indication for a trojan infection

Skybird · 08-14-12, 03:28 AM

Was surfing yesterday in search of pics of the Russian and Chinese stealth fighters. Found the known old pics only, investiogated some sites nevertheless. Then left the house for some time. After coming back home and booting ther system, I was greeted by an error message that some sys32/rundll32.exe worked incorrect and that an entry FQ10 was missing.

Googling told me that this was an indication for a trojan infection. Further scanning showed that it was the jackpot: Spyware.Zeus and Trojan.Ransom.Gen. The latter is said that you can handle it if you discover it soon and get rid of it before it starts to really spread around. But Zeus is something different, andf they say even the latest definitions for malware and virus scanner detect it only with a probability of 23%.

Avira Security Suite rang no alarm. An active scan via Malware's Anti-Malware (free) found it. It even made short process with both. However - this must not mean that the thing is really gone, eh?

After that, I scanned again, full scans with Avira Security Suite, Malware's Anti-Malware, SuperAntiSpyware and Emsisoft Anti-Malware Squared. All with no results anymore. But I do not trust it, this Zeus is probably the most dangerous and well-supported criminal trojan currently plagueing the web. I hope those criminals behind it, and others like them, race against a tree with their cars or fall off a bridge.

System reinstallation is in order sooner or later, preferrably before I do my next financial transactions via my system. Great. Right what I was craving for. It'S not so much the installation - but the finetuning of options and individual preferrances.

I hope Zeus punishes them with well-aimed lightning bolts.

Does anyone know how to prepare better against threats like Zeus which you can catch up by simple surf-bys? Detection probabilities of even the latest scanner updates of around 23% are not encouraging, are they.

Skybird · 08-14-12, 03:38 AM

As a warning to all others: if you ever meet Zeus, take it serious and realise that you just have been found by major trouble. I found this excellent German article published by an analyst from Kaspersky which describes it. It is so hard to detect becasue the gangsters behind it spread it in a myriads of versions - and make sure that they release only a small number of modifications into the wild at the same time - but in very short intervals. The record has been over 5000 mutations within just one month. The total number of altered versions of Zeus ranks amongst the hundreds of thousands. In 2009, over 3.6 million systems in the US alone were found to be infected, and formed one of the biggest botnets ever revealed.

http://www.viruslist.com/de/analysis?pubid=200883691

I am not aware that the article is around in English, too. If you stumble over it, link it.

Dowly · 08-14-12, 05:29 AM

Quote:

Originally Posted by Skybird

Does anyone know how to prepare better against threats like Zeus which you can catch up by simple surf-bys? Detection probabilities of even the latest scanner updates of around 23% are not encouraging, are they.

You could try Avast!

I've used it for years and it is every bit as good as people say it is.

HunterICX · 08-14-12, 05:33 AM

Avast and use a noscript plug-in for your browser *if it supports one*
blocks all the nasty ambush ads that contain trojans and other malware.

HunterICX

Skybird · 08-14-12, 06:20 AM

I am pretty sure that I fell victim to a drive-by infection, since I was searching pics of those airplanes. Zeus is known to be extremely stealthy and extremely adaptable, and that is why even the latest up-to-date scanners and definitions have only a 1:2 - 1:3 chance of detecting the latest incarnations. Since some time it also has been known to have been encrypted even better, so that it can deceive security scanners even better.

So, Avast or Avira, Bit Defender or Kaspersky - you better do not feel safe against this beast. It completely escaped Avira Security 2012's radar - and that is a solid security suite as well.

Do a search for Zeus ion the Web to get some info. DO NOT TRUST YOUR SCANNERS TO PROTECT YOU IF YOU MEET IT. CHANCES ARE THEY WILL NOT. 70% of all PCs infested in 2009 or 2010 that were examined by a security company, were protected by up-to-date Firewalls and Virus-Scanners with updated definitions.

Will go to town now, and then this late afternoon start the dance.

kiwi_2005 · 08-15-12, 02:12 AM

Panda Cloud free antivirus is okay well i used it for a while but what got to me is its so silent that i use to wonder is it actually doing anything. No updates of the definitions are required because its running in the cloud. For a free antivirus reviews ive read have stood by it, but for me it was so damn silent where the paranoia got the better of me so i went back to a paid antivirus.

Skybird · 08-15-12, 07:47 AM

Only payware Firewall and AntiVirus suites for me. Nobody can convince me that what they do for a fee is done for same effectiveness but for free by "free versions". Additionally using free malware scanners is recommended. I use Malwarebyte'S program, and SuperAntiMalware. Emsisoft's program also often gets recommended over here.

This year, the internet suites of Bit Defender and Kaspersky, F-Secure and G-Data score highest for recognition rates and cleaning, according to testzs in German computer magazines. Panda Cloud was rated okay for recognition, but moderate in cleaning, another Panda version there is which is even weak in recognition. Avast is found to be moderate only in recognition, and weak in cleaning, it is the one suite that has massively lost in this year's incarnation, they say by their results (it was one of the top contenders in past years). My Avira scores good in recognition and cleaning, but moderate only regarding performance (it takes long time to scan the HD).

Well, that says the test by German market leading computer magazine Chip. I sticked with Avira only for reasons of comfort, I already had the abo last year. If I would install brandnew a suite, i would go with BitDefender this year. In the tests it was the only one scoring top in all three categories recognition rate, cleaning, and performance.

Regarding my Zeus problem, none of these suites gives you really safe security. If you got a Zeus clone, and it is not a years-old incarnation (and how would you tell, there are several hundred thousands), there is a good chance that it is still there after the scanner says he "cleaned" it, so REINSTALL. It was not Avira finding it, it was Malwarebyte's Anti-Malware and SuperAntiMalware, btw (both can be had for free in their active scan versions). I would recommend to run active scans with both once a week.

08-14-12, 03:28 AM	#1
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,710 Downloads: 10 Uploads: 0	indication for a trojan infection Was surfing yesterday in search of pics of the Russian and Chinese stealth fighters. Found the known old pics only, investiogated some sites nevertheless. Then left the house for some time. After coming back home and booting ther system, I was greeted by an error message that some sys32/rundll32.exe worked incorrect and that an entry FQ10 was missing. Googling told me that this was an indication for a trojan infection. Further scanning showed that it was the jackpot: Spyware.Zeus and Trojan.Ransom.Gen. The latter is said that you can handle it if you discover it soon and get rid of it before it starts to really spread around. But Zeus is something different, andf they say even the latest definitions for malware and virus scanner detect it only with a probability of 23%. Avira Security Suite rang no alarm. An active scan via Malware's Anti-Malware (free) found it. It even made short process with both. However - this must not mean that the thing is really gone, eh? After that, I scanned again, full scans with Avira Security Suite, Malware's Anti-Malware, SuperAntiSpyware and Emsisoft Anti-Malware Squared. All with no results anymore. But I do not trust it, this Zeus is probably the most dangerous and well-supported criminal trojan currently plagueing the web. I hope those criminals behind it, and others like them, race against a tree with their cars or fall off a bridge. System reinstallation is in order sooner or later, preferrably before I do my next financial transactions via my system. Great. Right what I was craving for. It'S not so much the installation - but the finetuning of options and individual preferrances. I hope Zeus punishes them with well-aimed lightning bolts. Does anyone know how to prepare better against threats like Zeus which you can catch up by simple surf-bys? Detection probabilities of even the latest scanner updates of around 23% are not encouraging, are they. __________________ If you feel nuts, consult an expert.

08-14-12, 03:38 AM	#2
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,710 Downloads: 10 Uploads: 0	As a warning to all others: if you ever meet Zeus, take it serious and realise that you just have been found by major trouble. I found this excellent German article published by an analyst from Kaspersky which describes it. It is so hard to detect becasue the gangsters behind it spread it in a myriads of versions - and make sure that they release only a small number of modifications into the wild at the same time - but in very short intervals. The record has been over 5000 mutations within just one month. The total number of altered versions of Zeus ranks amongst the hundreds of thousands. In 2009, over 3.6 million systems in the US alone were found to be infected, and formed one of the biggest botnets ever revealed. http://www.viruslist.com/de/analysis?pubid=200883691 I am not aware that the article is around in English, too. If you stumble over it, link it. __________________ If you feel nuts, consult an expert.

08-14-12, 05:33 AM	#4
HunterICX Rear Admiral Join Date: May 2006 Location: Malaga, España Posts: 10,750 Downloads: 8 Uploads: 0	Avast and use a noscript plug-in for your browser if it supports one blocks all the nasty ambush ads that contain trojans and other malware. HunterICX __________________

08-14-12, 06:20 AM	#5
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,710 Downloads: 10 Uploads: 0	I am pretty sure that I fell victim to a drive-by infection, since I was searching pics of those airplanes. Zeus is known to be extremely stealthy and extremely adaptable, and that is why even the latest up-to-date scanners and definitions have only a *1:2 -* 1:3 chance of detecting the latest incarnations. Since some time it also has been known to have been encrypted even better, so that it can deceive security scanners even better. So, Avast or Avira, Bit Defender or Kaspersky - you better do not feel safe against this beast. It completely escaped Avira Security 2012's radar - and that is a solid security suite as well. Do a search for Zeus ion the Web to get some info. DO NOT TRUST YOUR SCANNERS TO PROTECT YOU IF YOU MEET IT. CHANCES ARE THEY WILL NOT. 70% of all PCs infested in 2009 or 2010 that were examined by a security company, were protected by up-to-date Firewalls and Virus-Scanners with updated definitions. Will go to town now, and then this late afternoon start the dance. __________________ If you feel nuts, consult an expert.

08-15-12, 02:12 AM	#6
kiwi_2005 Eternal Patrol Join Date: May 2004 Location: Aeoteroa Posts: 7,382 Downloads: 223 Uploads: 1	Panda Cloud free antivirus is okay well i used it for a while but what got to me is its so silent that i use to wonder is it actually doing anything. No updates of the definitions are required because its running in the cloud. For a free antivirus reviews ive read have stood by it, but for me it was so damn silent where the paranoia got the better of me so i went back to a paid antivirus. __________________ RIP kiwi_2005 Those who can't laugh at themselves leave the job to others.

08-15-12, 07:47 AM	#7
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,710 Downloads: 10 Uploads: 0	Only payware Firewall and AntiVirus suites for me. Nobody can convince me that what they do for a fee is done for same effectiveness but for free by "free versions". Additionally using free malware scanners is recommended. I use Malwarebyte'S program, and SuperAntiMalware. Emsisoft's program also often gets recommended over here. This year, the internet suites of Bit Defender and Kaspersky, F-Secure and G-Data score highest for recognition rates and cleaning, according to testzs in German computer magazines. Panda Cloud was rated okay for recognition, but moderate in cleaning, another Panda version there is which is even weak in recognition. Avast is found to be moderate only in recognition, and weak in cleaning, it is the one suite that has massively lost in this year's incarnation, they say by their results (it was one of the top contenders in past years). My Avira scores good in recognition and cleaning, but moderate only regarding performance (it takes long time to scan the HD). Well, that says the test by German market leading computer magazine Chip. I sticked with Avira only for reasons of comfort, I already had the abo last year. If I would install brandnew a suite, i would go with BitDefender this year. In the tests it was the only one scoring top in all three categories recognition rate, cleaning, and performance. Regarding my Zeus problem, none of these suites gives you really safe security. If you got a Zeus clone, and it is not a years-old incarnation (and how would you tell, there are several hundred thousands), there is a good chance that it is still there after the scanner says he "cleaned" it, so REINSTALL. It was not Avira finding it, it was Malwarebyte's Anti-Malware and SuperAntiMalware, btw (both can be had for free in their active scan versions). I would recommend to run active scans with both once a week. __________________ If you feel nuts, consult an expert.