Infection: Trojan horse Downloader.Generic9.AQZF
in [Viruses]
|
Prev: VIRUS QUESTION
Next: Ping: David H Lipman
From: ~BD~ on 21 Mar 2010 14:29 FromTheRafters wrote: > "Virus Guy"<Virus(a)Guy.com> wrote in message > news:4BA63FEF.DB097C65(a)Guy.com... >> "David H. Lipman" wrote: >> >>> In short, it is a trojan and not a virus >> >> Don't you think that berating people over the use of the terms "virus" >> and "trojan" is a waste of time? > > There was a time when user education was thought to be the only hope in > combating malware (I think it is now considered hopeless). The > difference in the behavioral shift between trojan and virus is enough to > warrant differing methods of fighting them. The distinction is > *important* and it is unfortunate that the popular term for malware has > become "virus". > >> What is the practical consequence of insisting on the useage of >> correct >> terms? Other than pointing out the correct term, you made no >> distinction between the two that was useful to the OP in this context. > > Here, I agree. It would be much better if the important distinctions > were laid out. However, many folks just don't care about the details. > >> I see little to no usefulness anymore in being critical over the >> interchangable common use of the word "virus" to describe various >> forms >> of malware, and specifically the us of the word "virus" to describe >> what >> might actually be a trojan. > > That is why the English language is getting so crappy. Important > distinctions are blurred in favor of popular misuse of terms. > >> In more technical settings or circumstances the use of incorrect >> terminology can be a hindrence or distraction, but this forum (and >> specifically this and other similar threads) is no such place. > > ...but it offers a substantial opportunity to educate readers. > > I agree with all your comments, FTR
From: David W. Hodgins on 21 Mar 2010 15:15 On Sun, 21 Mar 2010 14:03:09 -0400, Virus Guy <Virus(a)guy.com> wrote: > And my main point (which you haven't addressed) is the irrelavancy of > fighting the common useage of the term "virus" to describe what may very > well be trojans, or even worms. Knowing whether it's a virus or a trojan, and specifically which one, is important when it comes to determining which files are likely to have been damaged, and need to be repaired or replaced. If it's a destructive virus, such as the old ripper mbr virus (with a win 98 or earlier system), that causes general file system corruption, then nothing on the hard drive can be considered safe, including data. With most viruses, all .exe and/or .com files will need to be either disinfected, or replaced, depending on which virus is involved. With most trojans, simply stopping the trojan from starting, and then removing it, is all that's needed. If the trojan includes a backdoor, that has been running, the entire system should be reinstalled, since there is no way of knowing what has been done to the system, using the backdoor. If a backdoor trojan, or known spyware has been running, you should assume all account information (email,banking,etc.), has been compromised. With downloader trojans, you need to know if something else (quite possibly not yet detected by scanners) has been downloaded, and if so, what it is, before you can decide what action should be taken. If you are unable to identify all malware that has been running, you should assume nothing on the hard drive is safe, including data, and that all online credentials have been harvested. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Virus Guy on 21 Mar 2010 15:28 FromTheRafters wrote: > > In more technical settings or circumstances the use of incorrect > > terminology can be a hindrence or distraction, but this forum > > (and specifically this and other similar threads) is no such > > place. > > ...but it offers a substantial opportunity to educate readers. (sigh) I presume that someone that was interested enough to want to know the classical definition of a (computer) virus would either ask the direct question here, or look it up (on wikipedia, or elsewhere). In this case, the reader wanted to know how Downloader.Generic9.AQZF might have come to reside on his system. Pointing out that Downloader.Generic9.AQZF is a trojan and not a virus is a distraction, and misses the real opportunity to educate the OP as to how this specific exploit is known to be spread. I would agree with the OP that many web-pages purporting to describe the technical details of specific malware identities fall short in that regard. Knowing what a specific malware does when it runs on your system is nice to know. Knowing how a specific piece of malware got on your system in the first place is usually of far more interest.
From: David H. Lipman on 21 Mar 2010 15:37 From: "Virus Guy" <Virus(a)Guy.com> | FromTheRafters wrote: >> > In more technical settings or circumstances the use of incorrect >> > terminology can be a hindrence or distraction, but this forum >> > (and specifically this and other similar threads) is no such >> > place. >> ...but it offers a substantial opportunity to educate readers. | (sigh) | I presume that someone that was interested enough to want to know the | classical definition of a (computer) virus would either ask the direct | question here, or look it up (on wikipedia, or elsewhere). | In this case, the reader wanted to know how Downloader.Generic9.AQZF | might have come to reside on his system. | Pointing out that Downloader.Generic9.AQZF is a trojan and not a virus | is a distraction, and misses the real opportunity to educate the OP as | to how this specific exploit is known to be spread. | I would agree with the OP that many web-pages purporting to describe the | technical details of specific malware identities fall short in that | regard. | Knowing what a specific malware does when it runs on your system is nice | to know. | Knowing how a specific piece of malware got on your system in the first | place is usually of far more interest. Downloader.Generic9.AQZF -- A generic trojan downloader and is NOT a definition of an exploit code. As I posted... Since it is a trojan, it does self replicate and as such does not auto-spread. Trojans need assistance to be installed such as Social Engineering (human exploit) software vulnerabilities, web site compramise, etc. There is NO WAY to specifically provide how it got on the OP's computer. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Dustin Cook on 21 Mar 2010 15:57
Virus Guy <Virus(a)Guy.com> wrote in news:4BA63FEF.DB097C65(a)Guy.com: > "David H. Lipman" wrote: > >> In short, it is a trojan and not a virus > > Don't you think that berating people over the use of the terms "virus" > and "trojan" is a waste of time? No more than I think putting people in jail who drive without a valid license is a "waste of time". Some things just aren't worth letting go. > What is the practical consequence of insisting on the useage of correct > terms? Other than pointing out the correct term, you made no > distinction between the two that was useful to the OP in this context. Well, a trojan scanner isn't going to do much with a virus; and vice versa. That's just one "minor" if you will difference. Not important you say? Well, if it's a virus, and you recommend mbam, spybot, superantispyware; other than the obvious reaking of incompetence, it won't fix the problem. It's about having the right tool for the job. > I see little to no usefulness anymore in being critical over the > interchangable common use of the word "virus" to describe various forms > of malware, and specifically the us of the word "virus" to describe It's become interchangable only to the n00bs constantly flooding the net and the lazyness on the part of some individuals unwilling to educate the OP. > In more technical settings or circumstances the use of incorrect > terminology can be a hindrence or distraction, but this forum (and > specifically this and other similar threads) is no such place. This is alt.comp.virus; not alt.comp.trojan. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior |