where does the xp security virus come from?
in [Viruses]
|
Prev: antivir za win98
Next: Ping: David Kaye
From: Jenn on 9 May 2010 11:22 "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:EfmdnUEcoPqFxnvWnZ2dnUVZ7v6dnZ2d(a)bt.com... > Jenn wrote: >> "FromTheRafters"<erratic(a)nomail.afraid.org> wrote in message >> news:hqs1gd$lj1$1(a)news.eternal-september.org... >>> "Jenn"<nope(a)noway.atnohow.anyday> wrote in message >> >>>>> It is a trojan, unless it self-replicates, in which case it is called >>>>> a >>>>> virus, unless it doesn't *need* to infect programs in order to >>>>> replicate >>>>> and spread, in which case it is a worm. >>>>> >>>>> It bears keeping in mind that just because something is undesired, >>>>> doesn't make it *malicious*. Just because something replicates, >>>>> doesn't >>>>> mean it is *malicious*. Just because it infects, doesn't make it >>>>> *malicious* (but you would be hard pressed to find an example of >>>>> non-malicious infection). >>> >>> Is there anything specific in there that you want claified? >>> >> >> >> Have you heard of something called: Trojan.Dropper ? What is it? One >> of >> the computers I use had it on there but Malwarbytes got rid of it. >> > > Hi Jenn :) > > A Trojan.Dropper is a type of Trojan whose purpose is to deliver an > enclosed payload onto a destination host computer. A dropper is a means to > an end rather than the end itself. In other words, the dropper is usually > used at the start or in the early stages of a malware attack. > > Once a dropper is executed, its own code is simply to load itself into > memory and then extract the malware payload and write it to the file > system. It may perform any installation procedures and execute the newly > dropped malware. The dropper usually ceases to execute at this point as > its primary function has been accomplished. > > Droppers are used by malware creators to disguise their malware. They > create confusion amongst users by making them look like legitimate > applications or well known and trusted files. > > They may also perform actions that mislead the user into thinking that > nothing untoward is happening on the computer when in fact the Trojan may > have already dropped and executed other malicious software. > Thanks Dave! see my response to you and Rafter on the same post. -- Jenn (from Oklahoma)
From: David H. Lipman on 9 May 2010 12:16 From: "Jenn" <nope(a)noway.atnohow.anyday> | "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message | news:hs636u$qhk$1(a)news.eternal-september.org... >> "Jenn" <nope(a)noway.atnohow.anyday> wrote in message >> news:hs5dcp$b7v$1(a)news.eternal-september.org... >>> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message >>> news:hqs1gd$lj1$1(a)news.eternal-september.org... >>>> "Jenn" <nope(a)noway.atnohow.anyday> wrote in message >>>>>>It is a trojan, unless it self-replicates, in which case it is called a >>>>>>virus, unless it doesn't *need* to infect programs in order to >>>>>>replicate >>>>>>and spread, in which case it is a worm. >>>>>>It bears keeping in mind that just because something is undesired, >>>>>>doesn't make it *malicious*. Just because something replicates, doesn't >>>>>>mean it is *malicious*. Just because it infects, doesn't make it >>>>>>*malicious* (but you would be hard pressed to find an example of >>>>>>non-malicious infection). >>>> Is there anything specific in there that you want claified? >>> Have you heard of something called: Trojan.Dropper ? What is it? One of >>> the computers I use had it on there but Malwarbytes got rid of it. >> Trojan.Dropper can refer to the initial non-replicating trojan that drops >> a virus (for instance a germ file that pretends to be a screen saver) or >> one that drops another non-replicating malware instance. Something like a >> trojan downloader except that instead of downloading and executing the >> additional malware it carries it within itself as a deliverable payload. | To both BD and Rafter... | It did behave like it was asking me to install a virus program, which I | didn't respond to anything except X out of the window... it wouldn't let me | run malwarebytes initially so I rebooted into safe mode, did a restore point | that was a few weeks ago, and booted normally... then I could run | malwarebytes... and if found the trojan.dropper and it deleted it. I | rebooted again ... and ran malwarebytes a 2nd time and nothing was found. | That was yesterday afternoon. Last night I did an update on malwarebytes to | make sure I had the most recent version and then did a 3rd scan and nothing | showed up. | Could I have gotten that from a link I opened that had a malvertizement in | it? High probability of being - Yes. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Jenn on 9 May 2010 14:11 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:hs6n5a0f9(a)news2.newsguy.com... > From: "Jenn" <nope(a)noway.atnohow.anyday> > | To both BD and Rafter... > > | It did behave like it was asking me to install a virus program, which I > | didn't respond to anything except X out of the window... it wouldn't let > me > | run malwarebytes initially so I rebooted into safe mode, did a restore > point > | that was a few weeks ago, and booted normally... then I could run > | malwarebytes... and if found the trojan.dropper and it deleted it. I > | rebooted again ... and ran malwarebytes a 2nd time and nothing was > found. > | That was yesterday afternoon. Last night I did an update on > malwarebytes to > | make sure I had the most recent version and then did a 3rd scan and > nothing > | showed up. > > | Could I have gotten that from a link I opened that had a malvertizement > in > | it? > > High probability of being - Yes. I thought I got out of the malvertizement before it got me... Is there a way to avoid such things? -- Jenn (from Oklahoma)
From: David H. Lipman on 9 May 2010 14:44 From: "Jenn" <nope(a)noway.atnohow.anyday> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:hs6n5a0f9(a)news2.newsguy.com... >> From: "Jenn" <nope(a)noway.atnohow.anyday> >> | To both BD and Rafter... >> | It did behave like it was asking me to install a virus program, which I >> | didn't respond to anything except X out of the window... it wouldn't let >> me >> | run malwarebytes initially so I rebooted into safe mode, did a restore >> point >> | that was a few weeks ago, and booted normally... then I could run >> | malwarebytes... and if found the trojan.dropper and it deleted it. I >> | rebooted again ... and ran malwarebytes a 2nd time and nothing was >> found. >> | That was yesterday afternoon. Last night I did an update on >> malwarebytes to >> | make sure I had the most recent version and then did a 3rd scan and >> nothing >> | showed up. >> | Could I have gotten that from a link I opened that had a malvertizement >> in >> | it? >> High probability of being - Yes. | I thought I got out of the malvertizement before it got me... Is there a | way to avoid such things? Not really as you don't know the specifics. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 9 May 2010 18:43
"Jenn" <nope(a)noway.atnohow.anyday> wrote in message news:hs6jtt$sc$1(a)news.eternal-september.org... [...] > To both BD and Rafter... > > It did behave like it was asking me to install a virus program, which > I didn't respond to anything except X out of the window... it wouldn't > let me run malwarebytes initially so I rebooted into safe mode, did a > restore point that was a few weeks ago, and booted normally... then I > could run malwarebytes... and if found the trojan.dropper and it > deleted it. I rebooted again ... and ran malwarebytes a 2nd time and > nothing was found. That was yesterday afternoon. Last night I did an > update on malwarebytes to make sure I had the most recent version and > then did a 3rd scan and nothing showed up. > > Could I have gotten that from a link I opened that had a > malvertizement in it? Yes, or any number of other ways that they use to foist this scareware upon users. I think you have done well in this case, some variations of scareware disable or corrupt your restore capability - *and* prevent safe mode access. |