My first Trojan . . .

ummmm........

Extremely normal.
Joined
Dec 2, 2003
Messages
6,054
Location
An RKO Radio Picture
Awwww. It's so cute!

Anyway, I was bouncing around a few sites the other day (Okay, I was looking at porn, I admit it. Throw rocks at me why don't you.) and the Norton Antivirus window popped up and said it detected a trojan thingie and access to the file was denied. It did that a few times in a row and I closed the windows each time.

But it sort of freaked me out because this kind of thing has never happened to me before. So I disabled my internet connection and ran a full system scan, which resulted in five infected files. The NAV said to quarantine them, so I did, then I deleted the .zip file they were located in (since I didn't see the point in keeping them around).

I ran a full system scan again and it no longer detects any infected files (which is good, I guess), but I'm fairly paranoid, so my question is: How do I know that everything is really okay? I looked at my packets sent and received to see if it was different than it used to be, but then I realized I have no idea what it used to look like . . .

Anyway, I appreciate any help. Like I said, I assume I'm just being paranoid, but I'd like to know for certain . . .
 
Your PC is likely riddled with crap now

Use Adaware to give it a good clean
 
Yeah, I use Adaware and Spybot all the time, and I run the AV at least once a week, it's just that this is the first time anything's actually turned up . . .
 
Update Time! And again, I appreciate all of you indulging my paranoia . . .

The last couple of days, I've received several dozen emails to my hotmail and yahoo accounts (but not gmail), all of which claim to be from somewhere like 'admin@aol.com' or 'postmaster@charter.net' or something along those lines. They all have attachments and are all the same size (72-73KB) so I presume they're really all from the same place. Anyway, what I was wondering is if this could be related to my (hopefully eliminated) Trojan in any way . . .

The other possibility I thought of is that one of my friends had his contacts list compromised this weekend, and somewhere sent out an email to all the addresses he had. I didn't open that email, but I thought all these new emails might be that same place hoping eventually I might open one of them.

Before I realized what was going on, I opened one of the first ones that was sent (I didn't download the attachment of course!) and it was just a one or two line message about how my 'registration failed' or something like that.

Anyway, I've deleted the rest of them without opening them, but like I said, I was just wondering if this might have something to do with the Trojan or my friend's problem, or if it's just some unrelated general spam thingy.

Thanks again!
 
ummmm........ said:
Update Time! And again, I appreciate all of you indulging my paranoia . . .

The last couple of days, I've received several dozen emails to my hotmail and yahoo accounts (but not gmail), all of which claim to be from somewhere like 'admin@aol.com' or 'postmaster@charter.net' or something along those lines. They all have attachments and are all the same size (72-73KB) so I presume they're really all from the same place. Anyway, what I was wondering is if this could be related to my (hopefully eliminated) Trojan in any way . . .

The other possibility I thought of is that one of my friends had his contacts list compromised this weekend, and somewhere sent out an email to all the addresses he had. I didn't open that email, but I thought all these new emails might be that same place hoping eventually I might open one of them.

Before I realized what was going on, I opened one of the first ones that was sent (I didn't download the attachment of course!) and it was just a one or two line message about how my 'registration failed' or something like that.

Anyway, I've deleted the rest of them without opening them, but like I said, I was just wondering if this might have something to do with the Trojan or my friend's problem, or if it's just some unrelated general spam thingy.

Thanks again!
It's the sober.s worm that is running rampant on the net right now.

I suggest you do a full scan of your machine...and it is a good idea to use two AV's - if you have Norton installed you can do an online scan of another product - Trend Micro has a great free online html scanning engine. Sometimes one product catches what the other misses.

A personal firewall is also a must nowadays. You may not know it but once you opened that email attachment your computer was probably infected ...and the worm may be using your pc to spam out replica's. It uses the SMTP port to do so... a firewall will prevent this.

Do a search for the sober.s worm and you can find out a lot more about it...here is a link if you do not want to search Sober.s Info link
 
I didn't open the attachment, just the email. Was that sufficient to get me? (Apparently so . . .)

I did a full system scan with Norton Antivirus (I've done several this week, actually) and it didn't pick up anything, even after I updated all the virus definitions.

I use Sygate Personal Firewall, and my computer is behind a router which also has a firewall (I think); how do I know if it's blocking the STMP port?

I'll check out the sober.s worm, but if you wanted to explain exactly what I need to do, that would be great. I know I hide it well, but I'm actually not all that tech-savvy. (Tough to believe, isn't it?)

Even if you don't feel like explaining it all, you've given me enough so that I'm sure I'll be able to figure it out eventually, and I definitely appreciate your reply.

Just two more things real quick: 1) To be clear, you're saying that the trojan I described in the opening post and this problem I'm having now are unrelated? All this time with no problems and suddenly two in one weekend! 2) If the original email was sent to my hotmail account, why am I receiving all these new emails at both my hotmail and yahoo accounts, but not my gmail?

Again, much thanks for your reply.
 
