Re: sinteri virus



Just spoken to Adrian on the 'phone, and he did run the remaining two
av-sweeps in Multi-av items 3 and 4. i.e. Last night, I ran the Sophos one
and then set the Trend one running and went home. He tells me that he ran
the other two and now the CA etrust a/v "real-time" virus alert, for
sinteri, is not appearing but, there is an extra small CA-etrust icon in his
system tray with a little yellow thingy on it that pops out a message ballon
saying ....*etrust ...virus has been detected* and one can't do anything
else with it, for example right-click it to get a pop out menu or get iy to
expand in any way. * = his phone descriptions are even more vague and
inaccurate than I am !

Am on my way over there now, to have another go - will post any new findings
later.
.....will subscribe him to this NG in OE so that I can copy and paste things
more accurately !

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23yZC4x5dGHA.5016@xxxxxxxxxxxxxxxxxxxxxxx
From: "RJK" <notatospam@xxxxxxxxxxx>

| Well, just got back !
|
| While burning multi-av to cd-r, I did a Google and found
| http://www.ar15.com/forums/topic.html?b=1&f=124&t=458854
| where someone said use:-
|
http://securityresponse.symantec.com/avcenter/venc/data/trojan.abwiz.removal.tool.html
| to remove sinteri, so I downloaded and took that with me but, it didn't
find
| anything.
|
| I copied the multi-av directory to his c:\drive - booted up in Safe
mode -
| and did the Sophos sweep, (that took over 80 minutes on his now aged
| xp1800), and it found two items:-
| Troj/Dwnldr-AEQ and
| Troj/Dwnldr-CBY
| located in restore points ? i.e. there was big line of nos. and
dashes
| which looked registry keys in curly brackets, and _restore was in the
| pathname somewhere
| and the 2 files ? containing the 2 items found, were named
A000????.exe
| or something very like that.
|
| Anyway, I left him running the no.2 option in multi-av - 'Trend' :-)
|
| Of interest (maybe) was that before I got there he had run up to date
| Adaware and Spybot sweeps and they didn't find anything !
|
| regards, Richard


Hi Richard:

There is no real wrireup at Sophos on "Troj/Dwnldr-CBY" and
"Troj/Dwnldr-AEQ".
I can only conclude that they are simple Downloader Trojans but are
indicative that they
*may* be more.

I wish after Sophos you ran McAfee. McAfee is at ~190,000 signatures
while Trend is
~117,000.

What would have been important to report was what is teh filly qualified
name and path of
the file(s) deemed by CA eTrust to be infected by the Sinteri infector.

Also I will note that Ewido is a fine product. Ewido was just recently
bought by Grisoft,
maker of AVG AV. Hopefully this purchase will IMPROVE Grisoft AVG's
software offering.

One final note is the Zone Alarm packages CA eTrust with it and often
those that say "Zone
Alarm" finds an infector really mean CA eTrust. { Likwise CA eTrsut
packages Zone alarm
FireWall with their software }

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm




.



Relevant Pages

  • Re: sinteri virus
    ... One final note is the Zone Alarm packages CA eTrust with it and often those that say "Zone ... Alarm" finds an infector really mean CA eTrust. ...
    (microsoft.public.security.virus)
  • Re: Trend Pattern File Version: 2.207
    ... Nope Pattern File 2.212 fails to detect it! ... Trend is too slow to post a sig. ... file when you submit an infector to them. ... send you my McAfee info and script, ...
    (microsoft.public.security.virus)
  • Re: Lovegate Virus (I think...)
    ... The Lovegate is and has been the #1 infector according to Trend. ... This will find and indicate any infectors other than Lovegate. ... Non of the mails were ...
    (microsoft.public.security.virus)
  • Re: Trend Pattern File Version: 2.204.00 -- 434 new viruses detected by the pattern file.
    ... Unless Trend created Pattern File 2.205, 2.206 only adds 8 new infectors. ... The following UseNet post ocontains the infector McAfee flags as "W32/Spybot.worm.gen.e" ... Trend fails to identify this infector, in 2.206, even though it was submitted to them :-( ...
    (microsoft.public.security.virus)
  • Re: svrhost.exe?
    ... If it is truly spelled "svrhost.exe" it may be an infector. ... Go to McAfee or Trend and perform an on-line scan of your PC ASAP. ... i know windows xp has a normal process named ...
    (microsoft.public.security.virus)