Author Topic: Unrecognizable Trogan by Avast  (Read 5016 times)

0 Members and 1 Guest are viewing this topic.

Offline artistONE

  • Newbie
  • *
  • Posts: 7
Unrecognizable Trogan by Avast
« on: August 02, 2005, 02:38:36 PM »
My PC was originally attacked by a person with
"Download.Trojan" and "Backdoor.IrcContact", which finally broke down my PC, and the hard disk had to be replaced.

Afterwards these two Trojans were still there and thus found and removed. Yet the constant drainage of the data from my computer continues and no Anti-Virus program finds any virus or threats.

The job of "Download.Trojan" is downloading many other known and unknown Trojans.

I can see on a sniffer how periodically, in every 5 minutes or so, data are sucked out of my PC (just like during the original attack), but I can do nothing about it!

I can see even the IP address of the place , where the data goes....but it is probably a proxy
,because there is NO information on IP address data bases.

What the hell can I do?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 27661
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Unrecognizable Trogan by Avast
« Reply #1 on: August 02, 2005, 03:04:04 PM »
A trojan does not break down a harddisk or system.

What you need to do is clean and protect your system.
See HERE for instructions.
Follow ALL 9 steps on that page.
« Last Edit: August 02, 2005, 04:27:41 PM by Eddy »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 77476
  • No support PMs thanks
Re: Unrecognizable Trogan by Avast
« Reply #2 on: August 02, 2005, 04:08:35 PM »
A firewall should be able to stop this outbound traffic, I assume you don't have one?

Quote
"Download.Trojan" and "Backdoor.IrcContact", which finally broke down my PC, and the hard disk had to be replaced.

Afterwards these two Trojans were still there and thus found and removed.
Having replaced the HDD (I assume you only have one) then there shouldn't be any way they were still there, you got reinfected with something.
Since they weren't detected as the same trojan/backdoor and you are using the same AV, then they can't possibly be the same otherwise they would be detected again.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 17.4.2293beta/ Outpost Firewall Pro9.3/ Firefox 52.1 ESR, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ MalwareBytes AntiMalware Premium 2.2.0/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline artistONE

  • Newbie
  • *
  • Posts: 7
Re: Unrecognizable Trogan by Avast
« Reply #3 on: August 03, 2005, 06:35:52 PM »
Thanks a lot for your responses. The recommended website was great, but I still cannot find any Trojans and viruses.
Some clarifications:

-I did not have any Anti-Virus software on my PC before the break down of my PC and the replacement of the Hard Disk. (long story, how I know the exact day of the start of the attack).

-According to David R , my PC has been reinfected again. Very likely by visiting the same suspicious weblog, wherefrom - I'm sure now- I was attacked in the first place. (long story)

-The attacker contacted me 2 days ago by icq (I was 100% sure it was him). The moment I clicked on the message, my sniffer showed no more suspicious activities, but instead I could see on "SENT"-Internet-traffic-monitor, that the person, through icq window/contact, is directly sucking massive amount of data periodically(again about each 5 minutes) .

- Are such icq numbers (from which the attacker can attack the PC directly) also proxies and cannot be tracked? could the ICQ number lead to the PC address of the attacker?

-I receive recently every once in a while, a very suspicious-looking blue window on lower right side of my desktop, which says: "Avast Information...A new version of Avast database is installed..click for more information"  Is this a legitimate notice? Because my Avast blue ball (a) is recently always still and it never turns around .
As if the program is disabled (of course there is no other indication of it being disabled).
 
-Regarding Firewall, I have the Windows' Firewall always on. Is that not enough? If not, please recommend me one.

- Another very important point that you, as experts, can give me a clue about:

As you know for each hotmail e-mail address, one receives also an MSN explorer browser:

-It seems that the attacker can connect to my PC and attack it, ONLY through 2 of my MSN Browsers.  When I am on other MSN Browsers, the constant periodically sucking of data stops. I hope this could give you a clue, how these attacks in my particular case work and where should I look in my PC, to find the problem.

Thank you very much for your help.