Sister CISA CISSP

May 5 2010   7:29PM GMT

Fighting A Trojan – Part 1

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Last week I came up against a piece of malware that is still “eating my lunch.” And I don’t know where I got it.

I was researching a DNS problem I have, going through Google and reviewing various topics. So I can tell you somewhat where I went, but I got too busy too fast to identify the website culprit.

My screen starting showing pop-ups about how I have a nasty virus and need to install a product. The name of the thing goes under “Anti virus-AR,” but it could have any name, all things considered.

It began with pop-up alerts, screens to install that I could not shut down. It shut down Task Manager, told me any command I tried to run was infected, could not be closed, and redirected my browser. And started to send out spam in the bargain. My Norton Symantec crashed/was shutdown.

After reboot, it did it all again (of course). It also shut down my antivirus functions entirely. Most sites list it as “fearware,” designed to get you to their website and collect your credit card information for buying their fake product. From what I could see, it’s a bonus if they get that.

In the interests of education, I decided to try and eradicate it, instead of going to our IT Guys, who have already ragged me endlessly. It has been a painful education so far.

None of the descriptions of this particular one that I’ve read about indicate how virulent the install is. This is much MORE than just fearware. It’s a multiple trojan spambot.

This ##$$%%*** changed at least 50 files of all types, wrote over a dozen changes to my Registry, and installed over a dozen pieces of Trojan software.

Six hours later, I’m STILL not sure I’ve gotten it all out.

Part 2: Anti-malware and registry hunting

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: