Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Trojan Win 32 Swisyn xnu		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Trojan Win 32 Swisyn xnu  (Read 2234 times)
Rayg
Full Member
***





   


Gender: male
 Posts: 164
Trojan Win 32 Swisyn xnu
« on: Mar 23rd, 2010, 10:25pm »		 Quote Quote  Modify Modify
Hi,
Appreciate advise on wheather these events need further attention?
 
Some Background.
Have had "Flash Cookie Remover" installed since it was first posted.Periodically run it.
Also periodically run a Kaspersky deep rootkits scan along with other Security software.
Regular scans with TH SAS and KIS have all been clean until a couple of days ago.THGaurd is always active. KIS runs a realtime scan.
 
A sequence of what occurred.
 
1. KIS during a deep rootkits scan Notifies.
 
Object:\Program Files\FlashCo....\Flash Cookie Remover.
 
Trojan Program:Trojan.Win32.Swisyn.xnu
 
2.Let KIS remove this required a restart.
 
3.Had to turn off system restore to fully remove.
 
4.Downloaded  and installed the latest version of Trojan Hunter was one version behind obtained the latest rulesets . Ran TH showed All Clear.
 
5.Installed the latest rulesets for SAS and ran a full Scan.
It found the following.
 
Vundo/Variant-X329(Header)
OWL235F.Dll
 
Have run all Scans again everything seems clear.
 
Initially thought KIS alert was a False Positive but after cleaning the PC which has been getting slower (put it down to age) has picked up noticeably.
 
I was able to look at the Flash coolies that were found prior to the above one I had not seen before was "rmncdn.com"
It is my uneducated guess the problems may have come with this I was reluctent to open the Links a google search found.
 
I have Screen shots of the KIS and SAS notifications and a screen shot of the Cookies in Flash Cookie Remover at the time.
 
Thanks in anticipation.
IP Logged
Rayg
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Trojan Win 32 Swisyn xnu
« Reply #1 on: Mar 24th, 2010, 12:06am »		 Quote Quote  Modify Modify
I ran the TH FlashCookieRemover through VirusTotal.  Of the 42 scanners (including KIS), 0 scanners detected anything malicious with this file.  This is a False Positive detection by KIS on your system.  
 
-  Can you submit it to KIS as a potential False Positive and see how they re-analyze it for their rootkit module.
 
The rmncdn.com cookie may have come in from an ad on a website that you visited.  
 
I cannot find anything concerning OWL235F.Dll via Google.  That's typically a good signal that the file is potentially malicious and should be analyzed.  Looks like SAS did its job. Smiley
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Rayg
Full Member
***





   


Gender: male
 Posts: 164
Re: Trojan Win 32 Swisyn xnu
« Reply #2 on: Mar 24th, 2010, 12:42am »		 Quote Quote  Modify Modify
Thanks,
Will advise KIS. Although no previous or subsequent Scans have shown anything.
 
Regards
IP Logged
Rayg
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »