RE: New Trojan

From: Chris Fussell (chrisfussell_at_hotmail.com)
Date: 10/27/03

  • Next message: lsi: "Re: New Trojan" 
    To: "'Jay Castaldo'" <fupayme2003@hotmail.com>, <incidents@securityfocus.com>
Date: Mon, 27 Oct 2003 13:27:59 -0500

    FWIW, after seeing this thread, I got nervous and looked at my virus scanner
    and discovered that there is an option to scan ADS, which I quickly enabled
    and re-scanned my machine. I am using CA eTrust Antivirus... I'm not sure if
    other products support the same.

    - Chris

    -----Original Message-----
    From: Jay Castaldo [mailto:fupayme2003@hotmail.com]
    Sent: Sunday, October 26, 2003 8:28 AM
    To: incidents@securityfocus.com
    Subject: Re: New Trojan

    In-Reply-To: <5.1.0.14.0.20031026114925.00ae1980@pop.netspace.net.au>

    Thanks for all the help everybody, I have definately learned something new
    today about the good old Windows systems and NTFS. I'm just very curious
    how it got on my computer to begin with, but on to the fix action. I was so
    mind boggled and bothered about this on my machine, I almost (keyword)
    reloaded my entire machine, but as somebody mentioned earlier about a rundll
    command and walla done. I can't believe it was that simple. The funny
    thing about it, no anti viral tools or anti trojan tools would work period
    just because I think as somebody already stated it was using an ADS which
    apparently is a great way to hide new trojans on any NTFS machine. This
    forum is by far a great tool to learn something new everyday and I
    definately have learned something. Thank you for all your input.

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

  • Next message: lsi: "Re: New Trojan"

    Relevant Pages

    • RE: New Trojan
      ... Subject: New Trojan ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • Re: Cisco CTR
      ... Will the IDS log that attack as being ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • RE: idsearch.com and GoogleMs.dll
      ... MediaPlayer.exe to trigger set registry entries. ... Network with over 10,000 of the brightest minds in information security at ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • New Trojan
      ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • Re: New Trojan
      ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • Quantcast