Hmm that’s odd. How big is the file? Can you zip up the files and upload them somewhere for me to get? I can run it through our systems and tell you what I find out about the files.
Thanks, ------------------------------------------ Ali Mesdaq (CISSP, GIAC-GREM) Sr. Security Researcher Websense Security Labs http://www.WebsenseSecurityLabs.com ------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Franc Sent: Tuesday, October 14, 2008 5:40 PM To: hardware@hardwaregroup.com Subject: Re: [H] Trojan?? I started sending my file to your site about a hour ago and it still has not been sent completely. It says do not stop until it is complete. How long does it take? Sam Mesdaq, Ali wrote: > Try scanning those online at www.virustotal.com . Scanning against all those > AV's gives what I call decent detection. > > Thanks, > ------------------------------------------ > Ali Mesdaq (CISSP, GIAC-GREM) > Sr. Security Researcher > Websense Security Labs > http://www.WebsenseSecurityLabs.com > ------------------------------------------ > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Franc > Sent: Tuesday, October 14, 2008 11:13 AM > To: hardware@hardwaregroup.com > Subject: Re: [H] Trojan?? > > Brian, > I have been running an AVG scan and it has found several places for the > "Trojan Horse Agent_r.CX" in Zone Alarm setup files on my desktop. > Zls setup_70_484_000 > 70_337_000 > 70_483_000 > 70_462_000 > If I put those files in recycle bin and empty it will that get rid of them? > Sam > > > > > Brian Weeden wrote: > >> Could be a few different things going on. Might have been a false positive >> and you might have killed something necessary for your internet connection >> to work. But it might have also been a real trojan. Sometimes they insert >> themselves pretty deeply in system processes and removing them breaks the >> links that allows things like the network stack to work. >> >> Try rebooting, see if that helps. Also try safe mode. But don't get your >> hopes up. >> >> --------------------------- >> Brian Weeden >> Technical Consultant >> Secure World Foundation <http://www.secureworldfoundtion.org> >> +1 (514) 466-2756 Canada >> +1 (202) 683-8534 US >> >> >> On Tue, Oct 14, 2008 at 12:04 PM, Sam Franc <[EMAIL PROTECTED]> wrote: >> >> >> >>> This am when I started up a message came on the screen from AVG. >>> "AVG finds you have a trojan. Do you want to remove it forcefully?" >>> I clicked yes and the message reappeared. >>> I could not get rid of it. >>> I restarted the computer and the message was gone. >>> Now when I start Firefox I get a message it is taking to long no matter >>> what URL I try to get. >>> Is that the trojan working? >>> What should I do now? >>> >>> -- >>> Sam Franc >>> On the Oregon Coast >>> I must be willing to give up what I am >>> in order to become what I will be.-Einstein >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - http://www.avg.com >>> Version: 8.0.173 / Virus Database: 270.8.0/1723 - Release Date: 10/13/2008 >>> 6:42 PM >>> >>> >>> > > -- > Sam Franc > On the Oregon Coast > I must be willing to give up what I am > in order to become what I will be.-Einstein > > > > Protected by Websense Hosted Email Security -- www.websense.com > > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.173 / Virus Database: 270.8.0/1723 - Release Date: 10/13/2008 > 6:42 PM > > -- Sam Franc On the Oregon Coast I must be willing to give up what I am in order to become what I will be.-Einstein
