Richard said:Seen on Symantec's site.
PWSteal.Bankash.A is a password-stealing Trojan horse that attempts to log
usernames and passwords from certain financial Web sites. The Trojan will
also attempt to disable Microsoft's AntiSpyware software.
Note: Virus definitions released prior to February 10, 2005 may detect
this threat as PWSteal.Trojan.
Also Known As: Trojan-Downloader.Win32.Small.ain [Kaspersky Lab],
PWS-Banker.j [McAfee], Troj/BankAsh-A [Sophos]
Type: Trojan Horse
Infection Length: 171,008 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Richard.
-----Original Message-----
Thanks!
http://securityresponse.symantec.com/avcenter/venc/data/pw steal.bankash.a.htmlvirusid=73190
(Kaspersky--no information)
http://vil.nai.com/vil/content/v_131329.htm (McAfee - PWS- Banker.j)
http://vil.nai.com/vil/content/v_131716.htm (McAfee - PWS- Banker.j.dll)
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
[email protected]...news:%m...Seen on Symantec's site.
PWSteal.Bankash.A is a password-stealing Trojan horse that attempts to log
usernames and passwords from certain financial Web sites. The Trojan will
also attempt to disable Microsoft's AntiSpyware software.
Note: Virus definitions released prior to February 10, 2005 may detect
this threat as PWSteal.Trojan.
Also Known As: Trojan-Downloader.Win32.Small.ain [Kaspersky Lab],
PWS-Banker.j [McAfee], Troj/BankAsh-A [Sophos]
Type: Trojan Horse
Infection Length: 171,008 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Richard.
.
Phil Agcaoili said:We're looking into this further. Unfortunately, my desktop
team may have gotten the employees working without fully
documenting the error messages they ran in to.
As I get more info, I'll post it.
Here's what I have currently, we have pilot going for
several hundred users. About a dozen machines this
morning spiked CPU to 100% and both Giant services were
pegged. They killed the services, uninstalled the Giant
software, ran A/V checks and Spybot against the infected
machines, and then reinstalled Giant.
The machies went back to normal, so as far as I've been
informed they did see a curious DLL error removing Giant
during the uninstall process.
Perhaps I'm being paranoid, but wanted to throw this out
to other beta testers since the Wednesday report that
hackers were targeting the Giant application:
http://news.com.com/2102-7349_3-5569429.html?
tag=st.util.print
-----Original Message-----
Thanks!
http://securityresponse.symantec.com/avcenter/venc/data/pw steal.bankash.a.htmlvirusid=73190
(Kaspersky--no information)
http://vil.nai.com/vil/content/v_131329.htm (McAfee - PWS- Banker.j)
http://vil.nai.com/vil/content/v_131716.htm (McAfee - PWS- Banker.j.dll)
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
[email protected]...news:%m...Seen on Symantec's site.
PWSteal.Bankash.A is a password-stealing Trojan horse that attempts to log
usernames and passwords from certain financial Web sites. The Trojan will
also attempt to disable Microsoft's AntiSpyware software.
Note: Virus definitions released prior to February 10, 2005 may detect
this threat as PWSteal.Trojan.
Also Known As: Trojan-Downloader.Win32.Small.ain [Kaspersky Lab],
PWS-Banker.j [McAfee], Troj/BankAsh-A [Sophos]
Type: Trojan Horse
Infection Length: 171,008 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Richard.Sophos are the only vendor reporting this as far as I know this morning.
If you have other facts we should all be aware of, please state them.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
I think that there is more to this than the Sophos report.
-----Original Message-----
Here's Sopho's description of this critter:
http://www.sophos.com/virusinfo/analyses/trojbankasha. html
You will notice that its incidence is "low."
This virus does not infect Microsoft Antispyware files,
it simply attempts
to disable Microsoft Antispyware real-time protection as
part of its
operation.
I'd say keep Microsoft Antispyware installed and watch to
be sure your
real-time protection (the icon in th system tray) is
alive and well.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Just wondering" <[email protected]>
wrote in message
Do you think the anti spyware is still safe to use, or
should it be disabled or uninstalled?? I sure hope
someone
would reply because I am not sure what to do. Do you
know "seagal" since you posted the alert?
.
.
Bill Sanderson said:What else is running at the time--What Antivirus, for example?
Since this is a trojan that doesn't spread in any automatic fashion I'm skeptical about it being at the root of this issue, but it
is entirely appropriate to be careful and at best you've got a bug of some kind that may make the product unsuitable in your
environment 'til it can be fixed.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
Phil Agcaoili said:We're looking into this further. Unfortunately, my desktop
team may have gotten the employees working without fully
documenting the error messages they ran in to.
As I get more info, I'll post it.
Here's what I have currently, we have pilot going for
several hundred users. About a dozen machines this
morning spiked CPU to 100% and both Giant services were
pegged. They killed the services, uninstalled the Giant
software, ran A/V checks and Spybot against the infected
machines, and then reinstalled Giant.
The machies went back to normal, so as far as I've been
informed they did see a curious DLL error removing Giant
during the uninstall process.