I went to look up the info on the sober.s thingy, and Norton says they added it to their virus definitions yesterday. It's not detecting that I have it, and I can't find any of the files that it says need to be removed when I search for them manually.

So apparently, I don't have it, and I'm just getting all these emails from other infected machines (Now the only thing I'd like to know is why I'm so damn popular. By all accounts it's only infected approx. 1000 machines, and I've easily received more than 50 emails.)

Am I interpreting this information correctly? Apparently, my paranoia meter was just on overdrive due to the first problem I had Saturday. I've really got to do something about that. What was it Einstein said? The most important decision you'll every make is whether the universe is basically friendly or unfriendly. Something like that . . .

Now I feel silly. And still mildly paranoid . . .
 
ummmm........ said:
I didn't open the attachment, just the email. Was that sufficient to get me? (Apparently so . . .)

I did a full system scan with Norton Antivirus (I've done several this week, actually) and it didn't pick up anything, even after I updated all the virus definitions.

I use Sygate Personal Firewall, and my computer is behind a router which also has a firewall (I think); how do I know if it's blocking the STMP port?

I'll check out the sober.s worm, but if you wanted to explain exactly what I need to do, that would be great. I know I hide it well, but I'm actually not all that tech-savvy. (Tough to believe, isn't it?)

Even if you don't feel like explaining it all, you've given me enough so that I'm sure I'll be able to figure it out eventually, and I definitely appreciate your reply.

Just two more things real quick: 1) To be clear, you're saying that the trojan I described in the opening post and this problem I'm having now are unrelated? All this time with no problems and suddenly two in one weekend! 2) If the original email was sent to my hotmail account, why am I receiving all these new emails at both my hotmail and yahoo accounts, but not my gmail?

Again, much thanks for your reply.
Okay...let's see...I think if you did not open the attachment you are okay...but I did not read the sober.s info that closly - some extreme worms will activate even when just opened...sober.s is a mediu threat so I don't believe this is true...but better to go read the information.

SMTP is port 25 - if you have your firewall using the default setup chances are you ar okay. You cna check the logs to see if you have any traffic using that port - normally nothing should use it on a regular home workstation.

Basically don't open any unusual emails - I use Trend Micro PC-Cillan now so I'm not sure if Norton has a removal method. Best to check their website.

The sober.s worm just started propigating heavily yesterday...though I'm sure it was active late last week...my guess is they are two different problems.

The worm reads the personal address book and uses it to send out emails to everyone in it when it infects a computer - if your gmail account is not getting them the gmail folks either have a good handle on it or that address has not yet been found by the worm. My hotmail account has been inundated yesterday and today...but I have only gotten a few at my yahoo account. And it's not you sending them to yourself, nothing you did, but someone you know who had you in their address book opened the attachment and the worm got your email addy and spread it all over the place.

NP - I enjoy helping out as I have time - the thing to remeber is never ever ever open up a suspicious email...and never never never never never never open up an unsolicited attachment. If it seems to come from a friend - email them first to be sure they really sent it and not a worm that infiltrated their address book and is masqurading as them.

Also, I am a professional network/computer consultant, and I don't use any standalone email client on my home PC - I only use html email hosting services such as hotmail or yahoo - and that is what I recommend to my clients - they are safer and not having Outlook, Outlook express, or any other email client installed means one less hole for a worm to find. Unless you need the advanced functunality of a standalone email client html based email is the way to go.
 
ummmm........ said:
I went to look up the info on the sober.s thingy, and Norton says they added it to their virus definitions yesterday. It's not detecting that I have it, and I can't find any of the files that it says need to be removed when I search for them manually.

So apparently, I don't have it, and I'm just getting all these emails from other infected machines (Now the only thing I'd like to know is why I'm so damn popular. By all accounts it's only infected approx. 1000 machines, and I've easily received more than 50 emails.)

Am I interpreting this information correctly? Apparently, my paranoia meter was just on overdrive due to the first problem I had Saturday. I've really got to do something about that. What was it Einstein said? The most important decision you'll every make is whether the universe is basically friendly or unfriendly. Something like that . . .

Now I feel silly. And still mildly paranoid . . .
Don't -it's better to feel silly and a bit paranoid than to be spending hours and $$$ restoring your harddrive after a bug wipes it out....

Trend Micro had the fix out yesterday - it updated three times. You may want to give them a look when it is time to renew your Norton subscription ... I gave up on Norton last month after 15 years ... PC-Cillan is hands down better. And TM has free tech support - with Norton you have to pay to talk to someone.
 
Also, dont go to google and type in "I want nasty pictures" or the like. Thats just asking for trouble.
 
Oh, of course not. Years of practice have honed my porn locating skills to the level of a fine artisan . . .
 
ummmm........ said:
Oh, of course not. Years of practice have honed my porn locating skills to the level of a fine artisan . . .
ummmm....do you mean courtesan? lol (Sorry could not resist.) :D
 
Yeah I used to go to porn sites and every time I would scan my comp the anti-virus would detect like 15 trojans so I stoped going to them.
 
Back
Top Bottom