bad malware...

[Guest]

[ma3hd]

Hello my dears...

i have an trojan when i open any site it download auto into my computer .... i have nod32 anti virus and i delete this trojan and i formatting my hard ..

put the trojan still appear when i browsing any site such that microsoft

trojan from 832821.com/ rr.html" (added 'space' after '/' to remove direct link (Garry))

832821.cn/ sysdown.exe (added 'space' after '/' to remove direct link (Garry))

i hope to help me

Edit: Removed WWW. to disable remaining link. N.T.T.W.

[N.T.T.W.]

Hi ma3hd,

please could you post the name of the trojan deleted by nod32.

Do you get the trojan when viewing the website in your post - I get nothing from this site apart from a pop-up which is blocked by Firefox.

 

[ma3hd]

thanks sir for fast reply....

trojan is more one...such as ...

sysdonwn.exe >>> trojan.delf.wh

win32/trojandownloader.ani.gen trojan
 
that i remember now...

[~cat~]

Is BoClean installed?

[ma3hd]

what it is BoClean ?...

i only have nod32 full verison with antispyware...

[ma3hd]

and is it deny this trojan to hit me every time i open the browsing

[N.T.T.W.]

Quite a nasty trojan.

Do you currently use any Comodo products?

You could try installing BOClean:

http://www.comodo.com/boclean/boclean.html

I am not sure if this will remove this trojan but it is a great antimalware program that can also repair hosts files etc when it removes malware.

Comodo Firewall may also help as it should warn you about any connection attempts if your system is infected.

For removing this nasty with NOD32 (assuming NOD32 detects it) then you should first disable system restore on your computer and then run a full scan with NOD32.

[ma3hd]

thanks sir for help ..

i install boclean ...and it never see the trojan ...before i install nod32 i used antivirus here ...

but trojan still appear ...

important note :

i used and dsl internet ( lan network ) ...i try to open my friend computer and i see also the trojan try to open itself ....and i try another computer in lan ...and i see this trojan ...

i think it from router of lan ....

is you have any idea to fixed it ?...

[N.T.T.W.]

As you are using NOD32 and you have said it detects the trojan your best bet may be to post on the forum for this product on Wilders:

http://www.wilderssecurity.com/forumdisplay.php?f=16

I am sure someone there will be able to help you with either removal or submitting the trojan.

I am surprised BOClean does not detect this malware. If you manage to obtain a copy of the trojan perhaps you would consider submitting it to Comodo to help improve detection in BOClean and CAVS:

You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line "Malware?" for clarity's sake.
Zip and password protect the file with "infected" including that information in the email body.

 

[nubiatech]

what it is BoClean ?...

Sorry for the OT, but this is Boclean forum!!

And the websites you referenced are not the same:
832821.com/rr.html
832821.cn/sysdown.exe

And, what are the rules for posting direct links to malware?
Could a mod please look at this post to protect the innocent ...

Edit:
Forum Policy:

    * Live Malware. Comodo is in the business of helping secure the internet, not propagating malware.  Thus, it is not the appropriate place to attach or link live malware (viruses, trojans, rootkits, etc) to posts.  In general, a link to the download site for 'malware' tests/demos and other 'proof of concept' applications are acceptable, provided they are not intended or designed to cause harm to a computer.

http://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

EDIT: Removed WWW to disable remaining link. N.T.T.W

[garry]

832821.com/rr.html
832821.cn/sysdown.exe

And, what are the rules for posting direct links to malware?
Could a mod please look at this post to protect the innocent ...

Hi,

I have added a 'space' after '/' to remove direct link.

Garry

EDIT: Removed WWW to disable remaining link. N.T.T.W

[Allan]

Please Admin, to remove the link.

More Info:
REPORT SiteAdvisor

Thx,
Allan

 

[N.T.T.W.]

Please Admin, to remove the link.

More Info:
REPORT SiteAdvisor

Thx,
Allan

 

I have removed the www to disable the links in these posts. 

[Tags:]