Trojan Zombie

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I'm trying to help a friend who has had her computer compromised by a
Trojan. Here is a portion of the correspondence sent to her by her ISP.

You are receiving this email as Cogeco's network security dept has received
reports of atypical email traffic from your system that is indicative of
spam (unsolicited broadcast messages) being relayed through your system to
remote mail servers. It is most likely that your system has been
compromised with malware (i.e.: virus or Trojan) that is allowing a remote
entity to relay spam through your system.

If you are unable to contain and/or investigate this threat immediately we
request you temporarily disconnect your system from the internet until you
are able to further investigate. To prevent any possible interruption in
service we require a follow up email within 24 hours - what malware you
found, alternate reasons for this activity, what actions you are taking to
prevent further incidents, etc.

She uses a PC and a Laptop connected using a D-Link Wireless Router.

I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses,
and followed up with a clean scan using AVG. However, the Laptop is a
different story. After booting it up, a number of apps opened and closed on
their own. After 10 minutes of this nonsense, the machine shutdown
completely, and could not be powered up at all. Can anyone think of any kind
of malware that could have caused any or all of the symptoms described
above, or any advice on further steps I need to take ?

WinXP SP2, and it's also important to note that the Wireless connection had
not been security-enabled.

Thanks in advance,

Brad




Re: Trojan Zombie




| I'm trying to help a friend who has had her computer compromised by a
| Trojan. Here is a portion of the correspondence sent to her by her ISP.

| You are receiving this email as Cogeco's network security dept has received
| reports of atypical email traffic from your system that is indicative of
| spam (unsolicited broadcast messages) being relayed through your system to
| remote mail servers. It is most likely that your system has been
| compromised with malware (i.e.: virus or Trojan) that is allowing a remote
| entity to relay spam through your system.

| If you are unable to contain and/or investigate this threat immediately we
| request you temporarily disconnect your system from the internet until you
| are able to further investigate. To prevent any possible interruption in
| service we require a follow up email within 24 hours - what malware you
| found, alternate reasons for this activity, what actions you are taking to
| prevent further incidents, etc.

| She uses a PC and a Laptop connected using a D-Link Wireless Router.

| I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses,
| and followed up with a clean scan using AVG. However, the Laptop is a
| different story. After booting it up, a number of apps opened and closed on
| their own. After 10 minutes of this nonsense, the machine shutdown
| completely, and could not be powered up at all. Can anyone think of any kind
| of malware that could have caused any or all of the symptoms described
| above, or any advice on further steps I need to take ?

| WinXP SP2, and it's also important to note that the Wireless connection had
| not been security-enabled.

| Thanks in advance,

If the Wireless was not secured and was not monitored then it could be
compramised by a
wardriver and thus using her Cogeco for a spam campaign.  Of course, you friend
is
responsible.

If for the PC using Malwarebytes.  You said it eliminated 3 viruses.  It really
doesn't
target viruses but what is needed to be known here is an excerpt of the log
showing what
was found by MBAM.

As for the laptop, you said.  "After booting it up, a number of apps opened and
closed on
their own. After 10 minutes of this nonsense, the machine shutdown completely,
and could
not be powered up at all. "

If the notebook is powering up then it probably isnet all malware related.
Malware WANTS
the PC to be running such that its payload can do its required function.  It is
not in the
interest of the vast majority of Today's malicious actor's to not have the
infected
platform running.  Can you identify what those apps were that "...opened and
closed on
their own" ?

As for WinXP SP2, it should have SP3 installed.  It has been out for a LONG
while now.  I
wonder what else has not been updated and thus vulnerable.  Plaese find out...
http://secunia.com/software_inspector




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Trojan Zombie



Quoted text here. Click to load it

Tell them what you have done.

There may be no way to tell whether the traffic was coming from her
computers or just from her unsecured wireless network access point.

BTW it is AVG that would address the unnamed "viruses" and MBAM the
unnamed other malware.

What were the malware names given by the antimalware and antivirus
programs? They should be in their repective logs.



Re: Trojan Zombie



Quoted text here. Click to load it

s <==== here's an 's' for "repective" above.



Re: Trojan Zombie



Am 08.05.2010 01:16, schrieb B:
Quoted text here. Click to load it

The latter seems to be a hardware issue. I am afraid that the laptop had
a short circuit somewhere, that first caused this strange behaviour
(keyboard sent irregular commands), until finally a fuse blew up.

If there is no means of powering the laptop up again, the only way to
save her data will be to remove the hard disk, and try if it can be read
from an adapter.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

Re: Trojan Zombie




Quoted text here. Click to load it

I'm inclined to think that the malware was running the CPU at 100% for a long
time and the computer had blocked air holes (due to dust, pet hair, etc) and
overheated.  If it won't come on at all then it's likely that the overheating
fried the mother board.  

As a preventive measure, I recommend cleaning the dust out of computers
-- in a laptop this means blowing several times into the exit holes to
dislodge the dust -- usually it comes out in big puffs of dust.  

In a desktop I recommend vacuuming out the air holes both on the back of the
unit and also internally around the CPU and the power supply fan.  


Quoted text here. Click to load it

Yes.


