Re: ***NEED HELP PLEASE***

From: "Emily" <Emily@xxxxxxxxxxxxxxxxxxxxxxxxx>

| So that means this very newsgroup can NOT do much in helping people with
| their malware problems if all we could do is suggest scanners for them to
| use.
| Looking at a hijackthis log would give us all the details of the problem and
| we would know then the right tool to use instead of suggesting scanners that
| will not fix their problem.
|
| We might as well save them the time and trouble of installing unnecessary
| programs and just point them straight to those forums. Unless of course the
| problem is very obvious and we know the exact scanner that fixes the problem.
|


I am putting the following in this thread for ALL readers !

There is now a nastry Trojan called "Downloader.agent.awf" and is making HIJack This logs
even LESS effective as ever.

This Trojan is REPLACING legitimate files with the same named file but is infact the Trojan.
From a HJT analysis POV you would NOT know the difference between the legitimate file and
the replacement file. You need to comapre the file sizes and/or file CheckSum values.

Here is an example...
One knows that this would be a Logitech Mouse software driver...
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

However, this Trojan is replacing EM_EXEC.EXE with a Trojan. A HJT log will NOT show this
fact and ONLY an anti virus scanner will detect and remove the malware.

At this time I am NOT sure of the validity of the statement that the Trojan creates a backup
of the legitimate file prior to replacing it with the Trojan file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: Someone figure out my mistake!
    ... >> Scanners: 7th Sphere and lots of bombers. ... >> a)Scanned the IP Address of my laptop. ... >> someone to activate the trojan in the victim's PC?? ... > say youre trying to hack your laptop, which means you would have known ...
    (alt.2600)
  • Re: ZA Pro and NAV both stall, then disappear
    ... Some trojans can simply be renamed to hide it from scanners. ... until it tries to install files, change system files or modify the registry ... for a script kiddie to pass a trojan through a lot of AV scanners. ... > Anyway, thanks for your help, and sorry for posting the suspect file ...
    (comp.security.firewalls)
  • Re: Opinions on these antitrojan sources?
    ... scanners to Trojan specific scanners: ... some of the better antivirus scanners are far superior ... to the popular Trojan specific scanners. ... fastest PCs when realtime scanning is used, ...
    (comp.security.firewalls)
  • Re: Trojan Help [Dropper.Agent.8.B]
    ... >I have the Dropper.Agent.8.B trojan, Everything I've used so far has failed ... Any advice as to where I can obtain the ... AVG is no longer detecting it but I'm going to run a few other scanners to ... Someone on the XP help group has used ...
    (alt.comp.anti-virus)