Topic: An elusive trojan

[Colin_Bellamy-Wood]

I believe, most strongly, that I have a tojan.   Frequently I get emails from webmaster saying that an email sent from address A failed to be received by address B but they return it to me.   One tonight claimed that the e-mail "I" had sent contained a virus.   The emails returned are all the same with something like 125000 characters, starting with several rows of the letter "A" and then interrupted by what I can only describe as random letters.  

I've got all the latest Microsoft security updates   I've got BlackICE Realsecure desktop protector which I understand to be a firewall, and is courtesy of BT Openworld.   I also have McAfee Virus Scan, and I have done several scans of my Computer recently in an effort to find and get rid of this trojan, but have had clean reports each time.

I read somewhere that the trojan can lie inside my wallpaper which was a bitmat(?) image of Annie - which has been completly deleted, even from my "dustbin".

Does anyone know how I can find and kill this blooming trojan please - it is embarrassing me.

[gavin]

Hi Colin - a few thoughts

First, your computer may well be clean.

But if you get spam, your e-mail address may be  on a list circulated around and sold by/to spammers - it's a simple matter for somebody sending spam with a virus load to "spoof" your address.  You then get all the bounces, returned viruses, and one or two very irate replies.

Another possibility is that somebody else (with your e-mail address on their computer) is infected - and their trojan is sending out stuff in the name of everybody in their contacts list.

One other comment -

I don't know anything about BlackICE at all, but if it's anything like the firewall I have, it will only prevent hacker-type attacks.

Your McAfee should pick up any viruses, but only if (and apologies if this is an egg-sucking lesson!  Ouch!  Lay off Granny!!!!!!!!! ??? ??? ???) the virus dictionary is updated very regularly - every week?)

But there's a whole range of other mal-ware - who may be tracking your internet use, hijacking your browser, transmitting your details to "advertisers", etc etc etc - after Tim's experience, I hesitate to suggest, but as far as I can see these two come highly recommended for getting rid of such mal-ware.

Adaware (from http://www.lavasoftusa.com/);
and Spybot-Search and Destroy (from http://security.kolla.de/).

I use both, as one picks up the s..t the other misses - and update them about once a month.

Just another unpleasant example - a friend was advised to use the Kazaa firewall;  neat little setup - it does indeed work as a firewall.  But it only shuts out SOME unauthorised use, as it also installs a whole lot of ad-ware, unbeknownst to the user!  Eliminate the adware, and the Kazaa firewall, in effect, says "stuff you" and shuts down!

All best - Gavin

PS I've rambled a bit ??? - apologies if I'm over the top!

[SueT]

Kazaa is not to be trusted with it`s poxy spyware!   >:(

[Colin_Bellamy-Wood]

Thank you Gavin for your thoughts.   I know so little about these things, that I can assure you that your are not teaching Granny to suck eggs.   You taught me a lot.  

I can't recall ever receiving spam - and I've switched off my "Spamguard".  

Occassionaly the icon for my firewall (when I've logged on to the net) starts flashing, and on investigation, I am being, or have been, probed.   I tend to log-off quick.

Sometimes I hear a "clunk".    I haven't a clue why the "clunk" has occurred, and I wonder if it's something to do with the trojan?

I'll have a look at the two websites that you've given to me later in the week.   Thanks for your input, and if you think of anything else, I'd be grateful for your comments.

I'll steer clear of Kazaa SueT, thanks.

[gavin]

You've never had spam - I've had at least seventy so far TODAY!  ::)  You lucky man!

But I haven't a clue what the "clunk" is though!

Good luck - and long may you evade the spammers.  Gavin

[carloso]

helloooo


i always find a lot of handy stuff at www.cnet.com just make sure its what you want mind and i always read the other comments too
soem stuff ive had is very good and other well you live and learn lol

carl

[carloso]

oww i forgot to mention  i use the firewall for zone alarm runs along side norton and does very well !!!

[kenkew]

After problems of a like nature I was advised to dump Gator. It made a heck of a difference. I've bought and installed Spy Nuker and every couple of days I run it and find I have always picked up spyware. I use Nuker to kick it off. A friend of mine has put a fictitious address in his Address Book so that it sits above all the others. Probably starts of with AAA... He tells me that stops him automatically passing on any virus given to him as the virus gets stuck on the first address.

[Ragged Robin]

  This is all Greek to me..... but at least I know where to come for advice!     ???

[Colin_Bellamy-Wood]

Hey Ken, that sounds a superb idea - to start your address book with AAA.   I'll do the same as soon as I've looged off.

[kenkew]

It might be an idea to have a word with the provider, too. More and more of them are offering services to attract/keep customers. Last year mine offered a service for about a quid a month. It has blocked about a dozen 'viruses' to date. It's not 100% but it's the Trojans and Worms that cause the mischief in the vast number of cases and it's these that are being blocked. The major viruses are usually aimed at upsetting corporations like Microsoft or government targets. There is usually a warning given and advice as to what action we can take. MS are forever plugging holes in their programmes which let these viruses in. I suppose the closest anyone can get to 'full security' is to pay for a good virus protection programme and up-date it regularly.

[kenkew]

....to add what might seem obviouse, (let's not forget we all started out learning to walk) most 'viruses' are spread via E-mail attachments. If you don't know who the mail comes from, DON'T open the attachment. If the mail shows a URL -link address to a web site- DON'T click it unless you know where you're going. Check your 'Cookies' folder at least once a week. Lots of web sites deposit a 'cookie' in your 'puter which reports back to the person who 'presented' you with the cookie in the first place, and it tells that person (among other things) which sites you visit. This tells that person what things you are interested in and that info is used as a marketing tool to target you with even more E-mails. That could I suppose be classed as a low virus form. Good stuff, eh?
I regularly dump ALL my cokkies. I know some of them are not a bad thing to have but if I need a particular one for a particular site, the site will either deposit a new one or ask me to register again.