Win32/TrojanDownloader.Rameh.B trojan

Discussion in 'NOD32 version 2 Forum' started by chuckenheimer, May 11, 2004.

Thread Status:
Not open for further replies.
  1. chuckenheimer

    chuckenheimer Registered Member

    Joined:
    May 11, 2004
    Posts:
    46
    Location:
    Houston, Texas
    Last edited: May 11, 2004
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
  3. chuckenheimer

    chuckenheimer Registered Member

    Joined:
    May 11, 2004
    Posts:
    46
    Location:
    Houston, Texas
    Sig,

    Thanks for those URLs.

    Actually, if you d/l the screensaver and allow it to install is when NOD32 notices the problem. I sent this to tech support already but they have not responded and I wanted some of the superior users here to see what was up for me.

    I'm enjoying the posts, have d/l'd Kapersky and see now that the screen saver did a bunch more than I thought. Kapersky is seeing something NOD32 didn't, but I may not have had NOD32 set correctly.

    Anyway, I'm hoping I can work this out but will continue in the morning.

    Thanks for the reply.
     
  4. thecrow

    thecrow Registered Member

    Joined:
    May 8, 2004
    Posts:
    23
    be sure to set nod to also scan archived/packet files

    for some stupid reason it doesnt by default

    but kaspersy also har a problem with packed files

    i set it to scan them but it says .rar unknown filetype :eek:

    but atleast it does zipped :D
     
  5. chuckenheimer

    chuckenheimer Registered Member

    Joined:
    May 11, 2004
    Posts:
    46
    Location:
    Houston, Texas
    thecrow,

    I remember setting NOD32 to check archives during the original installation. Even with that one set (I'm not real familiar with all of the specialized settings yet), I still got bit. The problem seemed to be that as the screen saver was installing, I got the virus message from NOD32, I cancelled the installation of the screen saver and got into a situation where I couldn't get out of the installation program. It stalled completely at that point and I just shut WinXP Pro down. NOD32 seemed to handle the first quarantine but when a second one appeared, an error occured, according to the log.

    Anyway, I think I'm back having loaded my latest image file and I'm coming up clean on my other hard drive. I'm hoping things are back to normal. That'll teach me about opening these free online files. WOW!

    Thanks.

    Sig,

    I was curious about how to notify the online depository of this virus. Would it be worth the effort? Did you try to install the screen saver yourself? Thanks!

    Charles
     
  6. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    If you still have copies of whatever you say KAV found, it sure couldn't hurt to send them along to ESET at samples@nod32.com.

    But you may or may not get a response from ESET. And, according to a new thread here by Sir Carew, ESET may or may not add some submissions to its definitions. I don't know what their selection criteria may be.

    I didn't mess with the screensaver. Not feeling particularly adventurous although perhaps someone else might want to take the challenge and see what they find. ;)

    I know that the ThemeXP site does bundle some of its downloads with adware/spyware, but they specifically note it (with a red asterisk) when that is the case. It appears they do no screening of screensavers so people are on their own when they download them. ThemeXP has a forum so you might want to ask there if anyone else has found any surprises when downloading screensavers there. You can also provide a sort of alert about the one you downloaded. .
     
  7. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Why were you downloading from that site anyhow? They set spyware on you and didn't you see the Gator cookies that try to install? There has been a lot talk recently about that site. I avoid it.
     
  8. chuckenheimer

    chuckenheimer Registered Member

    Joined:
    May 11, 2004
    Posts:
    46
    Location:
    Houston, Texas
    Mele20,

    I was referred to the site for logon boot screens, etc.

    Didn't see the Gator cookies indication. What are you using to detect those?

    I didn't hear any talk about the site but you can bet I'll be more cautious next time. What's odd is that I had must d/l'd a disk eraser that didn't have all the junk included. I got caught by surprise.

    Thanks for you help!
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Here are two recent threads in the Security forum at my home site dslreports/broadbandreports:

    http://www.dslreports.com/forum/remark,9756928~mode=flat
    http://www.dslreports.com/forum/remark,10213124~mode=flat?hilite=Theme XP

    As for seeing it try to set Gator cookies at that site, I use Firefox or Mozilla about 95% of the time and I have them set to accept cookies for the originating site only and to ask first before accepting. So, I got a popup box asking if I wanted to accept a Gator cookie. Firefox is supposed to reject all third party cookies without asking me so either Firefox goofed (since it asked) or the Gator cookie is a part of themexp and not a third party cookie! Bad site! Used to be ok but not anymore.

    You might put my home site http://www.dslreports.com/
    or
    http://www.broadbandreports.com/
    in your favorites. Lots of great information there especially in the Security forum.
     
Thread Status:
Not open for further replies.