Author Topic: Avast And The *Amanda* Trojan.  (Read 10456 times)

0 Members and 1 Guest are viewing this topic.

firefox007

  • Guest
Avast And The *Amanda* Trojan.
« on: November 30, 2011, 11:48:51 PM »
I've just noticed that I am infected by the *Amanda* Trojan. It is dangerous; as it hides very well, Avast Free is not removing or finding it, how does anyone feel; how could one could get rid of this *Amanda* Trojan?  Thank You!

I run WinXP, SP2.

ady4um

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #1 on: November 30, 2011, 11:57:46 PM »
Please post a new topic in the "Viruses and Worms" subforum http://forum.avast.com/index.php?board=4.0.

If you read the "pinned" or "sticky" topics in that subforum, there are some things you may download and post logs with them, but I would suggest first to start the topic and wait for specific instructions.

YoKenny

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #2 on: December 01, 2011, 12:14:01 AM »
I run WinXP, SP2.
Please read:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast And The *Amanda* Trojan.
« Reply #3 on: December 01, 2011, 12:19:38 AM »
If avast does not detect it...how do you know you have this amanda trojan?

Alievitan

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #4 on: December 01, 2011, 08:04:52 AM »
Some malware are harder to remove than others with some able to hide or resist efforts of antimalware software by embedding itself deep within windows.  Have you tried Avast boot time scan?  It is under "Scan Computer"~~~~~>"Boot time Scan."  There you should see a "Schedule Now" button and click it.  Then restart your machine and Avast boot time scan should run before Windows load itself.  

Theoretically it should have a much higher chance to clear out difficult malware, b/c it runs before any malware or windows for that matter is able to load itself.  To be very cautious and safe, during the scan, only click on "repair," Do not click delete though.  It might be catastrophic if you accidently delete a infected Windows system files.  

The boot time scan should theoretically work.  If it doesn't then you will need to do other things, but try that first and get back to us.  Also install Windows XP sp3 immediately if you can.  Using SP2 is a huge security risk.  
« Last Edit: December 01, 2011, 08:06:37 AM by Alievitan »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Avast And The *Amanda* Trojan.
« Reply #5 on: December 01, 2011, 08:23:41 AM »
To be very cautious and safe, during the scan, only click on "repair," Do not click delete though.  It might be catastrophic if you accidently delete a infected Windows system files.    
Leave the boot time scan set to the default (ask) so you have the chance to view and query the detection first.


firefox007

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #6 on: December 02, 2011, 12:50:51 AM »
Thank you all for your help; I will try the boot time scan, thank you for that idea.

I know I have the trojan by accident, while looking @ ports *stealthed* by Avast firewall.  One  port, seen by Gibson's *Shields Up,* notified that it was inhabited by *amanda* trojan.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast And The *Amanda* Trojan.
« Reply #7 on: December 02, 2011, 12:52:59 AM »
are you behind a ISP box or router or both ?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast And The *Amanda* Trojan.
« Reply #8 on: December 02, 2011, 12:53:50 AM »
Thank you all for your help; I will try the boot time scan, thank you for that idea.

I know I have the trojan by accident, while looking @ ports *stealthed* by Avast firewall.  One  port, seen by Gibson's *Shields Up,* notified that it was inhabited by *amanda* trojan.

Still, you should update your XP to SP3..!! ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

firefox007

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #9 on: December 02, 2011, 12:54:52 AM »
Hi, thank you, I'm using my ISP's modem that's all.

firefox007

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #10 on: December 02, 2011, 12:56:27 AM »
Thanks; I would love to update to SP3, but can't, as MS sees I don't have an OEM copy, and stopped supporting anyway, thanks...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast And The *Amanda* Trojan.
« Reply #11 on: December 02, 2011, 01:03:48 AM »
does it have a firewall....that is turned on by default, by your ISP...if so then it is that firewall that is tested

feks when i run this test at Shields UP i get the same result if i have my computer firewall on/of i also have a firewall in my Dlink635 router....it does not matter what i do with those firewall the test result is still the same....the reason is that it is the first firewall that is tested and that is located in my ISP thompson cable modem box....and the inside of that is off limit to me

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast And The *Amanda* Trojan.
« Reply #12 on: December 02, 2011, 01:03:53 AM »
Thanks; I would love to update to SP3, but can't, as MS sees I don't have an OEM copy, and stopped supporting anyway, thanks...

Well, no big surprise then, if you use a non legit XP.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast And The *Amanda* Trojan.
« Reply #13 on: December 02, 2011, 01:46:38 AM »
The Shields UP report does not say that you have the Amanda trojan..
what it is giving you is info on the firewall ports and telling you that the Amanda trojan use this port to communicate.......when it is there


http://www.speedguide.net/port.php?port=28


Symantec malware info
http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=20121
Quote
Backdoor Amanda is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to alter system files, view desktop contents, disabling user control, etc. BD Amanda operates over ports 11011, 20, 28, 10012, 10013, 23032 via TCP.

« Last Edit: December 02, 2011, 01:26:19 PM by Pondus »

Alievitan

  • Guest
Re: Avast And The *Amanda* Trojan.
« Reply #14 on: December 02, 2011, 12:16:23 PM »
Wow what a gross misunderstanding lol