Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I usually run an Avast bootscan along with Ad-Aware and Spybot once a week.
Today I did all three PLUS ran a Zone Alarm full system scan:

Here's what Zone Alarm just quarantined and the other three missed:

Win32.YOK.SuperSearch    Trojan

 RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
\

Backdoor.Win32.mIRC.   based Trojan

 RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha


The last one is interesting since I haven't installed Mirc or any internet
chat programs.  I'm wondering if it was installed by any "spyware free"
freeware or the akamaitechnologies.com IP address I kept seeing in TCPview?


I also have the MVPS HOSTS file loaded and take alot of precautions (I have
all the Avast shields running + MS Defender).

It may be time for the MULTI-AV scan.






Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't

bettersurfing@usersnospam.org has brought this to us :
Quoted text here. Click to load it

bettersurfing,

I updated ad-aware today and it stops running after one or two seconds.
 I have webroot's spy sweeper running all the time, and it just now
seems ad-aware no longer runs, without shutting down webroot's spy
sweeper.

I run ad-aware free, because it finds numerous things that webroot does
not deem important or can't locate...  On the other side, webroot's spy
sweeper finds things that ad-aware does not locate...  And it has
tripped several Trojans during scans that AVG does not discover...

This is the first time ad-aware and spy sweeper will not co-exist...  
Something has changed it appears...

JR the postman



Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


Quoted text here. Click to load it

Check the recent threads on Spy Sweeper - if you "upgraded" to version 5.0
there might be some "issues"...



Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


| I usually run an Avast bootscan along with Ad-Aware and Spybot once a week.
| Today I did all three PLUS ran a Zone Alarm full system scan:
|
| Here's what Zone Alarm just quarantined and the other three missed:
|
| Win32.YOK.SuperSearch    Trojan
|
|  RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories
| \
|
| Backdoor.Win32.mIRC.   based Trojan
|
|  RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
|
| The last one is interesting since I haven't installed Mirc or any internet
| chat programs.  I'm wondering if it was installed by any "spyware free"
| freeware or the akamaitechnologies.com IP address I kept seeing in TCPview?
|
| I also have the MVPS HOSTS file loaded and take alot of precautions (I have
| all the Avast shields running + MS Defender).
|
| It may be time for the MULTI-AV scan.
|

Give the Multi AV Scanning Tool and try and let us know the results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


Quoted text here. Click to load it

Will do.  I just ran SuperAntispyware and asquared and so far all is
clean.
I'm going to run my trial version of Spy Sweeper (and use the requisite
99% of CPU power required by Spy Sweeper - LOL).


The question is - is it better to run Anti-spyware programs to catch
Trojans or AV programs?  In addition, should I shut down my Avast shields
when running anti-spyware programs and disconnect from the net if I'm not
running them in safe mode?




Re: Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't



| Will do.  I just ran SuperAntispyware and asquared and so far all is
| clean.
| I'm going to run my trial version of Spy Sweeper (and use the requisite
| 99% of CPU power required by Spy Sweeper - LOL).
|
| The question is - is it better to run Anti-spyware programs to catch
| Trojans or AV programs?  In addition, should I shut down my Avast shields
| when running anti-spyware programs and disconnect from the net if I'm not
| running them in safe mode?
|

If you get infected -- both !

Prevention is always better than cure.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


Quoted text here. Click to load it

Very interesting - these people in the Zone Alarm forums state the ZA
Anti-Spyware found the same two trojans and there seems to be no info
about them.   Could they be false positives?  I'll try to follow up if
and when ZA ever responds.  For a highly rated product, ZA moderators
sure take their sweet time to respond (and many posts are never answered
there):


http://forum.zonelabs.org/zonelabs/board/mes
sage?board.id=Antivirus&message.id=13092


Win32.YOK.SuperSearch    
Park
New Member
Registered: 12-09-2005



 
 Situation: During my DAILY spyware scan, on 8/1/2006, ZoneAlarm detected
Win32.YOK.SuperSearch

 which ZA said was a high risk trojan.
 
Questions:
 1) Am I now to assume that, during the many hours that I was online
between my daily scans, a program which "enables user access to your
entire computer and everything on it" could have **bleep**ed very
important info from my computer &/or made other major changes to my
system?
2) Where is any information that might aid me in finding out when and
exactly how I acquired this spyware?
3) Why does Win32.YOK.SuperSearch not appear on the list in "SmartDefense
Research Center/ Spyware Information" at
http://smartdefense.zonelabs.com/tmpl/SpywareArticle ?
action=letterSearch&SPY_LETTER=w?
4) Why am I unable to find any detailed info at ZA about this program or
any info at all about it at any other site (such as Spysweeper or
Symantec/Norton)?
5) Last, but hardly least, how can I detect such nasties BEFORE they have
a chance to mess with my computer?
 
Thanks,
Park



 
 

http://forum.zonelabs.org/zonelabs/board/message ?
board.id=Antivirus&message.id=13100


ZA Pro scans and picks this up:
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha

*** Backdoor.Win32.mIRC.based ***

Status "Quarantined" for now.

The following great programs do not detect this:
* Spybot Search and Destroy
* Ad-Aware SE
* AVG
* ewido

All four are up to date with current sigs.

Why does ZAPro and not the others??

Anyone care to elaborate please and thanks?
Operating System: Windows XP Home
Product Name: ZoneAlarm Pro
Software Version: 6.5

by RKnee

 

Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't

It appears (from rechecking the Zone Alarm url's) that the
yok.supersearch is not a trojan but adware and may be legit (but my
computer had none of the yok.* files listed in the Zone Alarm forum other
than the registry setting that Zone Alarm removed).

The Backdoor.Win32.mIRC.based trojan was a false positive that Zone Alarm
corrected with a future definition update.

Just great - Zone Alarm made me waste about 4 hours checking the net and
rerunning several anti-spyware programs plus an Avast bootscan and normal
start-up virus scan.

I almost did a Multi-AV scan, too!



Quoted text here. Click to load it


Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


| It appears (from rechecking the Zone Alarm url's) that the
| yok.supersearch is not a trojan but adware and may be legit (but my
| computer had none of the yok.* files listed in the Zone Alarm forum other
| than the registry setting that Zone Alarm removed).
|
| The Backdoor.Win32.mIRC.based trojan was a false positive that Zone Alarm
| corrected with a future definition update.
|
| Just great - Zone Alarm made me waste about 4 hours checking the net and
| rerunning several anti-spyware programs plus an Avast bootscan and normal
| start-up virus scan.
|
| I almost did a Multi-AV scan, too!


Thanx for updating the thread.

Good Luck !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Update Re: ZA posters have same situation -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spybot S&D didn't


Quoted text here. Click to load it

Actually, I do it not only for the benefit of future surfers, but for
myself, too.  In the future, I'll be able to do Google newsgroup searches
and see the ZA threads.

I was amazed at how little there was on the net and in the newsgroups
regarding these two bits of spyware.

All the AV and anti-spyware companies (especially the one I use - Avast)
give precious little info on trojans and spyware.  Sure they may block it
at the point of impact, but it would be nice to see what files or registry
strings they plant, so we could do a file or reg search just to be sure.

Site Timeline