W32 Ransome Hexzone

  • Thread starter Thread starter brbrown
  • Start date Start date
B

brbrown

My Ad-Aware anti spyware software has detected and removed what it referrs to
as a W32 Ransome Hexzone Trojan but my research on various forums seem to
imply that it might be a false detection. Can anyone give an informed
opinion please?
 
From: "brbrown" <[email protected]>

| My Ad-Aware anti spyware software has detected and removed what it referrs to
| as a W32 Ransome Hexzone Trojan but my research on various forums seem to
| imply that it might be a false detection. Can anyone give an informed
| opinion please?

You said... "...has detected and removed what it referrs to as a W32 Ransome Hexzone
Trojan"

Has detected it in What ?
Please provide full details.
 
Hello Both. Thanks for the replies.

Leonard. Some of the postings were in Ad-Aware forum but others were on
various other sources from a Google search.

David, I had performed a full system scan and I'm sorry but I don't think it
said in the results where it was situated. It would have showed during the
scan but the items being searched flashed up so quickly, I didn't notice. One
of the forums I searched mentioned that it was embeded in Microsoft Money but
I don't have that on my system, only Microsoft Works. Does that help? If not,
I will see if it pops up again in another scan after I've used the internet a
few times.
Brian
 
brbrown said:
My Ad-Aware anti spyware software has detected and removed what it referrs to
as a W32 Ransome Hexzone Trojan but my research on various forums seem to
imply that it might be a false detection. Can anyone give an informed
opinion please?
Click to expand...

If your Anti-spyware detected it, then you are safe and it may be removed it.
But to be sure run your antivirus application as this W32 Ransome Hexzone is
a member of the Trojans Family. They take many names as they develoed and
eveoled in their phases of coding and how mucg dangerous they are.

Also, this can be sent to you through an email attachment which downloaded
the virus into your machine and been detected by your Antispyware which I
assume running in real time protection mode (Adwatch).
Re: Trojan-Ransom.Win32.Hexzone.agn
http://forum.avast.com/index.php?topic=43044.0

http://www.threatexpert.com/threats/trojan-ransom-win32-hexzone.html

HTH,
nass
 
Hello nass. Ad-Aware has already deleted it but it didn't detect it coming in
so I must check if Adwatch is switched off or maybe it doesn't come with my
free Ad-Aware Anniversary. My AVG Free antivirus didn't pick it up. Brian
 
David, I have just found the following log file in Ad-Aware for the two
occasions the trojan was picked up.
c\\ProgramFiles\Commo\.\ortSoft\bin\ssmaildll and
c\\SystemVolumeInfor\.\CC)RP487\AO199647.dll

Any help? Brian
 
From: "brbrown" <[email protected]>

| Hello Both. Thanks for the replies.

| Leonard. Some of the postings were in Ad-Aware forum but others were on
| various other sources from a Google search.

| David, I had performed a full system scan and I'm sorry but I don't think it
| said in the results where it was situated. It would have showed during the
| scan but the items being searched flashed up so quickly, I didn't notice. One
| of the forums I searched mentioned that it was embeded in Microsoft Money but
| I don't have that on my system, only Microsoft Works. Does that help? If not,
| I will see if it pops up again in another scan after I've used the internet a
| few times.
| Brian

Such a declaration would be in the application's log. Without then log extract making a
determination on a False Positive would be improper.

What is the fully qualified name and path to the file deemd to be the malware ?
What are the Registry entries ?

Without that information this converstaion is fruitless.
 
From: "brbrown" <[email protected]>

| David, I have just found the following log file in Ad-Aware for the two
| occasions the trojan was picked up.
| c\\ProgramFiles\Commo\.\ortSoft\bin\ssmaildll and
| c\\SystemVolumeInfor\.\CC)RP487\AO199647.dll

| Any help? Brian

A little...

Those paths are NOT proper/accurate. The syntax is all wrong.

This...
c\\ProgramFiles\Commo
Presumably is REALLY...
C:\Program Files\Common Files

But what is needed is an accurate portrayal of the fully qualified name and path (FQN).

This is also bastardiszed...
c\\SystemVolumeInfor\.\CC)RP487\AO199647.dll

However that is less important as this looks to be a DLL in the System Restore cache.
 
David H. Lipman said:
From: "brbrown" <[email protected]>

| David, I have just found the following log file in Ad-Aware for the two
| occasions the trojan was picked up.
| c\\ProgramFiles\Commo\.\ortSoft\bin\ssmaildll and
| c\\SystemVolumeInfor\.\CC)RP487\AO199647.dll

| Any help? Brian

A little...

Those paths are NOT proper/accurate. The syntax is all wrong.

This...
c\\ProgramFiles\Commo
Presumably is REALLY...
C:\Program Files\Common Files

But what is needed is an accurate portrayal of the fully qualified name and path (FQN).

This is also bastardiszed...
c\\SystemVolumeInfor\.\CC)RP487\AO199647.dll

However that is less important as this looks to be a DLL in the System Restore cache.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


Thanks David. Not sure what to do next. Perhaps I had better wait and see if it pops again and see if the log results are any better.
Click to expand...
 
install the free trial of Windows Live OneCare
http://onecare.live.com/standard/en-gb/default.htm
http://www.microsoft.com/mscorp/safety/technologies/onecare/default.mspx
Windows Defender detects and removes spyware
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

If you need further help and your machine infected download the Hijackthis
and send the report to one of many forums for analysis and troubleshooting or
you can send it to me on my email provided at the bottom:
When all else fails, download HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed),
remove the obvious to email me.

HTH,
nass
 
Thanks nass. That's given me plenty to look at.

nass said:
install the free trial of Windows Live OneCare
http://onecare.live.com/standard/en-gb/default.htm
http://www.microsoft.com/mscorp/safety/technologies/onecare/default.mspx
Windows Defender detects and removes spyware
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

If you need further help and your machine infected download the Hijackthis
and send the report to one of many forums for analysis and troubleshooting or
you can send it to me on my email provided at the bottom:
When all else fails, download HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed),
remove the obvious to email me.

HTH,
nass
Click to expand...
 
Back
Top