Author Topic: Bart 2 didn't find trojans  (Read 12721 times)

0 Members and 1 Guest are viewing this topic.

cpuuk

  • Guest
Bart 2 didn't find trojans
« on: November 23, 2006, 10:27:05 PM »
Went to look for Trojans on a PC using Bart2 (created 23rd Nov) and it found nothing.... not a sausage.....installed 4 year old Symantec v10 AV and it managed to find 5 trojans.

I thought you guys are supposed to be good? Very, very, very dissapointing  >:(

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Bart 2 didn't find trojans
« Reply #1 on: November 23, 2006, 11:36:31 PM »
Why do you think that an old Symantec detection is right and avast wrong?
Did you already listen about false positives?
Can you post the name and path of the infected files? Which malware were found?  ::)
The best things in life are free.

cpuuk

  • Guest
Re: Bart 2 didn't find trojans
« Reply #2 on: November 24, 2006, 01:08:36 AM »
I will post up with more details  tomorrow......  And yes, the trojans were real, I watched the little blighters attempt to send dozens of spam emails outs. In the end it was Symantec 2007 finally removed the trojans successfully from \documents and settings\user_name\local settings\temp\

Not to mention that the networking function has not worked on any PC I've tried it on, and I really needed to copy a lot of data off to the network today.
« Last Edit: November 24, 2006, 01:15:03 AM by cpuuk »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Bart 2 didn't find trojans
« Reply #3 on: November 24, 2006, 01:19:01 AM »
In the end it was Symantec 2007 finally removed the trojans successfully from \documents and settings\user_name\local settings\temp\
So, it was not an 'old' Symantec.
But if you think there is a perfect software... you won't find it... just to begin, try to get support from Symantec... stay sitted, waiting...
The best things in life are free.

cpuuk

  • Guest
Re: Bart 2 didn't find trojans
« Reply #4 on: November 24, 2006, 10:34:14 PM »
Truth be told the Sym V10 is 18 months it did identify the trojan, but couldn't delete. The Sym 2007 could delete it, but Avast & Mcafee couldn't see it at all. The confusion over the age of Sym was down to the fact I don't use it myself.

Anyway, I sent you guys (and Mcafee) a copy of the trojan..... and it's a bitch. Although it can be removed (hell, even I now know how to remove it manually) it just keeps coming back, whatever registry hack it's using is damn good.

So, let's see how Avast support is better than Sym  ;)

PS If it makes you feel any better, the Microsoft product couldn't find the Trojan either....... you can do better than M$ can't you :P
« Last Edit: November 24, 2006, 10:40:20 PM by cpuuk »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Bart 2 didn't find trojans
« Reply #5 on: November 24, 2006, 11:01:25 PM »
Although it can be removed (hell, even I now know how to remove it manually) it just keeps coming back, whatever registry hack it's using is damn good.
Most of the replicant virus (coming and coming again) come with System Restore (that you could disable http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or temporary files (that you could clean).

It will be good if you download, install, update and run other trojan remover tools:
a-squared
Free AVG Antispyware
SUPERantispyware
Spyware Terminator
The best things in life are free.

cpuuk

  • Guest
Re: Bart 2 didn't find trojans
« Reply #6 on: November 26, 2006, 06:21:56 PM »
Thanks for the suggestions..... restore & temp (and deleted) I'd already covered as a precaution, yet it still comes back. After looking around I have identified the virus as http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=119654&amp;sind=0  I'm quite amused that it is listed as "not in circulation"...... I have 20x PCs that have it >.< I also note it uses a backdoor and user intervention http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=119900&sind=0 ..... this worries me more

http://www.pandasoftware.com/com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=119900  this explains much...... Lootseek.DD backdoor has installed Rizalof.DC spam virus..... now I can get on and sort this problem.

Any chance you guys can get this fix onto Bart2? I'll do it manually in meantime.
« Last Edit: November 26, 2006, 06:48:04 PM by cpuuk »

cpuuk

  • Guest
Re: Bart 2 didn't find trojans
« Reply #7 on: November 28, 2006, 02:25:02 AM »
Well, we have thrown in the towel  :'( ..... after cleaning every machine with Panda\ Symantec\ F-Prot the virus came straight back the moment any server shares were accessed. Is seems the server still has another hidden virus on it which creates autorun & setup.exe files on every shared drive (you delete them, they come back). The setup.exe pushes a 16bit subsystem onto any machine that connects to the shares, this creates the other  virus instances.

The AV can't find this last nasty that's for sure. We know we have a blended virus of at least 3x components and not a chance of beating it, so we have wiped every machine.

I'm afraid that BartCD was of no use  :(

VladThePCImpaler

  • Guest
Re: Bart 2 didn't find trojans
« Reply #8 on: December 18, 2006, 05:29:20 PM »
Heh, it amazes me,how many people actually waste there time installing Nortons. That has to be,the worst pile of dung I have ever had the sorry pleasure of installing.
4 times,I gave nortons intenret security 2007 a go. And everytime its let me down. had a worm that replicated 415 times in under 20 mins. and nortons didnt even flintch.
Ran a scan and nothing. Tried every free antivirus out there But (avast) at the time for shits and grins,and they all identified them,   but couldnt clean rather important system files. And I didnt really want to do a fresh install of every dog gone thing. Pain in my a**. Only one antivirus was able to not only detect every infection,but was able to actually clean everyfile! And believe it or not,But it was Kaspersky.(had a 30 day trial) I like to give security products serious testing,I will goto malicous sites and test downloads and jav/vb cgi script detection,with antivirus products... I learned not to do that with nortons (sigh) I just couldnt believe it wasnt detecting what all the others were,and kept giving it another chance like it was a fluke.. (my a**) Norton should be shot. For selling that pile of dung heap. I Have nothing to do today,just Installed avast for vista,Since im running vista business since about 4 days ago.. Vista going to take some time getting use to. So today gonna give Avast some serious testing at some very ,very malicious scripting and file sites,and give it a whirl. So what gets through if anything. So far,for free home antivirus solutions Avast has by far the most detection features.. Features other antvirus products wont include in there free version. (jerks) heh. Ok,someone take my caffeen away.. Im typing more now then I do when Im supposed to be working.