Results 1 to 4 of 4

Thread: Advance Trojan Analyzer option

  1. #1
    Join Date
    Aug 2002
    Location
    Paris, France
    Posts
    19

    Advance Trojan Analyzer option

    Hi All-

    When I run Tauscan in normal mode i.e. without the Advance Trojan Analyzer, the software does not find anything at all.

    But, yesterday, I decided to take that option. The result is catastrophic: 8 trojans are found, all from Computer Sky.

    How serious are the threats? I had all trojan deleted but still am not reassured.

    Would someone has used this feature and/or can tell me more about it?

    Many thanks.
    TheGirlz

  2. #2
    Join Date
    Mar 2002
    Location
    I'm Your Huckleberry
    Posts
    6,676
    thegirlz, i have done an extensive search
    on that trojan you mention and have found
    nothing??
    maybe someone will come along with more knowledge
    with Tauscan(i use Thojan Hunter)
    hang in there this is a wonderful place full of great people!!
    i am sure someone will come and help.
    also i will keep looking..


    Microsoft MVP Consumer Security
    r u xprincD


  3. #3
    Join Date
    Jul 2001
    Posts
    97
    whenever you run the advance trojan analyzer you increase the risk of getting false positives. I wouldnt worry about it, in my opinion these are just false positives, if you were infected this badly tauscan would have found them without the trojan analyzer being turned on. but if your worried about it you could always d/l another trojan program and see if you get the same reslut, just to be on the safe side.

    Chris
    science is truth, and truth is beauty!




  4. #4
    Join Date
    Mar 2002
    Location
    I'm Your Huckleberry
    Posts
    6,676
    this is what i found with a little help.
    and this is just incase it was a typo in your
    first post???
    but as chev says could be a false-positive


    VSantivirus no. 839 - Year 6 - Thursdays 24 of October of 2002

    Troj/WinSpyer. Capturador of the keying (Spy.exe)
    http://www.vsantivirus.com/winspyer.htm

    Name: Troj/WinSpyer
    Type: Trojan horse
    Alias: BDS/WinSpyer, Spy, WinSpyer
    Date: 23/oct/02
    Size: 52.2488 bytes
    Platform: Windows 32-bits

    One is a troyano of the type "to keylogger" (capturador of the keying), which allows him to rob sensible information for the infected user, like passwords, information of credit cards, etc.

    Notice that one is not about a virus nor a worm, that can propagate in case single. It requires the direct action of the user damaged for his execution (double click on the file), reason why usually it is used in premeditaded form by some attackers, forcing by means of deceits to his execution. Also it can be unloaded of malicious sites, disguised of some utility that wakes up our curiosity.

    Like always, it is recommended not to open archives sent without its consent, nor to execute nothing unloaded of Internet or whose source is diskettes, CDs, etc., without reviewing it with one or two before antivirus to the day.

    When the troyano is executed, the same copy to the folder System of Windows:
    C:\Windows\System\Spy.exe

    ' C:\Windows\System' can vary according to the installed operating system (with that name by defect in Windows 9x/ME, like ' C:\WinNT\System32 ' in Windows NT/2000 and ' C:\Windows\System32 ' in Windows XP).

    Also all the keying by the user creates the following file containing:

    C:\Windows\System\Spy.txt

    The troyano modifies the following entrance of the registry to autoejecutar itself in each resumption of Windows:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SPY = C:\Windows\System\Spy.exe

    The name "Spy.exe" can be changed by the attacker.

    We recommended to use a program type firewall (fire-resistant) like the ZoneAlarm, which will stop and notice the connection of some troyano with Internet, as well as an attempt to accede to our system.

    ZoneAlarm (gratuitous for its personal use), in addition to being excellent fire-resistant ones, also prevents the execution of any associate with possibilities of having virus (with no need to have to update it with each new version of a virus).

    More information:

    VSantivirus No. 117 - 2/nov/00
    Zone Alarm - the red button that disconnects its PC of the network
    http://www.vsantivirus.com/za.htm


    Manual repair

    1. Update his antivirus with the last definitions, soon reinitiates Windows in way on approval of failures, as it is indicated in this article:

    VSantivirus No. 499 - 19/nov/01
    How to on approval initiate its computer in Way of failures.
    http://www.vsantivirus.com/faq-way-fallo.htm

    2. Ejectelos in way I scan, reviewing all its hard disks

    3. Erase the archives detected like infected


    Microsoft MVP Consumer Security
    r u xprincD


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LOG ANALYTICS: Outpost Log Analyzer
    By David in forum Announcements
    Replies: 0
    Last Post: 11-03-2004, 16:56
  2. Outpost Log Analyzer
    By Sphinx in forum Outpost Pro FIREWALL General Discussions, Support, and Troubleshooting
    Replies: 19
    Last Post: 07-27-2004, 00:04
  3. Attack Log Analyzer!!!Please!!!
    By DCASPER in forum Retired Threads
    Replies: 3
    Last Post: 06-28-2002, 03:24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •