Home > General > Troj_nail.b

Troj_nail.b

Logged sorebie Newbie Posts: 12 Re: Aurora Trojan / Virus « Reply #24 on: June 28, 2005, 11:24:21 PM » I'm kind of confused why Avast doesn't recognize Nail.exe as a However, since avast does the virus scan outside of safemode (the scan on boot), it would be PERFECT for ridding of this nasty one if it recognized all components of it. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). The proxy server runs continuously in the background listening on a randomly chosen TCP port and allows data to be routed through the computer. his comment is here

The Trojan may attempt to run other malicious files on the infected system. Logged The best things in life are free. Hello and welcome to PC Review. http://www.sophos.com/virusinfo/analyses/trojbankpreda.html Flag Permalink This was helpful (0) Collapse - Troj/SocksPr-D by roddy32 / September 23, 2005 10:01 AM PDT In reply to: VIRUS ALERTS - September 23, 2005 Type Trojan Troj/SocksPr-D

I've attached my Hijack This log below. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Logged FreewheelinFrank Avast Evangelist Ultra Poster Posts: 4862 I'm a GNU Re: Aurora Trojan / Virus « Reply #28 on: July 01, 2005, 06:32:04 PM » I think the only people The file SVKP.sys is registered as a new system driver service named ''SVKP'', with a display name of ''SVKP'' and a startup type of automatic, so that it is started automatically

  1. thankyou minameise, Jun 13, 2005 Replies: 4 Views: 581 Cookiegal Jun 15, 2005 Locked Strange Question Bill P, Jun 15, 2005 Replies: 3 Views: 529 Bill P Jun 15, 2005 Locked
  2. These are indeed 'hidden files'.
  3. Regards, Usetobe 0 #3 tstouder Posted 03 July 2005 - 04:15 PM tstouder New Member Topic Starter Member 4 posts Actually, I am now virus/spyware free.
  4. W32/Rbot-AJR includes functionality to: carry out DDoS flooder attackssilently download, install and run new softwareaccess the internet and communicate with a remote server via HTTPact as a SOCKS4 proxydisable other software,
  5. Similar Threads BUG REPORT: Scan results dialog Mark, Jan 10, 2005, in forum: Spyware Discussion Replies: 0 Views: 572 Mark Jan 10, 2005 Are these dangerous?
  6. The worm spreads to network shares with weak passwords and the following operating system vulnerabilites: LSASS (MS04-011)RPC-DCOM (MS04-012)WKS (MS03-049)WebDav (MS03-007)IIS5SSL (MS04-011)MSSQL (MS02-039)UPNP (MS01-059)Dameware (CAN-2003-1030) The following patches for the operating system

http://www.sophos.com/virusinfo/analyses/dialeochaa.html Flag Permalink This was helpful (0) Collapse - W32/Bobax-P by roddy32 / September 23, 2005 6:03 AM PDT In reply to: VIRUS ALERTS - September 23, 2005 Aliases Net-Worm.Win32.Bobic.d W32.Bobax.worm.gen W32/Tilebot-B spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user. Troj/Iefeat-AP may drop a file detected as Troj/Dloader-AQ. exe) ---------------------------------------------------------- Microsofts Antispyware found 22 Files Transponder Reco = 3 (ahreco.exe,mm_reco.exe,tt_reco.exe) Transponder Bolger = 1 (Bolger.dll) Transponder DrPmon = 1 (drpmon.dll) Transponder Aurora = 2 (svcproc.exe,nail.exe) Transponder Thinstaller = 1

Memory usage is always 188k when it starts and then it changes to 196 or 202 or somewhere in the 350s. Troj/Whistler-F will attempt to delete files on the user's computer. If you're having a computer problem, ask on our forum for advice. http://www.sophos.com/virusinfo/analyses/w32mytobkc.html Flag Permalink This was helpful (0) Collapse - W32/Codbot-AA by roddy32 / September 23, 2005 7:46 AM PDT In reply to: VIRUS ALERTS - September 23, 2005 Type Spyware Worm

Download Chrome SMF 2.0.13 | SMF © 2015, Simple Machines XHTML RSS WAP2 Page created in 0.051 seconds with 18 queries. Aurora aka Transponder gang monstruosity.greets,polonus Logged Cybersecurity is more of an attitude than anything else. W32/Rbot-AOX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. It is only to diagnose, moreover it is fast.Greets,polonus Logged Cybersecurity is more of an attitude than anything else.

Please post the logs he requested and we'll get after it. 0 #10 Guest_usetobe_* Posted 26 July 2005 - 02:14 PM Guest_usetobe_* Guest Due to lack of feedback, this topic has Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion Generated Wed, 08 Mar 2017 04:52:45 GMT by s_za3 (squid/3.5.23) Please click here if you are not redirected within a few seconds. Lisandro Avast team Certainly Bot Posts: 66938 Re: Aurora Trojan / Virus « Reply #16 on: June 22, 2005, 04:04:38 PM » Quote from: polonus on June 22, 2005, 03:51:31 PMBazooka

Or they might just be an oversight and be empty. this content Take me to Trend Micro Business Trend Micro For Home SECURITY NEWS Business Security Home & Office Security THREAT INTELLIGENCE CENTER Targeted Attacks Internet of Everything Mobile Safety RESEARCH & ANALYSIS Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole Sometimes they may contain files which may be used by other programs.

Logged Bambleweeny 57 sub-meson brain Don't Surf in the Nude Blog sorebie Newbie Posts: 12 Re: Aurora Trojan / Virus « Reply #29 on: July 01, 2005, 09:36:01 The Trojan downloads and executes additional files from a remote site. Your cache administrator is webmaster. http://songstersoftware.com/general/troj-vb-aml.html Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where

I cleaned off all the spyware they found and deleted lots of entries from the run lines. The file contains the message "You did a piracy, you deserve it." http://www.sophos.com/virusinfo/analyses/trojwhistlerf.html Discussion is locked Flag Permalink You are posting a reply to: VIRUS ALERTS - September 23, 2005 The These may contain log files, reports or configuration information.

http://www.sophos.com/virusinfo/analyses/dialscomd.html Flag Permalink This was helpful (0) Collapse - Troj/Revopdo-A by roddy32 / September 22, 2005 10:53 PM PDT In reply to: VIRUS ALERTS - September 23, 2005 Aliases Trojan-Downloader.Win32.Revop Type

cause virustotal says it is a trojan with antivir)ArcaVir  Found Trojan.Nail.B3  Avast  Found Win32:Adan-093  AVG Antivirus  Found Generic.EA  BitDefender  Found Adware.Nail.A  ClamAV  Found nothing Dr.Web  Found Trojan.Nail  F-Prot Antivirus  Found W32/[email protected]  W32/Rbot-AOX spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007). No, create an account now. Also handy to see what regedit does not see with Reglite from http://www.resplendence.com/download/reglite.exe.Well keep your shields up, your scanners sharp, and stay away from spyware base that is unsafe P2P.yours faithfully,polonus

The worm contains backdoor functions that allows unauthorized remote access to the infected computer via IRC channels while running in the background. Register Privacy Policy Terms and Rules Help Popular Sections Tech Support Forums Articles Archives Connect With Us Twitter Log-in Register Contact Us

Log in or Sign up Tech Support Guy Can anyone suggest any other steps I can take? check over here polonus Avast Überevangelist Maybe Bot Posts: 28644 malware fighter Re: Aurora Trojan / Virus « Reply #15 on: June 22, 2005, 03:51:31 PM » Hello FreewheelinFrank and other forum members,I think

Viruses and worms are not created by people with names, by companies with websites.The people responsible for Aurora not only have a website, they are also very proud of their new Sorry about the delay in getting to your post, we have been very busy. Configuration files may also be downloaded which define further behaviors. It is nothing more than a scanner, but it is quick, it is updated in a regular fashion.Polunus, in the past I've tried it but the updates were not that frequently

This applies only to the original topic starter. doesn't target spyware. It is nothing more than a scanner, but it is quick, it is updated in a regular fashion. is right to call it a Trojan and to target it.My only argument is that it is not right to call the Aurora thing a virus or worm.

Avast Evangelists.Use NoScript, a limited user account and a virtual machine and be safe(r)! Please refer to our CNET Forums policies for details. Preview post Submit post Cancel post You are reporting the following post: VIRUS ALERTS - September 23, 2005 This post has been flagged and will be reviewed by our staff. http://www.sophos.com/virusinfo/analyses/trojcertifh.html Flag Permalink This was helpful (0) Collapse - Troj/Torpig-F by roddy32 / September 23, 2005 7:50 AM PDT In reply to: VIRUS ALERTS - September 23, 2005 Aliases Trojan-PSW.Win32.Agent.bu PWS-JA

W32/Tilebot-B attempts to interfere with and disable certain security related processes. http://www.sophos.com/virusinfo/analyses/trojspydldrb.html Flag Permalink This was helpful (0) Collapse - W32/Mytob-KC by roddy32 / September 23, 2005 6:08 AM PDT In reply to: VIRUS ALERTS - September 23, 2005 Aliases WORM_MYTOB.IX [email protected] Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit. Did you run Spybot with latest defs ?

The Surb View Public Profile Find all posts by The Surb #3 06-27-2005, 04:07 PM Bendarr Guest Join Date: Sep 2004 You will also wish to make sure