-
February 13th, 2009, 05:49 AM
#1
Trojan.AVKiller.Agent.C
I have been hearing about this on IRC. Sounds pretty mean. Crashes browsers when visiting AV sites, prevents downloads/updates, Adaware and Spybot do not detect it. Most AVs Crash. All of this is hear-say... anyone else heard of this?
edit:
upon further research, it appears that this may have been around for awhile. But apparently, there are still variants in the wild...
Last edited by westin; February 13th, 2009 at 06:28 AM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
February 13th, 2009, 06:28 AM
#2
Off topic...which IRC channel do you frequent?
And no, I have not yet encountered this particular gem, but the latest "strain" if you will has been pretty robust. I would not be surprised.
-
February 13th, 2009, 09:58 AM
#3
Hmmmm,
Yes, I have but not for a long while.............it is a year old
http://vgrep.viruspool.net/virus.cms?&id=3077566
I thought the scumbags had given up on that sort of crap as it is pretty obvious that you have an infection and would be inclined to DBAN the drive and reinstall.
Combofix is the tool I would use to try to get rid of it.
http://www.myantispyware.com/2007/10...-spyware-tool/
Read and follow the instructions very carefully
With older versions you might find Hjthis101.dll in \Windows\System32\ and the Registry.
I wonder if it would actually infect if you were running UAC?
Obviously it is a pain in the a$$, but it is totally unsubtle. It's the ones you don't know you have that are the most dangerous
-
February 13th, 2009, 02:23 PM
#4
Ive dealt with this and its variants. Its quite nasty and I have had to disinfect manually on customers machines.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
February 13th, 2009, 03:01 PM
#5
Its quite nasty and I have had to disinfect manually on customers machines.
But only because you aren't allowed to use other people's tools?
-
February 13th, 2009, 07:35 PM
#6
Hey thanks for the replies. keezel I am not really on all that much, but I usually go to #infoleak on irc.2600.net .. that is where I found the person talking about this trojan. I hadn't seen it before, but after looking around a bit, I found a post talking about it almost a year ago, as nihil pointed out. I agree, it is not very subtle. I have mainly been hearing about the conficker/downadup bug lately. Pretty clever...
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|