Re: spyware



From: "Panda_man" <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx>



| Panda_man :
| Hello !
| I have read your site several times ...and I still remember the address ->
| elephantboycomputers.com

| The tool in Method 1 -> I would never use it.
| Even before downloaded ,Panda is detectiong it as a PUP/Hack Tool/
| I have submitted it to Panda Labs and the answer was NO FALSE POSITIVE =
| REALLY PUP(potentially unwanted software).

| Fortunately , the instructions ( in pandaman.my.contact.bg ) help .
| As I say in the web-site , if the fast instructions fails , the detailed
| helps and I have used Panda Titanium 2006 many times to remove SpyFalcon.
| (IMO -SpyFalcon is easy to remove nowadays) .However ,we have already
| discussed that so please let us not discuss it again .

| Again , thanks for reminding me to quote after the Original Post ,
| well...I'll try it.
| Thanks again.

| Panda_man
| --
| Prevention is always better than cure !
| Panda TruPrevent - the most intelligent technology to combat unknown malware

Well here is the 411 on this...

Such software is installed via a vulnerability exploitation or through an already
installed downloader Trojan. In this case it could have been one of the numerous
WMF Exploits or Sun Java. There are there the ZLob family of Trojans.

The problem is you aren't just targgeting the SpyFalcon. It is just the end
result of of an already exploited PC. One the PC is found to be vulnerable there
are numerous modifications to the OS and Registry. The tools that I suggest
specifically target a range of known files, Registry settings, HTML files,
Desktop alterations, Policy settings, etc.

The problem with V software is that it may find a Trojan or some Trojanized files
but they tend to fail in dealing with teh big picture of alterations and
modifications as well as the "sister" infectors that may be associated.

I don't mention,l although maybe I should, about plugging the WMF Exploit
vulnerability. I hope that Windows Update has already done so. However, as seen
in numerous HJT Logs, the Sun Java Vulnerability is addressed. Curing the
infection is only part of the issue, plugging the vulnerability hole is just as
important or there is a liklelyhood of re-infection.

You'll notice that I don't suggest my tool, Secure2K's or noahdfear's tool. Each
has its strengths and weaknesses dealing with the threat as a function of time.
Hopefully the use of multiple tools will mitigate the infection based upon the
fact that each is updated differently and for different aspects. The one thing
that sets my tool apart is not only is it hard coded for the known threats bu it
usdes the Mcafee command line scanner and its Heuristic and signature based
detection to catch what is not hard coded are is not targeted. I can also say
the my version of the SmitFraud Trojan tool is much more broad based and covers
many other threats. This includes the non-rootkit Apropos, Alexa, Delf family,
Surf Side Kick and many others.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.



Relevant Pages

  • Panda Security Software Local Privilege Escalation
    ... Panda Security Software Local Privilege Escalation ... Panda Internet Security 2010 ... Insecure permissions of Panda program files have not been fixed, vendor solved the vulnerability by improving of Panda self-defense. ...
    (Bugtraq)
  • Re: Virus on yahoo.com home page
    ... the think abou Yahoo which is false.I just went to Yahoo and Panda didn't ... Panda TruPrevent - the most intelligent technology to combat unknown malware ... Panda has never pop-ed up saying there is a trojan on the site. ...
    (microsoft.public.security.virus)
  • Re: On classifying attacks
    ... The vulnerability is one to automatically ... "opportunistic" exploitation (attacker has no control over when the ... Depending on the normal channels by which the "trojan" is delivered, ... local user into changing into a directory with a large name would be ...
    (Bugtraq)
  • [Full-disclosure] New PowerPoint 0-day Trojan in the wild
    ... New zero-day vulnerability in Microsoft PowerPoint has been disclosed. ... This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E. ... Possibly attackers/targets are located in China area or bad guys just tested the Trojan with Chinese version. ...
    (Full-Disclosure)
  • Re: cloud antivirus
    ... I am afraid I am artistic rather than scientific but my memory is that Panda told me the string where the trojan was. ...
    (alt.comp.anti-virus)