Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 7:43pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   PWSteal.WOW.104. could be a stinker!!		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: PWSteal.WOW.104. could be a stinker!!  (Read 435 times)
tess
Newbie
*





   


Gender: female
 Posts: 12
PWSteal.WOW.104. could be a stinker!!
« on: Mar 21st, 2007, 12:42am »		 Quote Quote  Modify Modify
hi..trojan hunter found PWSteal.WOW.104. it turned out to be within a program installed from a reputable source....so either trojan hunter is reporting a false positive...or the program is a stinker...(vista start menu) can anyone be of help...
thank you in advance!!
smiles  
tess
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #1 on: Mar 21st, 2007, 1:20am »		 Quote Quote  Modify Modify
TrojanHunter has not been tested/released/updated for Vista as of yet.  It is my understanding that Magnus is going to release an update for TH/Vista when he gets it ready.
 
I would NOT let TH remove/quarantine anything on your Vista system until such time as TH is deemed ready for Vista per Magnus/Gavin.  
 
I'll email Gavin/Magnus to read this post.  Would you please submit the program that TH flagged as PWSteal.WOW.104 so that they can analyze the program just to be sure.  The link below defines how to submit.
 
http://www.misec.net/forum/board/FAQ/1139308293
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
tess
Newbie
*





   


Gender: female
 Posts: 12
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #2 on: Mar 21st, 2007, 2:10am »		 Quote Quote  Modify Modify
Thankyou for a very prompt reply
I am not running vista as an operating system..the PWSteal.WOW.104 came from a program called "vista start menu"..which replicates the vista start menu on windows xp...is the pwstealwow.104 a known trojan? as i cant seem to find it anywhere on the internet...
the program file is on its way in a zip file with a password...
Thanks
Smiles
Tess
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #3 on: Mar 21st, 2007, 2:18am »		 Quote Quote  Modify Modify
Oops, my "misread" on your first post. Shocked
 
PWSteal.WOW.104 would be TH's naming and probably does not match other security programs' names.  Gavin will analyze the file you sent to see if it is in fact malicious or a false positive.   Wink
 
« Last Edit: Mar 21st, 2007, 2:18am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
tess
Newbie
*





   


Gender: female
 Posts: 12
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #4 on: Mar 21st, 2007, 6:27am »		 Quote Quote  Modify Modify
Thankyou...I thought the  following may be of relevence..this what trojan hunter has just come up with..
Memory scan
Found trojan module VistaStartMenu.dll loaded into process ati2evxx.exe (364): PWSteal.WOW.104
Found trojan module VistaStartMenu.dll loaded into process explorer.exe (40Cool: PWSteal.WOW.104
File scan (autostarted files, running executables)
2 trojan files found
thanks
smiles
Tess
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #5 on: Mar 21st, 2007, 8:28am »		 Quote Quote  Modify Modify
I just ran VistaStartMenu.dll through VirusTotal and it scan clean by all security programs listed below:   Wink
 
AhnLab-V3 2007.3.22.0 03.21.2007  no virus found  
AntiVir 7.3.1.44 03.21.2007  no virus found  
Authentium 4.93.8 03.20.2007  no virus found  
Avast 4.7.936.0 03.21.2007  no virus found  
AVG 7.5.0.447 03.21.2007  no virus found  
BitDefender 7.2 03.21.2007  no virus found  
CAT-QuickHeal 9.00 03.20.2007  no virus found  
ClamAV devel-20070312 03.21.2007  no virus found  
DrWeb 4.33 03.21.2007  no virus found  
eSafe 7.0.14.0 03.20.2007  no virus found  
eTrust-Vet 30.6.3497 03.21.2007  no virus found  
Ewido 4.0 03.21.2007  no virus found  
FileAdvisor 1 03.21.2007  No threat detected  
Fortinet 2.85.0.0 03.21.2007  no virus found  
F-Prot 4.3.1.45 03.20.2007  no virus found  
F-Secure 6.70.13030.0 03.21.2007  no virus found  
Ikarus T3.1.1.3 03.21.2007  no virus found  
Kaspersky 4.0.2.24 03.21.2007  no virus found  
McAfee 4988 03.20.2007  no virus found  
Microsoft 1.2306 03.21.2007  no virus found  
NOD32v2 2131 03.21.2007  no virus found  
Norman 5.80.02 03.21.2007  no virus found  
Panda 9.0.0.4 03.21.2007  no virus found  
Prevx1 V2 03.21.2007  no virus found  
Sophos 4.15.0 03.13.2007  no virus found  
Sunbelt 2.2.907.0 03.16.2007  no virus found  
Symantec 10 03.21.2007  no virus found  
TheHacker 6.1.6.078 03.20.2007  no virus found  
UNA 1.83 03.16.2007  no virus found  
VBA32 3.11.2 03.21.2007  no virus found  
VirusBuster 4.3.7:9 03.20.2007  no virus found  
Webwasher-Gateway 6.0.1 03.21.2007 no virus found  
 
