Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   Up to date THG 4.5 Didn't stop this trojan		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Up to date THG 4.5 Didn't stop this trojan  (Read 1019 times)
ellentk
Newbie
*





   


Posts: 3
Up to date THG 4.5 Didn't stop this trojan
« on: Apr 4th, 2009, 1:39am »		 Quote Quote  Modify Modify
I'm running 4.5 because I have an older system, but I update the signatures frequently.  
 
I was hijacked to mega-antiviral-ms.com/200099/scan/ (aka 78.26.179.131 which originates in the Ukraine).
 
TrojanHunter Guard didn't stop it and TrojanHunter Quick Scan of the registry didn't find it.
 
A trial version of Spyware Doctor found the registry keys I am guessing were responsible, beginning: HKCR\antivirus.antivirus
 
SpywareDoctor also found these keys that TrojanHunter did not find or protect my system from:
HKCU\Control Panel\Mouse (Backdoor, Redghost.A.Bitdefender)
HKCR\image.image (IEFeats)
 
Ellen
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Up to date THG 4.5 Didn't stop this trojan
« Reply #1 on: Apr 4th, 2009, 1:49am »		 Quote Quote  Modify Modify
Welcome back to the forum ellentk,
 
Not all the rulesets that are being added by Gavin/Magnus work on versions of TH/THG that are pre V5.0.  Have you tried to upgrade to the latest TH V5.0.962?  TrojanHunter runs on Windows 95, 98, ME, NT, 2000, XP and Vista.
 
You may need to contact Magnus at Sales@misec.net to obtain a license upgrade for TH V5.0.
« Last Edit: Apr 4th, 2009, 1:55am by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
ellentk
Newbie
*





   


Posts: 3
Re: Up to date THG 4.5 Didn't stop this trojan
« Reply #2 on: Apr 4th, 2009, 6:31pm »		 Quote Quote  Modify Modify
Thanks.
 
But I didn't see the trojans in the database.  Are they there under different names?
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Up to date THG 4.5 Didn't stop this trojan
« Reply #3 on: Apr 5th, 2009, 1:09am »		 Quote Quote  Modify Modify
Quote:
But I didn't see the trojans in the database.  Are they there under different names?

 
They could very well be named differently.  There is no standard convention between security software on naming these critters.  Gavin has incorporated a lot of the rogue software detections under the name Fake.... such as FakeAV.100-105 and many more.
 
Did SpywareDoctor quarantine files or did it just fine registry keys?  What are the names of the files it quarantined?
 
I've also contacted Gavin to see if he has more detailed info concerning your initial post.
« Last Edit: Apr 5th, 2009, 3:23am by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 3912
Re: Up to date THG 4.5 Didn't stop this trojan
« Reply #4 on: Apr 5th, 2009, 8:49am »		 Quote Quote  Modify Modify
The site you gave is no longer available so I can't be exactly sure which samples you are referring to unfortunately.
 
The detections show are only small unimportant registry keys, it is good to find all parts but not crucial to the protection of the system, since entries in the registry like the ones shown are only information used by the program itself (the malware) and aren't startup entries
 
I mostly pay attention to Startup entries since these matter, and of course the files ! if you have any files in quarantine please submit them
 
As for this registry entry;
 
HKEY_CURRENT_USER\Control Panel\Mouse
 
This is a legitimate registry key for mouse settings ! perhaps a value was found in there ? but I would not detect the above.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »