Found A Trojan!

  • Thread starter Thread starter puns
  • Start date Start date
P

puns

I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!
 
I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!
Click to expand...

Not surprising. You should use some version of KAV (or a product that
uses the KAV scan engine) for on-demand scanning. It will alert you to
both virus and Trojan droppers that NOD32 won't.

Art

http://home.epix.net/~artnpeg
 
NOD32's weakness is Trojan detection. I would advise running a Trojan
scanner in tandem with it. I use Trojanhunter and it works fine.

Jon
 
I use NOD32 as my main anti-virus program. As an experiment i tried the
Kaspersky on line scanner & it found the following:
Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
NOD32 would/should have found the same!
Click to expand...

Where is the Kaspersky located on the web?

Urgent need of more scan-power!!! (se "Shit storm" below)

Morgan O.
 
Jon,
I downloaded the trial version of "Trojan Hunter" & it did NOT detect the
trojan that Kaspersky did!
 
puns said:
Jon,
I downloaded the trial version of "Trojan Hunter" & it did NOT detect the
trojan that Kaspersky did!
Click to expand...
Did you do an update straight after the download?
 
Where is the Kaspersky located on the web?

Urgent need of more scan-power!!! (se "Shit storm" below)
Click to expand...

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:


cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N <a
href="ftp://updates1.kaspersky-labs.com/updates_x/*.avc">ftp://updates1.kaspersky-labs.com/updates_x/*.avc</a>
wget -N <a
href="ftp://updates1.kaspersky-labs.com/updates_x/avp.*">ftp://updates1.kaspersky-labs.com/updates_x/avp.*</a>
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan
 
From: "puns" <[email protected]>

| I use NOD32 as my main anti-virus program. As an experiment i tried the
| Kaspersky on line scanner & it found the following:
| Trojan-Dropper.Win32.Delf.mj. I find this disconcerting since i thought that
| NOD32 would/should have found the same!
|

Not surprising. You will often find that not all AV companies recognize a given infector at
the same time. Some will be quicker to deploy signatures for a given infector even when
supplied a sample submission.

This is why it good to have one active "On Access" capable AV application installed and use
multiple "On Demand" scanners to verify a system. Online scanners are web based form of "On
Demand" scanner. Albeit, they are limited due to their use of a Browser and some detect
without removal.
 
Oooops! Prior post had garbled instruction. Try this instead:

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:


cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan
 
Oooops! Prior post had garbled instruction. Try this instead:

The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Then download 7-zip from here:

http://www.7-zip.org/

Use 7-zip to extract the files from mwav.exe to c:\mwav

Use Notepad to create the following batch file:


cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it tp c:\mwav

Now run c:\mwav\update to update the def files.

Then run c:\mwav\mwavscan
Click to expand...

I'm having a bad morning :( You also need wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

Art

http://home.epix.net/~artnpeg
 
From: "Art" <[email protected]>


|
| I'm having a bad morning :( You also need wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| Art
|
| http://home.epix.net/~artnpeg

Maybe you need to create a web page on this or a template response with all the pertinet
data such that when this type of response is needed to you point to your web page or Copy &
Paste the template response into your reply.

It is definitely good information worth repeating.
 
From: "Art" <[email protected]>
|
| I'm having a bad morning :( You also need wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| Art
|
| http://home.epix.net/~artnpeg

Maybe you need to create a web page on this or a template response with all the pertinet
data such that when this type of response is needed to you point to your web page or Copy &
Paste the template response into your reply.

It is definitely good information worth repeating.
Click to expand...

Well, I had sworn off this sort of thing, remember? Why don't you
offer it as a alternative?

Anyway, I have now saved the instruction so I can cut and paste it.
If you don't pick up on it, I'll probably post it from time to time.

Art

http://home.epix.net/~artnpeg
 
From: "Art" <[email protected]>


|
| Well, I had sworn off this sort of thing, remember? Why don't you
| offer it as a alternative?
|
| Anyway, I have now saved the instruction so I can cut and paste it.
| If you don't pick up on it, I'll probably post it from time to time.
|
| Art
|
| http://home.epix.net/~artnpeg

I was thinking about doing it myself. Right now, its your "baby" ;-)
 
Back
Top