The infections hook in at the deepest levels of windows. I've burned far more hours fighting these than it took when I finally gave up and re-loaded.
Chris Green -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 15, 2005 11:22 AM To: [email protected] Subject: [gb-users] several 3rd party apps hold trojan payloads All, Over the past 4 days I have seen literally a dozen + systems (not all on same network) compromised with multiple trojans that included an undetectable trigger method for re-infection. On one, it took spysweeper, spybot32 S&D and the latest Microsoft beta version antispyware products as well as the latest Symantec AV product to free the systems of the trojans (over 7 different in this case). In addition, the system still tries to re-infect, but spysweeper and the MS beta products are preventing the trigger. I have traced the traffic and much of it is using a defunct protocol for a stocks and finance app. The originating source turned out to be two (so far identified) 3rd party applications. One was "anti adware" product, the other was a "popup blocker" with a toolbar. In both cases the apps also installed toolbars into IE and the desktop (after a few days) and then only allowed popups and ads that they provided. The Trojans incorporated a keystroke logger, an ftp client (for uploading keystroke and other logs and for updating the trojans), and internet monitoring and logging. In short, anything the systems were used for were totally compromised! This is a very dangerous threat and I have yet to isolate the actual means of re-infection other than it uses the internet to retrieve the source. It may be a reg entry, or a script... Thanks, Danny ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ __________ NOD32 1.1026 (20050314) Information __________ This message was checked by NOD32 antivirus system. http://www.nod32.com ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