Re: Trojan Zombie





Quoted text here. Click to load it

| I'm inclined to think that the malware was running the CPU at 100% for a long
| time and the computer had blocked air holes (due to dust, pet hair, etc) and
| overheated.  If it won't come on at all then it's likely that the overheating
| fried the mother board.

| As a preventive measure, I recommend cleaning the dust out of computers
| -- in a laptop this means blowing several times into the exit holes to
| dislodge the dust -- usually it comes out in big puffs of dust.

| In a desktop I recommend vacuuming out the air holes both on the back of the
| unit and also internally around the CPU and the power supply fan.


Quoted text here. Click to load it

| Yes.


If it was a notebook that had dust choked cooling fins then it would possibly
indicate a
thermal shutdown and be able to reboot once cool and cycle through that.
Compressed air
is good for cleaning the cooling fins.

When cleaning a desktop chassis a vacuum cleaner wand and soft-bristle paint
brush is
best.  Use the paint brush to gently dislodge the dust and vacuum the dislodged
material
using the vacuum wand.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Trojan Zombie




Quoted text here. Click to load it

I recommend against using compressed air for a laptop because I feel the
pressure is too great and may bend the delicate fins on the fan.  This is why
I recommend gently blowing into the air output holes, since it's far easier to
control one's breath than it is a cannister full of compressed air.  A few
puffs can dislodge a lot of gunk.


Quoted text here. Click to load it

I bought a cheap feather duster.  I use it with just a touch of spray
furniture polish (just a light spray, to just give it enough oil to pick up
the dust.  With this I can gently pull the plumes along various circuit
boards, around components, under the HD bay, etc., to pick up a *lot* of gunk
from inside the chassis.  Then a rigorous shake of the duster will dislodge
the dust.  


Re: Trojan Zombie



@yahoo.com says...
Quoted text here. Click to load it

The nice things about Air Compressors is that they can be set to any PSI
between 0 and 120 in most cases - a 30PSI setting is not going to harm
anything.

Using your own breath isn't going to do much and certainly has it's own
issues, spit/moisture....

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Trojan Zombie




Quoted text here. Click to load it

Most people are not going to be lugging an air compressor around; and why
should they when a simple lips to the out-hole and a few puffs will dislodge
the dust?


Quoted text here. Click to load it

I have done this countless times and blown out a good deal of dust, so much so
that formerly hot running computers now run cool.  You're operating from
theory; I'm operating from real life experience.  

Yeah, it's not elegant, but a lot of repairs are not elegant.  I learned this
from a car body shop when I noticed that people often fixed bumpers by
removing them and then jumping on them.  Of course, never show the inelegant
fix to the customer...


Re: Trojan Zombie



@yahoo.com says...
Quoted text here. Click to load it

David, I've been doing this for 30 years and have a LOT of experience in
not just computers but other devices that have heat-sinks as well as
many forms of cooling.

Try and learn from us, you're showing your not all you claim and your
arrogance will limit your growth.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Trojan Zombie



Quoted text here. Click to load it

Like most of your BS, you didn't take away what you should have. The
discussion is about PEOPLE doing stupid things - like blowing using the
mouth, with all the MOIST AIR as well as sometimes spittle.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Trojan Zombie




Quoted text here. Click to load it

Who said anything about spitting? Your hot air, no pun intended contains a
large amount of moisture.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Trojan Zombie




Quoted text here. Click to load it

As if a couple puffs of breath into an already hot vent hole is going to wreck
anything.  Whatever moisture is in the breath will evaporate quickly.  

You folks simply don't like what I said because it's not politically correct.
It's a simple, handy fix, inelegant as all get-out, but still a simply, handy
fix.


Re: Trojan Zombie



@yahoo.com says...
Quoted text here. Click to load it

HA HA HA - there is nothing NOT PC about your method, it just doesn't
work well in most cases. Sure, if all you have is loose dust bunnies,
but when you take a look at a computer that's sat on a carpeted floor in
a home where the owner doesn't vac for weeks at a time, has two pets,
etc... You can't get enough pressure to blow out enough dust, at least
not with the common mouth - but you seem to have more pressure than most
of us :-)

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Trojan Zombie



sfdavidkaye2@yahoo.com (David Kaye) wrote in

Quoted text here. Click to load it

*shrug*. Hey, at the end of the day; your not fixing my stuff, so I don't
really care what damage you cause. :)
 
Quoted text here. Click to load it

I am *hardly* one for political correctness in any fashion. Your simple
handy fix tho.. I don't agree with; but again, it's not my shit your
screwing up; so it doesn't matter.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Trojan Zombie




Quoted text here. Click to load it

Not only have I not screwed anything up, I seldom get repeat customers because
my fixes work so well.  I do, however, get referrals from my customers, and I
don't even have to offer commissions or bonuses to get them.  It's been a good
9 years so far...


Re: Trojan Zombie



sfdavidkaye2@yahoo.com (David Kaye) wrote in

Quoted text here. Click to load it

ahhh....well, good then; glad the recession hasn't put you under or
anything.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Trojan Zombie




Quoted text here. Click to load it

Nope, the recession hasn't hit me at all.  In fact, a few months ago I raised
my prices.  I have found that my business has shifted from 95% malware removal
to about 40% today.  The rest is hardware, networking, setup, etc.  I chalk
that up to Windows being more stable.

Yesterday's agenda was a misconfigured router that couldn't connect to the
Internet, networking a printer, malware removal, and a firewall problem
prevening file sharing.


Re: Trojan Zombie



sfdavidkaye2@yahoo.com (David Kaye) wrote in

Quoted text here. Click to load it

Hmm... I don't know if it's more stable, or slightly? smarter users. :)
 


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Site Timeline