Optix Trojan

[wildred]

I was recently told about the Optix trojan and how much more "powerful" it is over the more common Sub 7. The question is, does anyone know anything interesting about it (how it functions etc) and also of programs that detect it. From what I have read already, it has the ability to stop virtually all commercial anti virus scanners, trojan scanners, and firewalls. I'd like to know if there is a commercial program that does detect it. Symantec lists it as a low threat, yet floating around in chat rooms, I see its being heavily used. Thanks.
Wild

[SirSub]

The cleaner at http://moosoft.com/ detects Optix.

[neta1o]

Most of the antivirus companies have been able to detect the Backdoor.optix virus for about half a year now. It is not quite as "powerful" as you described Symantec Virus Information for Optix but at the least, it is still a Backdoor which poses a security threat.

You will want to do an online scan of any computer that my be infected Housecall Online Virus Scan

Then make sure you install and update your antivirus program. Many times people install antivirus software and expect it to protect them against many new viruses. Unfortunately this is not the case, after installing most retail software your definitions can be up to a year old!
UPDATE and you should be fully protected against viruses like optix.

Hope the link and info help.


EDIT: AVOID MOOSOFT IT IS OUTDATED AND WILL NOT REMOVE ANY MODERN TROJANS!!! SEE ATTACHED IMAGE FOR FILES LATEST RELEASE DATE(2002).

[instronics]

Hmmm, which 0ptyx are you talking about here? Is the trojan itself called 0ptyx, or is it the maker?

If its the maker, there is a very andvanced trojan called KIS (kernel intrusion system) made by 0ptyx. That trojan is very advanced and nortons or the likes cannot pick that up. Also KIS is not for win sýstems.

Cheers.

[neta1o]

Instronics, is this the virus you are referring to? http://www.derkeiler.com/Mailing-Lis...1-07/0008.html

If so, I agree that it is definitely not a windows trojan. Although I'm probably not as familiar with linux as you, but I think they came out with a patch for some distros of linux to prevent trojans like the one you listed above from being affective.

http://www.icewalkers.com/Linux/Soft...on-System.html

[instronics]

Yes, thats the one i meant. Its an evil bastard alright. The only cleaner for it i ever saw was on grsecurity.com I dont know what the current status is. The removal was not the hard part, finding it, or figuring out that you were infected was very dificult. Its a very sneaky application. It doesnt show up in any process listing, it does not sit and listen on a port, it will listen once remotely activated. Its nothing even close compared to all these lil puny win trojans, even the trojan ARK is a toy next to KIS, and ARK has caused alot of havoc on many major systems.

Cheers.

[wildred]

No its not a nix trojan, its for windows. The trojan is called optix and I dont know who made it. I know about the cleaner etc. but apparently if it is running it terminates the majority of the scanners out there including "Housecall" and The cleaner by moosoft. Im just wondering if there is a way to stop it from loading at all, or once you DO have it, how do you get rid of it. From what I read, the newest version will terminate the virus scanners BEFORE it (the scanner) can even pick it up/detect it.

For those who dont know what I am talking about or for a list of what processes/programs it terminates (and to save copying a page)...the link is

http://www.megasecurity.org/trojans/...tixpro1.3.html

From what I have read in another "security post", if you edit out the winstart.bat file, you can prevent it from loading on bootup.