Trojan Zombie
in [Anti-Virus]
|
From: B on 7 May 2010 19:16 I'm trying to help a friend who has had her computer compromised by a Trojan. Here is a portion of the correspondence sent to her by her ISP. You are receiving this email as Cogeco's network security dept has received reports of atypical email traffic from your system that is indicative of spam (unsolicited broadcast messages) being relayed through your system to remote mail servers. It is most likely that your system has been compromised with malware (i.e.: virus or Trojan) that is allowing a remote entity to relay spam through your system. If you are unable to contain and/or investigate this threat immediately we request you temporarily disconnect your system from the internet until you are able to further investigate. To prevent any possible interruption in service we require a follow up email within 24 hours - what malware you found, alternate reasons for this activity, what actions you are taking to prevent further incidents, etc. She uses a PC and a Laptop connected using a D-Link Wireless Router. I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses, and followed up with a clean scan using AVG. However, the Laptop is a different story. After booting it up, a number of apps opened and closed on their own. After 10 minutes of this nonsense, the machine shutdown completely, and could not be powered up at all. Can anyone think of any kind of malware that could have caused any or all of the symptoms described above, or any advice on further steps I need to take ? WinXP SP2, and it's also important to note that the Wireless connection had not been security-enabled. Thanks in advance, Brad
From: David H. Lipman on 7 May 2010 19:57 From: "B" <brad_roberts(a)cogeco.ca> | I'm trying to help a friend who has had her computer compromised by a | Trojan. Here is a portion of the correspondence sent to her by her ISP. | You are receiving this email as Cogeco's network security dept has received | reports of atypical email traffic from your system that is indicative of | spam (unsolicited broadcast messages) being relayed through your system to | remote mail servers. It is most likely that your system has been | compromised with malware (i.e.: virus or Trojan) that is allowing a remote | entity to relay spam through your system. | If you are unable to contain and/or investigate this threat immediately we | request you temporarily disconnect your system from the internet until you | are able to further investigate. To prevent any possible interruption in | service we require a follow up email within 24 hours - what malware you | found, alternate reasons for this activity, what actions you are taking to | prevent further incidents, etc. | She uses a PC and a Laptop connected using a D-Link Wireless Router. | I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses, | and followed up with a clean scan using AVG. However, the Laptop is a | different story. After booting it up, a number of apps opened and closed on | their own. After 10 minutes of this nonsense, the machine shutdown | completely, and could not be powered up at all. Can anyone think of any kind | of malware that could have caused any or all of the symptoms described | above, or any advice on further steps I need to take ? | WinXP SP2, and it's also important to note that the Wireless connection had | not been security-enabled. | Thanks in advance, If the Wireless was not secured and was not monitored then it could be compramised by a wardriver and thus using her Cogeco for a spam campaign. Of course, you friend is responsible. If for the PC using Malwarebytes. You said it eliminated 3 viruses. It really doesn't target viruses but what is needed to be known here is an excerpt of the log showing what was found by MBAM. As for the laptop, you said. "After booting it up, a number of apps opened and closed on their own. After 10 minutes of this nonsense, the machine shutdown completely, and could not be powered up at all. " If the notebook is powering up then it probably isnet all malware related. Malware WANTS the PC to be running such that its payload can do its required function. It is not in the interest of the vast majority of Today's malicious actor's to not have the infected platform running. Can you identify what those apps were that "...opened and closed on their own" ? As for WinXP SP2, it should have SP3 installed. It has been out for a LONG while now. I wonder what else has not been updated and thus vulnerable. Plaese find out... http://secunia.com/software_inspector -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 7 May 2010 20:11 "B" <brad_roberts(a)cogeco.ca> wrote in message news:lb1Fn.70$Ak3.20(a)newsfe16.iad... > I'm trying to help a friend who has had her computer compromised by a > Trojan. Here is a portion of the correspondence sent to her by her > ISP. > > You are receiving this email as Cogeco's network security dept has > received > reports of atypical email traffic from your system that is indicative > of > spam (unsolicited broadcast messages) being relayed through your > system to > remote mail servers. It is most likely that your system has been > compromised with malware (i.e.: virus or Trojan) that is allowing a > remote > entity to relay spam through your system. > > If you are unable to contain and/or investigate this threat > immediately we > request you temporarily disconnect your system from the internet until > you > are able to further investigate. To prevent any possible interruption > in > service we require a follow up email within 24 hours - what malware > you > found, alternate reasons for this activity, what actions you are > taking to > prevent further incidents, etc. > > She uses a PC and a Laptop connected using a D-Link Wireless Router. > > I've managed to scan the PC using Malwarebytes, and eliminated 3 > viruses, and followed up with a clean scan using AVG. However, the > Laptop is a different story. After booting it up, a number of apps > opened and closed on their own. After 10 minutes of this nonsense, the > machine shutdown completely, and could not be powered up at all. Can > anyone think of any kind of malware that could have caused any or all > of the symptoms described above, or any advice on further steps I need > to take ? > > WinXP SP2, and it's also important to note that the Wireless > connection had not been security-enabled. Tell them what you have done. There may be no way to tell whether the traffic was coming from her computers or just from her unsecured wireless network access point. BTW it is AVG that would address the unnamed "viruses" and MBAM the unnamed other malware. What were the malware names given by the antimalware and antivirus programs? They should be in their repective logs.
From: FromTheRafters on 7 May 2010 20:22 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message news:hs2a7d$7pm$1(a)news.eternal-september.org... > "B" <brad_roberts(a)cogeco.ca> wrote in message > news:lb1Fn.70$Ak3.20(a)newsfe16.iad... >> I'm trying to help a friend who has had her computer compromised by a >> Trojan. Here is a portion of the correspondence sent to her by her >> ISP. >> >> You are receiving this email as Cogeco's network security dept has >> received >> reports of atypical email traffic from your system that is indicative >> of >> spam (unsolicited broadcast messages) being relayed through your >> system to >> remote mail servers. It is most likely that your system has been >> compromised with malware (i.e.: virus or Trojan) that is allowing a >> remote >> entity to relay spam through your system. >> >> If you are unable to contain and/or investigate this threat >> immediately we >> request you temporarily disconnect your system from the internet >> until you >> are able to further investigate. To prevent any possible interruption >> in >> service we require a follow up email within 24 hours - what malware >> you >> found, alternate reasons for this activity, what actions you are >> taking to >> prevent further incidents, etc. >> >> She uses a PC and a Laptop connected using a D-Link Wireless Router. >> >> I've managed to scan the PC using Malwarebytes, and eliminated 3 >> viruses, and followed up with a clean scan using AVG. However, the >> Laptop is a different story. After booting it up, a number of apps >> opened and closed on their own. After 10 minutes of this nonsense, >> the machine shutdown completely, and could not be powered up at all. >> Can anyone think of any kind of malware that could have caused any or >> all of the symptoms described above, or any advice on further steps I >> need to take ? >> >> WinXP SP2, and it's also important to note that the Wireless >> connection had not been security-enabled. > > Tell them what you have done. > > There may be no way to tell whether the traffic was coming from her > computers or just from her unsecured wireless network access point. > > BTW it is AVG that would address the unnamed "viruses" and MBAM the > unnamed other malware. > > What were the malware names given by the antimalware and antivirus > programs? They should be in their repective logs. s <==== here's an 's' for "repective" above.
From: Gabriele Neukam on 8 May 2010 04:20
Am 08.05.2010 01:16, schrieb B: > After 10 minutes of this nonsense, the machine shutdown > completely, and could not be powered up at all. The latter seems to be a hardware issue. I am afraid that the laptop had a short circuit somewhere, that first caused this strange behaviour (keyboard sent irregular commands), until finally a fuse blew up. If there is no means of powering the laptop up again, the only way to save her data will be to remove the hard disk, and try if it can be read from an adapter. Gabriele Neukam Gabriele.Spamfighter.Neukam(a)t-online.de |