Trojan anomaly?

[jasonk1234]

I was recently informed by Windows live onecare(after running a virus scan)that I have a high risk virus , trojan:win32/anomaly.gen!a. One care cannot delete it, my nortan antivirus cant even find it, my computer shows no side effects yet, But I am worried!

Could any one recomend the best anti virus software, before I go an shell out my hard earned cash, I thought norton was the best but I guess I was wrong

[oddjob]

Many folk consider Norton to be bloated and ineffective against the latest forms of virus. What you have is a very new variant of another Trojan and Onecare know about it. Most of the time, like you, folk are reporting that Onecare finds it but nothing else does and there's no apparent trouble with the system.

I suggest you run some first line (free) removal programs. These three ...

Superantispyware > http://www.superantispyware.com/

AVG Anti Spyware > http://www.ewido.net/en/

TrojanHunter > http://www.misec.net/


Download each and have them run full scans on your entire systems.

Let them fix whatever they find.

Then run another Onecare scan and let us know if the malware still comes up. There are other things we can do.


OJ

[Costin Trifan]

I suggest you Kaspersky AV. It's the best, and it has been proven. No matter what anybody else has to say.

[blackeden]

Hum,In my opinion,why did One care cannot delete it? Because the trojan is still runing.We know we can't delete the program which is runing.I think you should kill trojan's process firstly. and then,you can delete it easily.I also suggest you KAV, It's always good.
Good luck to U ^ ^

[G10]

Quote:

Originally Posted by costin_trifan

I suggest you Kaspersky AV. It's the best, and it has been proven. No matter what anybody else has to say.

Hmmm!

I guess thats why most Corporates use Mcafee and Symantec then

btw - Kaspersky is definately a good piece of kit and up there with the best of them

[sara_1995]

i use Mcafee it's really great and it helps protect your computer

[jasonk1234]

Quote:

Originally Posted by oddjob

Many folk consider Norton to be bloated and ineffective against the latest forms of virus. What you have is a very new variant of another Trojan and Onecare know about it. Most of the time, like you, folk are reporting that Onecare finds it but nothing else does and there's no apparent trouble with the system.

I suggest you run some first line (free) removal programs. These three ...

Superantispyware > http://www.superantispyware.com/

AVG Anti Spyware > http://www.ewido.net/en/

TrojanHunter > http://www.misec.net/


Download each and have them run full scans on your entire systems.

Let them fix whatever they find.

Then run another Onecare scan and let us know if the malware still comes up. There are other things we can do.


OJ

I was going to download the free trials of these programs, but the publishers could not be verified. Is it safe to run these programs?

[StupidScript]

Quote:

I was going to download the free trials of these programs, but the publishers could not be verified. Is it safe to run these programs?

Get used to that ... it simply means that the publisher's "checksums", the little code they include with their programs to verify that they haven't been tampered with during a download, are not in the Microsoft checksum database ... but neither are most of Microsoft's own "hashes", so ...

If you are downloading and installing those programs directly from the publisher's sites, you should be just fine.

This trojan is also known as: "Dropper" and "MESPAM.C", and as Email-Worm.Win32.Zhelatin.bg, Worm/Zhelatin.BG.3, and as a "security risk" named W32/Tibs.TF.

Also check out Clam Antivirus. Note that ALL of the programs listed in this thread EXCEPT for Symantec and McAfee will run just fine all at the same time. And BTW, with the exception of AVG and SuperAntiSpyware (and Clam) are free for personal use ... they are not "free trials" ... they're just "free".

BTW, the Win32/Anomaly.gen!A trojan is classified by OneCare as low severity, low infection rating, easy recovery difficulty (several people report that OneCare successfully removed/quarantined the program), low damage rating and low transmission rating. Apparently it has been distributed by some third-party WinAmp skins (and possibly other programs) and doesn't really affect your system unless you force Windows to install that skin.

(PS: G10: Many corporations use Norton/Symantec and McAfee because Microsoft doesn't support any other AV programs except for those and their own, and most corporations who run large Microsoft networks depend on Microsoft tech support. Those programs are by no means the best, and often cause issues with Windows systems that aren't OEM. In our own corporation, we have been more than satisfied with the performance of the Sophos AV programs - SMTP, server and client - and have found them to be far more reliable and timely in the detection and removal of net-borne bugs than Norton or McAfee, which are often slow to issue new signatures and often have difficulty with the removal process.)

[contextual staff]

NOD32 anti-virus software. The best there is!!!

[Costin Trifan]

Quote:

Originally Posted by seda

NOD32 anti-virus software. The best there is!!!

If an AV program allows you to kill its process, then that's not a good AV.

AV programs that allows that: Avira & Nod32. These two were tested by me on my pc and they miserable failed.

The point is that if I can stop their processes then an attacker can do the same. And that's not desirable, don't you think?

[contextual staff]

Quote:

Originally Posted by costin_trifan

If an AV program allows you to kill its process, then that's not a good AV.