I'm pretty confident this is a TH False Positive.  
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
wilpower
Junior Member
**





   


Posts: 67
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #6 on: Mar 21st, 2007, 11:10am »		 Quote Quote  Modify Modify
If it helps, I just downloaded/Installed "Vista Start Menu". Nice little diddy! Installation was on Machine Profile listed below.
I then did a Full Systen scan with TH and came up "clean". Hope this confirms a sense of finality. Cool
 
<Operating System SECURITY>
 
Windows XP SP2 Fully Update
IE 7  (Full Security)
Internet Security
       Comodo Firewall PRO.  
       Comodo Verification Engine  
       Avast! Anti-Virus PRO.
       McAfee Website Advisor
 
Hacking Security
       System Safety Monitor
       Ghost Security Suite (Reg. Defend)  
        Process Guard
      SpamBrave for Outlook Express
 
Trojan and Spyware Security
       Trojan Hunter
       AVG Anti-Spyware ‘Updated’ Scanning Engine
       SpywareGuard
       Spyware Blaster
       SpyBot S&D
       Backlight Root Kit Illuminator
 
Spam Security
      Microsoft Outlook w/ MailWasher Pro.
        DCS PortExplorer
 
IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #7 on: Mar 21st, 2007, 12:32pm »		 Quote Quote  Modify Modify
It's getting picked up by THGuard.exe, the realtime scanner.  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
wilpower
Junior Member
**





   


Posts: 67
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #8 on: Mar 21st, 2007, 12:47pm »		 Quote Quote  Modify Modify
Hey Siliconman> My appologies if I misunderstood. Undecided
In any case no stikes or warnings by any security program on this machine after installing "Vista Start Menu".
Thanks
IP Logged
Use of COMODO Internet Security products is not only advised; use is "Highly Recommended"

http://Comodo.com

LIVE LIKE YOU MEAN IT! THINK LIKE YOU CARE!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #9 on: Mar 21st, 2007, 4:32pm »		 Quote Quote  Modify Modify
No problemo,  Wink  
 
It's not being detected when a TH scan is performed.  However, the way it is integrating in memory with Windows Explorer and apparently ATI's memory module is generating a THGuard alert.    
 
Gavin musta fixed it.  THGuard is no longer detecting it as PWSteal.WOW.104 or anything else for that matter.  Cheesy
« Last Edit: Mar 21st, 2007, 4:36pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
tess
Newbie
*





   


Gender: female
 Posts: 12
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #10 on: Mar 21st, 2007, 10:54pm »		 Quote Quote  Modify Modify
Well...that sure sorts that one out..there can be no doubt now!!
.thank you siliconman01 for all your time and trouble...
one last question..my anti virus is up for renewal..in your "own opinion "(you seem to use so many security programs) which all round security/virus program would you have along side "Trojan Hunter"....
I would like to thank Wilpower ...for your time too...it never ceases to amaze me how generous people are in helping out on computers...
so vista start menu stays!!!on my laptop
smiles
Tess
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #11 on: Mar 22nd, 2007, 1:30am »		 Quote Quote  Modify Modify
You are very  welcome  Cheesy
 
Quote:
my anti virus is up for renewal..in your "own opinion "(you seem to use so many security programs) which all round security/virus program would you have along side "Trojan Hunter"....  

 
This is a question that always generates numerous opinions and comments.  I don't feel you can wrong with using Kaspersky, NOD32, BitDefender, or Norton Anti-Virus 2007...pretty much in that order.  Personally I use Norton Internet Security 2007 (software firewall and AV) and am very comfortable with it.  I am behind a hardware firewall/nat router and would consider myself to be a moderate/safe surfer and email handler.   Roll Eyes
 
I also multi-layer with SuperAntiSpyware Pro, AVG Anti-Spyware 7.5 Pro, freebie SpywareBlaster, and the freebie MVPS HOSTS file.   And I use System Safety Monitor as major component of my security cadre of protection.  
 
Is it all necessary?  Not really.  It largely depends on a user's surfing habits, email practices, and whether online banking, bill paying, and other ecommerce are practiced.  
 
I feel a "smart" user can safely operate with:
 
1.  A hardware firewall/NAT router
2.  A strong software firewall and anti-virus/anti-spyware
3.  IE7 with harden security settings (FireFox or Mozilla with Add-Ons such as NoScript, etc.)
4.  TrojanHunter and freebies SpywareBlaster and MVPS HOSTS.
 
SAS, AVG AS, and SSM are for additional "peace of mind".
« Last Edit: Mar 22nd, 2007, 1:56am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
tess
Newbie
*





   


Gender: female
 Posts: 12
Re:  PWSteal.WOW.104. could be a stinker!!
« Reply #12 on: Mar 22nd, 2007, 3:01am »		 Quote Quote  Modify Modify
Thank you..lots of ideas for thought...
so ...until next time!!
thanks again
miles of smiles
Tess
TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register