Perhaps I'm being paranoid, but wanted to throw this out
to other beta testers since the Wednesday report that
hackers were targeting the Giant application:
http://news.com.com/2102-7349_3-5569429.html?
tag=st.util.print
-----Original Message-----
Thanks!
http://securityresponse.symantec.com/avcenter/venc/data/pw steal.bankash.a.htmlvirusid=73190
(Kaspersky--no information)
http://vil.nai.com/vil/content/v_131329.htm (McAfee - PWS- Banker.j)
http://vil.nai.com/vil/content/v_131716.htm (McAfee - PWS- Banker.j.dll)
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
[email protected]...news:%
Seen on Symantec's site.
PWSteal.Bankash.A is a password-stealing Trojan horse that attempts to log
usernames and passwords from certain financial Web sites. The Trojan will
also attempt to disable Microsoft's AntiSpyware software.
Note: Virus definitions released prior to February 10, 2005 may detect
this threat as PWSteal.Trojan.
Also Known As: Trojan-Downloader.Win32.Small.ain [Kaspersky Lab],
PWS-Banker.j [McAfee], Troj/BankAsh-A [Sophos]
Type: Trojan Horse
Infection Length: 171,008 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Richard.
m...
Sophos are the only vendor reporting this as far as I know this morning.
If you have other facts we should all be aware of, please state them.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
I think that there is more to this than the Sophos report.
-----Original Message-----
Here's Sopho's description of this critter:
http://www.sophos.com/virusinfo/analyses/trojbankasha. html
You will notice that its incidence is "low."
This virus does not infect Microsoft Antispyware files,
it simply attempts
to disable Microsoft Antispyware real-time protection as
part of its
operation.
I'd say keep Microsoft Antispyware installed and watch to
be sure your
real-time protection (the icon in th system tray) is
alive and well.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Just wondering" <[email protected]>
wrote in message
Do you think the anti spyware is still safe to use, or
should it be disabled or uninstalled?? I sure hope
someone
would reply because I am not sure what to do. Do you
know "seagal" since you posted the alert?
.
.
Mark L. Ferguson said:Interesting thread. I would guess antispy will add itself to 'Windows File
Protection', and this will be solved in the Gold version. After antispy is
running in real time protection, of course, it should already catch that
as it installs
You can really see it coming. Longer and longer boot times, for
'slimeware' prevention.
http://www.geocities.com/marfer_mvp/chatNotes.htm
.
Bill Sanderson said:What else is running at the time--What Antivirus, for example?
Since this is a trojan that doesn't spread in any automatic fashion I'm
skeptical about it being at the root of this issue, but it is entirely
appropriate to be careful and at best you've got a bug of some kind that
may make the product unsuitable in your environment 'til it can be fixed.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
Phil Agcaoili said:We're looking into this further. Unfortunately, my desktop
team may have gotten the employees working without fully
documenting the error messages they ran in to.
As I get more info, I'll post it.
Here's what I have currently, we have pilot going for
several hundred users. About a dozen machines this
morning spiked CPU to 100% and both Giant services were
pegged. They killed the services, uninstalled the Giant
software, ran A/V checks and Spybot against the infected
machines, and then reinstalled Giant.
The machies went back to normal, so as far as I've been
informed they did see a curious DLL error removing Giant
during the uninstall process.
Perhaps I'm being paranoid, but wanted to throw this out
to other beta testers since the Wednesday report that
hackers were targeting the Giant application:
http://news.com.com/2102-7349_3-5569429.html?
tag=st.util.print
-----Original Message-----
Thanks!
http://securityresponse.symantec.com/avcenter/venc/data/pw
steal.bankash.a.html
(symantec)
http://www.viruslist.com/en/viruses/encyclopedia?
virusid=73190
(Kaspersky--no information)
http://vil.nai.com/vil/content/v_131329.htm (McAfee - PWS-
Banker.j)
http://vil.nai.com/vil/content/v_131716.htm (McAfee - PWS-
Banker.j.dll)
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
message
[email protected]...
Seen on Symantec's site.
PWSteal.Bankash.A is a password-stealing Trojan horse
that attempts to log
usernames and passwords from certain financial Web
sites. The Trojan will
also attempt to disable Microsoft's AntiSpyware
software.
Note: Virus definitions released prior to February 10,
2005 may detect
this threat as PWSteal.Trojan.
Also Known As: Trojan-Downloader.Win32.Small.ain
[Kaspersky Lab],
PWS-Banker.j [McAfee], Troj/BankAsh-A [Sophos]
Type: Trojan Horse
Infection Length: 171,008 bytes
Systems Affected: Windows 2000, Windows 95,
Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Richard.
"Bill Sanderson" <[email protected]>
wrote in message
m...
Sophos are the only vendor reporting this as far as I
know this morning.
If you have other facts we should all be aware of,
please state them.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Phil Agcaoili" <[email protected]>
wrote in message
I think that there is more to this than the Sophos
report.
-----Original Message-----
Here's Sopho's description of this critter:
http://www.sophos.com/virusinfo/analyses/trojbankasha.
html
You will notice that its incidence is "low."
This virus does not infect Microsoft Antispyware
files,
it simply attempts
to disable Microsoft Antispyware real-time protection
as
part of its
operation.
I'd say keep Microsoft Antispyware installed and
watch to
be sure your
real-time protection (the icon in th system tray) is
alive and well.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Just wondering" <[email protected]>
wrote in message
Do you think the anti spyware is still safe to use,
or
should it be disabled or uninstalled?? I sure hope
someone
would reply because I am not sure what to do. Do you
know "seagal" since you posted the alert?
.
.