AV programs that allows that: Avira & Nod32. These two were tested by me on my pc and they miserable failed.

The point is that if I can stop their processes then an attacker can do the same. And that's not desirable, don't you think?

Good point. But I've yet to be failed by NOD.

[oddjob]

We don't want this thread to go too far off topic for jasonk1234.

Jason ... please do as stupidscript said. Just download from the sites I gave you. They are the original source sites and are all fine.

Please post back and let us know how you get on.


OJ

[jasonk1234]

well after almost 9 hours of scanning my computer last night with the recomended antivirus programs, I am haappy to say the trojan anomaly was removed along with a couple other virus's that onecare did not find.

Thank you to all who helped me on this one!!!

[G10]

Quote:

Originally Posted by StupidScript

(PS: G10: Many corporations use Norton/Symantec and McAfee because Microsoft doesn't support any other AV programs except for those and their own, and most corporations who run large Microsoft networks depend on Microsoft tech support. Those programs are by no means the best, and often cause issues with Windows systems that aren't OEM. In our own corporation, we have been more than satisfied with the performance of the Sophos AV programs - SMTP, server and client - and have found them to be far more reliable and timely in the detection and removal of net-borne bugs than Norton or McAfee, which are often slow to issue new signatures and often have difficulty with the removal process.)

I am aware of it but then again I spent 12 years supporting all that nonsense when I was with IBM and have seen some pretty interesting AV's on some sites

Symantec is pretty good at hitting response times when a virus comes out and usually release a utility that you can run from disk.

I personally don't run symantec at home as I have seen better results from Mcafee.

Sophos is very good and I also recommend it but personal choice on home systems is Mcafee.

[oddjob]

Quote:

Originally Posted by jasonk1234

well after almost 9 hours of scanning my computer last night with the recomended antivirus programs, I am haappy to say the trojan anomaly was removed along with a couple other virus's that onecare did not find.

Thank you to all who helped me on this one!!!

Glad to help. Good to hear it worked out for you.

If you are on XP and are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

More on System Restore ...

http://www.microsoft.com/windowsxp/u...w_03may19.mspx


What may have lead up to your infection and help keep your computer free of malware …

http://www.castlecops.com/t7736-So_h...rst_place.html

http://www.help2go.com/Tutorials/Pro...Hijackers.html

http://www.techsupportforum.com/secu...do-i-need.html

There is a little duplication/crossover but all these tutorials are well worth reading.

Don’t forget to keep AVG Anti Spyware / Superantispyware updated and use it to scan/disinfect your computer from time to time.


If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

http://www.ccleaner.com/


Also run through this before posting another HijackThis log …

http://www.help2go.com/Tutorials/Pro...Hijackers.html


Best wishes.



OJ

[jasonk1234]

what do you mean by hijack this log?, I hear this term everywere.

p.s. Thanks for all the help!

[jasonk1234]

nevermind my last post I understand now, Is there any point in keeping norton antivirus on my computer, or is it just a waste of space now that I have the software that was recommended to me?

[Musica]

I bet you pay for your norton? Not too sure which version u are running, if its a few months old I would say run norton and disable the second AV.

For run 2 av in background, it conflict.

Just a tip, sometimes if you scan in safe mode, your av will perform better.

[jasonk1234]

Im using norton 2007, but it doesnt seem to find any of the virus's that these other antivirus programs find.

Thanks for the tips!

[oddjob]

Norton does have a bit of a reputation for NOT finding things that perhaps it should.

Many people who don't get along with Norton install other (free) replacements. Here's a few to be considered (some already mentioned in this thread) ....

Free AV ….

AVG > http://free.grisoft.com/doc/1

Avast > http://www.avast.com/eng/avast_4_home.html

Antivir > http://www.free-av.com/antivirus/allinonen.html

**Comodo > http://www.antivirus.comodo.com/ [AV in beta only as at 13.5.07]

AntidoteLite >
http://www.vintage-solutions.com/Eng...per/index.html

Clamwin > http://www.clamwin.com/



Free F/W …..

Zone Alarm > http://www.zonelabs.com/store/conten...=en&lid=nav_za

Sygate > http://www.simtel.net/product.downlo...s.php?id=53687

Sunbelt Firewall (formerly Kerio) > http://www.sunbelt-software.com/Home...onal-Firewall/

**Comodo > http://www.comodo.com/products/free_products.html

Jetico > http://www.jetico.com/index.htm#/jpfirewall.htm

m0n0wall > http://m0n0.ch/wall/
(I’ve heard good things about monowall but it takes some setting up, I believe)

Smoothwall > http://www.smoothwall.org/

Tiny Personal > http://www.webmasterfree.com/tpfw.html

Outpost > http://www.agnitum.com/products/outp...e/download.php

[Footnote … the Norman Personal Firewall looks like it isn’t compatible with vista but this may change.]


Note that, if you do decide to change, you must download/install the replacement BEFORE disabling/removing Norton.


OJ