Virus query?

[sanctuary24]

I tried a google search on this virus trojan.backdoor.Evivinc but hardly any results came up with proper information, my firewall indicated I was being constantly attacked on the same port as this virus uses but I wondered if anyone here knows about it or has a link to info on it, I think my brother maybe visiting sites that have drive-by-downloads.

One last thing does anyone know what Xfont is that also attacked my firewall on port 7000

[DavidR]

You have to try to be less specific in the search then adjust as necessary http://www.google.com/search?q=backdoor.Evivinc, drops the trojan. from the front and that returns probably more hits that your search on trojan.backdoor.Evivinc.

This is just one of them Backdoor Evivinc.

[sanctuary24]

thanks for the tip DavidR, do you know if Avast covers this trojan or not?

[DavidR]

I have no idea, as the problem is there is no standard naming convention for malware, but there is no entry for Evivinc in the avast virus database. This doesn't mean it doesn't detect it just that if it did then it isn't under that name.

[sanctuary24]

Just a question (for Alwil team)

As a percentage how many viruses of the ones you receive do you send out that same week?

[polonus]

Hi you sanctuary24,

Well learning to search for malware descriptions and manual removal needs some tricks, use the query term in combination with "removal" or with "Sophos"or other vendor's name. There are virus encyclopediae. Not all av-vendors have virus descriptions online, these can be very instructive and help the malware fighter to quite an extent.

polonus

[sanctuary24]

I dont know whether this is possible with the Alwil team being busy making definitions but are there any plans to have descriptions (such as severity, transmission type, effects etc) alongside the malware name (either on the website or within Avast itself) so people can see what they are up against in terms of what the virus does, if it has been discussed before or its not possible then I apologize

ps my firewall keeps being probed on port 5900 commonly used by Trojan.backdoor Evivnic, does Avast have its own signature to detect it and could someone that is infected (bot computer) be bombarding me without knowing it, if so any tips?

[polonus]

Hi sanctuary24,

Think there should be a central place where you could look up these descriptors together with manual removal instructions or links to removal programs. Call it "malware mugshot". You could start a thread, and put this info there, one piece of malware a day makes a lot in a year. It is not a light task with all the aliases going round. I like to put manual removal procedures here in the "virus and worms" whenever appropriate for cleansing reason or when I can find it online. All av-vendors have different policies towards this subject. Sophos gives this info, but not for all of the malware they have signatures for, MacAfee had a lot but stopped somehow to publish the technical descriptions and the manual removal instructions for a lot of malware they combat. Other vendors work with member forums (like our avast), but have no virus lists with qualifications and technical info. If it interests you, dive into it, and fill up the gap. Also funny we do not find these data in Wikipedia yet.

polonus