Re: trojan found
From: Die Spammer (diespammer_at_loser.fu)
Date: Wed, 18 Jun 2003 07:33:32 GMT
> The only information saved in or by the BIOS is the configuration
> information (ESCD) - whatever happens here is probably nothing to do
> with viruses or trojans.
this is what I am thinking also
> There are a number of possibilities. You may have unsecured shares
> and somebody outside may be putting things on your PC. Trojans and
> viruses do travel as e-mail attachments, but there are several viruses
> which also spread via insecure network shares. You may be running
> processes which are configured to allow other people to plant things
> on your PC.
> You need to check and see what resources on your PC are visible. You
> can read up more on this at www.grc.com and www.cert org - you may
> want to read up on the CERT guidelines for small business security and
> also on recovereing from a compromise. Pay special attention to
> unbinding network sharing from your modem.
> >My question is
> >1. can it be possible for this trojan to make new file names
> The filenames seem fairly arbitrary. The only requirement for
> consistency is that the registry entry invoking the trojan is going to
> have to be able to specify a valid filename. There should be detailed
> writeups on this trojan, start with the McAfee and Symantec websites
> www.nai.com and www.sarc.com.
> >2. if this is a key stroke logging trojan, how can I find out where the
> >log is getting sent to if it gets sent somewhere. Can I look in the
> >infected files somehow to find out a destination address?
> If the writeup doesn't tell you, your chances of reverse engineering
> the malware to find out where the information is being sent are
also, the computer that has or has had these trojans is using a dialup 56k