Re: Trojan horse Downloader.Generic.ML

From: Ron Reaugh (ron-reaugh_at_worldnet.att.net)
Date: 06/15/05 

Date: Wed, 15 Jun 2005 19:08:08 GMT

"Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
news:ReadnabBbuWj5i3fRVn-sA@adelphia.com...
> Hi Ron - You might want to download and run the free or trial version of
A2
> Personal, here: http://www.emsisoft.com/en/ UPDATE, then run from a Clean
> Boot or Safe Mode with Show Hidden Files enabled.
> This is a MUCH better
> piece of software for detecting Trojans than AVG.

Why would AVG or Trend HouseCall 6 be weak in this regard?

> Directions for a Clean Boot and Show Hidden Files in my Blog, addy in
> Signature.
>
> --
> Regards, Jim Byrd, MS-MVP
> My, Blog Defending Your Machine, here:
> http://defendingyourmachine.blogspot.com/
>
> "Ron Reaugh" <ron-reaugh@worldnet.att.net> wrote in message
> news:EKYre.963481$w62.31381@bgtnsc05-news.ops.worldnet.att.net
> > It's the file C:\NULL
> >
> > Suddenly shortly after cold boot my fully updated(WinUp) and patched
> > W98se PC reported the above noted infection. It's Grisoft free AVG
> > with the latest updates. This PC is also protected by ZoneAlarm,
> > Belkin WiFi router with firewall, SpyBot(resident). A normal
> > Shutdown was done 12 hours earlier with no indication of any
> > problems. There are still no indications of any problems EXCEPT that
> > AVG claims it's found this trojan. There have been no floppy
> > operations/mounts, no CD operations/mounts and no downloads and
> > installs of anything since an hour before shutdown last night and
> > now.
> >
> > From the DOS prompt I can see a file C:\NULL that has a 5/5/05 date.
> > Since 5/5 both a full manual AVG and Trend HouseCall 6 run have been
> > done on this PC finding nothing.
> >
> > So where and how did this file C:\NULL that AVG claims is Trojan horse
> > Downloader.Generic.ML appear from? Was it really there since 5/5 but
> > went unnoticed by both AVG and Trend HouseCall 6 and then this
> > morning AVG suddenly downloaded a new definition file which started
> > seeing this trojan? OR did something penetrate all the firewalls and
> > suddenly spawn this file which AVG quickly recognized?
> >
> > What likely happened here?
> >
> > The operation I was in the middle of when AVG popped up was reading a
> > text only no attachment NG message in OE 6.00.2800.1123.

Relevant Pages

  • Re: downloader.small.27.k
    ... | vault and then delete it and run AVG which finds nothing. ... | or so AVG catches another instance of this Trojan. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ...
    (alt.comp.anti-virus)
  • Prob - AVG False Positive? - AdAware aawsepersonal.exe (V1.06) Detected as Trojan BackDoor
    ... Detecting the Current Install File for AdAware SE Personal V1.06 ... as being Infected with a Trojan, ... AVG is picking it up as being a Trojan!!! ... & when the File is being Downloaded from at least 2 reputable DownLoad ...
    (uk.people.silversurfers)
  • Re: Prob - AVG False Positive? - AdAware aawsepersonal.exe (V1.06) Detected as Trojan BackD
    ... > Detecting the Current Install File for AdAware SE Personal V1.06 ... > as being Infected with a Trojan, ... > AVG is picking it up as being a Trojan!!! ... > & when the File is being Downloaded from at least 2 reputable DownLoad ...
    (uk.people.silversurfers)
  • Re: ZoneAlarm not blocking AVG auto update
    ... varies from computer to computer) every time you boot up. ... It is enough time for a trojan to phone home and download an update or other malicious code. ...
    (alt.computer.security)
  • Re: Update notifications
    ... So then everyone goes online to grab it and.....but hold ... I have my computer set to update AVG when I boot up. ... my next boot up for that most recent update to download. ...
    (uk.people.silversurfers)
Quantcast