests an internet access. Is this safe to allow? I did not go any further w/o investigating its purpose of connecting to internet, to its server(data base)? Can you hlp me w/ this issue. Seems a good product. I am very interesting in it. Thanks.
     
  20. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    I allowed it, you can't trust any anti-virus/malware softwares if they dont need Internet connection. it updates signatures at startup. what i like about this software is it doesn't ask you to install which makes it perfect on-demand scanner with Dr.web cure it. Also it has found some nasty stuff other programs are not able to find for me.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    Thanks for the reply, Coldplay.

    Regards,
    Jerry
     
  22. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi,Coldplay: I did a scan, and it find two nasties in memory, to my surprise. Because I just did a complete scan w/ SAS and AVG AS, none are found. The app's black/white list are not in English and its scan results are not either. My pc can not read those scripts. I think I need to seek help from friend for modification. Thanks anyway.
     
  23. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    download Chinese language package from microsoft, sorry I dont know the link but I believe google will bring it up on first link
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,368
    Hello,
    I'm still wondering how you contracted the disease.
    What browser are you using?
    Mrk
     
  25. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191

    So am I .

    IE 7
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.