secThought.E trojan
Results 1 to 2 of 2

Thread: secThought.E trojan

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    2

    secThought.E trojan

    I got a few questions.

    Secthought.E is Trojan (go figure) that I have run into and needs some help getting rid of.

    okay here is my questions

    1. what does it do
    2 where does it hid at in the computer

    thats it for now

    thanks much

    sane

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    I don't see alot of info on the E variant.. but I would hope it's simliar enough to the previous variants.. it's adware/spyware..

    if you do a google search on "SecondThought" you'll come up with some info..

    http://www.viruslist.com/eng/viruslist.html?id=815149

    Trojan.Win32.SecondThought.c


    Trojan.Win32.SecondThought.c has two component parts.

    The first is written in Visual C++ and compressed using UPX. The compressed size is 24288 bytes, and the decompressed size - 48864 bytes.

    Installation
    When installing the Trojan downloads a file from http://www.2n****ought.com/files/loader.exe, saves it as stcloader.exe in the Windows system directory and registers the files as a key to enable auto-run in the system registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Payload
    Once installed, the Trojan launches stcloader.exe
    The second component part (stcloader.exe) is written in Visual C++ and compressed using UPX. The compressed size is 27648 bytes, and the decompressed size is 66048 bytes.

    Installation
    Stcloader.exe secretly installs itself in Program Files and registers itself in the system registry.
    Payload
    Stcloader.exe creates Second Thought.lnk on the Desktop with a link to itself, and Eliminate Pop-Ups with a link to http://www.ki****op-ups.com/block.php?ref=desktop. This causes advertising to be shown while the Internet is being used. The program collects information on which sites and resources interest the user, and sends this information to the creator of the virus. It also adds a Search tool bar to the browser.
    http://sarc.com/avcenter/venc/data/a...ndthought.html

    Behavior
    Adware.SecondThought is an adware program that downloads and displays advertisements.

    Symptoms
    The files are detected as Adware.SecondThought.

    Transmission
    This adware program must be manually installed.

    File names: install011.exe

    When Adware.SecondThought is executed, it performs the following actions:

    Downloads the file, Stcloader.exe, from www.2nd-thought.com.


    Creates the file, %System%\Stcloader.exe.

    --------------------------------------------------------------------------------
    Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    --------------------------------------------------------------------------------


    Adds the value:

    "stcloader"="%System%\stcloader.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Adware.SecondThought runs when you start Windows.
    there's a thread at spywareinfo that someone has.. your e variant..
    maybe you could look at that hijackthis log and run hijackthis for yourself
    and compare..

    for the most part 'tho.. if you run your anitvirus (is it AVG ?) and adaware and spybot (search and destroy) in safe mode.. you should be able to clean it out..

    good luck

    edit : oops I forgot to give you the link to the thread at SWI.. now that I've edited this post, the link will probably not be an active one so copy/paste into a new browser window..
    http://www.spywareinfo.com/forums/in...howtopic=41906

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides