Advance Trojan Analyzer option

[thegirlz]

Hi All-

When I run Tauscan in normal mode i.e. without the Advance Trojan Analyzer, the software does not find anything at all.

But, yesterday, I decided to take that option. The result is catastrophic: 8 trojans are found, all from Computer Sky.

How serious are the threats? I had all trojan deleted but still am not reassured.

Would someone has used this feature and/or can tell me more about it?

Many thanks.

[hayc59]

thegirlz, i have done an extensive search
on that trojan you mention and have found
nothing??
maybe someone will come along with more knowledge
with Tauscan(i use Thojan Hunter)
hang in there this is a wonderful place full of great people!!
i am sure someone will come and help.
also i will keep looking..

[chev_rules]

whenever you run the advance trojan analyzer you increase the risk of getting false positives. I wouldnt worry about it, in my opinion these are just false positives, if you were infected this badly tauscan would have found them without the trojan analyzer being turned on. but if your worried about it you could always d/l another trojan program and see if you get the same reslut, just to be on the safe side.

Chris

[hayc59]

this is what i found with a little help.
and this is just incase it was a typo in your
first post???
but as chev says could be a false-positive


VSantivirus no. 839 - Year 6 - Thursdays 24 of October of 2002

Troj/WinSpyer. Capturador of the keying (Spy.exe)
http://www.vsantivirus.com/winspyer.htm

Name: Troj/WinSpyer
Type: Trojan horse
Alias: BDS/WinSpyer, Spy, WinSpyer
Date: 23/oct/02
Size: 52.2488 bytes
Platform: Windows 32-bits

One is a troyano of the type "to keylogger" (capturador of the keying), which allows him to rob sensible information for the infected user, like passwords, information of credit cards, etc.

Notice that one is not about a virus nor a worm, that can propagate in case single. It requires the direct action of the user damaged for his execution (double click on the file), reason why usually it is used in premeditaded form by some attackers, forcing by means of deceits to his execution. Also it can be unloaded of malicious sites, disguised of some utility that wakes up our curiosity.

Like always, it is recommended not to open archives sent without its consent, nor to execute nothing unloaded of Internet or whose source is diskettes, CDs, etc., without reviewing it with one or two before antivirus to the day.

When the troyano is executed, the same copy to the folder System of Windows:
C:\Windows\System\Spy.exe

' C:\Windows\System' can vary according to the installed operating system (with that name by defect in Windows 9x/ME, like ' C:\WinNT\System32 ' in Windows NT/2000 and ' C:\Windows\System32 ' in Windows XP).

Also all the keying by the user creates the following file containing:

C:\Windows\System\Spy.txt

The troyano modifies the following entrance of the registry to autoejecutar itself in each resumption of Windows:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPY = C:\Windows\System\Spy.exe

The name "Spy.exe" can be changed by the attacker.

We recommended to use a program type firewall (fire-resistant) like the ZoneAlarm, which will stop and notice the connection of some troyano with Internet, as well as an attempt to accede to our system.

ZoneAlarm (gratuitous for its personal use), in addition to being excellent fire-resistant ones, also prevents the execution of any associate with possibilities of having virus (with no need to have to update it with each new version of a virus).

More information:

VSantivirus No. 117 - 2/nov/00
Zone Alarm - the red button that disconnects its PC of the network
http://www.vsantivirus.com/za.htm


Manual repair

1. Update his antivirus with the last definitions, soon reinitiates Windows in way on approval of failures, as it is indicated in this article:

VSantivirus No. 499 - 19/nov/01
How to on approval initiate its computer in Way of failures.
http://www.vsantivirus.com/faq-way-fallo.htm

2. Ejecútelos in way I scan, reviewing all its hard disks

3. Erase the archives detected like infected