AV

[Benny]

Just for reference. I scanned both games and file server, off line before attending the LAN.

I've just plugged back onto the network, run a spysweep and woohoo.....at the same time my Norton pops up an alarm, a trojan and a key logger.

Now it may just be me, but I'd suggest y'all check again, and who ever brought it to the LAN can bite my shiny metal ass.  

Or it could be a false positive. Just thought I'd let you know.

[smilodon]

I ran an AV & AT check as well as a Spybot scan yesterday and got nowt.  Although for me it's academic as I've formated the main drive and re-installed windows since then.

I was running Kaspersky AV, TDS-3 Anti-trojan, Spyware Blaster and SpywareGuard during the LAN and likewise got no triggers.

Anymore details as to what they were? Names etc.?

[TeaLeaf]

I'm clean as a whistle here.  ZAP and Sophos and PestPatrol and AT running.

TL.

[Benny]

Aye it may well be an anomola/anomone/aneomone  mistake.

It was running for the entire LAN, and didn't flag, but it was;

Keylog-Briss.ldr
Downloader-IQ

Which I'm sure if I could be TANGO'd to google would flag up as pink mackerel

[smilodon]

Nope youi're right, the Briss keylogger is real. It's a trojan so might not get picked up by an AV scan, although

most decent AV products should be able to spot it. It should get picked up by any decent AT product though.

If in doubt run regedit and look for the following registry entry

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"systray" = C:\test\A.EXE

If you have that then you have it!


Downloader-IQ is another trojan who's only job is to download some adware rubbish, specifically Purityscan & Buddylinks. Most decnt AT & AT sotfware should fin it and any Anti-Spyware program (Spybot, Spysweeper, Adaware) will find the resulting spyware.

Look for the following

c:\Program Files\ISTsvc\istsvc.exe
c:\Program Files\PurityScan\PuritySCAN.exe
c:\WINDOWS\Application Data\besu.exe
c:\WINDOWS\SYSTEM\expext.dll

[lecture]IMHO running just a AV product (especially a free one) just doesn't cut it anymore. Most of us are heavy Internet users. We load games, applications, patches and maybe use P2P file sharing services. That we also attend LANs where we generally switch of our firewalls means we should be more aware of, and more protected from virus, trojan and spyware threats.
A 'good quality' Anti-virus, an Anti-trojan, Anti-spyware and a firewall that we actually know is secure would be a minimum requirement for most of us.[ /lecture]

[Benny]

Cheers.

I run Macafee Enterprise, all the usual gubbins.

I don't have a software firewall as I'm an old fogey and I don't like them. I run a hardware one on my internet pipe, so am a little susceptible when on a LAN with you monkeys.

So...I obviously caught it from somewhere, c'mon, own up...

[Penfold]

Originally posted by Benny@Nov 2 2004, 03:26 PM
Cheers.

I run Macafee Enterprise, all the usual gubbins.

I don't have a software firewall as I'm an old fogey and I don't like them. I run a hardware one on my internet pipe, so am a little susceptible when on a LAN with you monkeys.

So...I obviously caught it from somewhere, c'mon, own up...

[post=68469]Quoted post[/post]

[/b]

I check my regedit and can't see that test.exe file nor the ones under program file. NAV did find a MSLAGENT exe file though?

Personally I blame Bridget . I would make a pun about backdoor entry viruses etc but that'd be just plain wrong  

PEN