Re: Trojan Win32.Agent.pz from Stoneybrook Assisted Living site

Author	All Replies
calathea join:2001-12-29 Corvallis, OR ·Comcast Formerly .. ·Earthlink TrueVoice	reply to calathea Re: Trojan Win32.Agent.pz from Stoneybrook Assisted Living site This morning I booted up with the LAN cable disconnected and used task manager to kill logWatnt.exe and uphclean.exe before connecting to the internet. The machine was functional, except the digital badge had gotten corrupted. I installed a new digital badge (which worked) but it quit working after about 10 minutes. I need that to get to most of the websites at work Then I reinstalled Symantec, because I had uninstalled it to run some other security software. It didn't show up on the taskbar so I rebooted. This trojan seems like it goes after Symantec. This time (the second time I rebooted w/o a network connection) the task manager didn't work. There was an icon for it in the system tray but no dialog window. Symantec wouldn't launch at all. At this point I gave up and walked it down to support to be reimaged.
	to forum · permalink · · 2008-09-04 17:37:49 · (locked)
Craig08 join:2008-03-31 .	Ok, on the testbed PC, I had an older version of Java 5.0 Update 15 but latest opera. So when I went there and clicked that coupon, I got a Java security alert with a security certificate that wanted to install. When I allowed the certificate to install, it was transferring data from hxxp:guidetosuccess.name , and immediatelt afterward, windows security center said the xp firewall was turned off... Still not sure of everything thats going on, but maybe someone can take it from there. Was going to get the rest of screenshots but I not seeing this everytime.
Craig08 join:2008-03-31 .	to forum · permalink · · 2008-09-04 19:51:59 · (locked)
mysec Premium join:2005-11-29	said by Craig08 : Ok, on the testbed PC, I had an older version of Java 5.0 Update 15 but latest opera. So when I went there and clicked that coupon, I got a Java security alert with a security certificate that wanted to install. I got the same result using Opera. Nothing malicious attempted to download. In IE, I don't get a java security certificate alert, and nothing suspicious was cached. Just the ususal advertising and cookies stuff. ---
mysec Premium join:2005-11-29	to forum · permalink · · 2008-09-04 22:33:26 · (locked)
Craig08 join:2008-03-31 .	I was able to pick up a couple files that are pretty much widely detected. »www.malwaredomainlist.com/mdl.ph···ess.name shows the Java file and this other one »virscan.org/report/003b47a99dd50···e7b.html Not too knowledgeable about the certificates and how they work with IE./Opera
Craig08 join:2008-03-31 .	to forum · permalink · · 2008-09-05 00:25:25 · (locked)


Wednesday, 07-Jan 21:13:53	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF