Trojan - Poebot.Explorer

[pike]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

Giant Anti-Spyware (must be similar to MS beta,they bought company) has
picked
up this trojan but only when connected to AOL.It points to the AOL
'server.lock' file.
Giant cannot seem to quarantine nor remove this thing.
It is not picked up by Ad-Aware pro,Kaspersky Anti-Virus Personal
Pro,Macafee anti-virus.
Anyone have any knowledge of this trojan and how to permanently remove it.

Thanks in advance for any help

Wxp/sp2 with latest security updates.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Pike" <stevenospam@rac4sql.net>

| Hello,
|
| Giant Anti-Spyware (must be similar to MS beta,they bought company) has
| picked
| up this trojan but only when connected to AOL.It points to the AOL
| 'server.lock' file.
| Giant cannot seem to quarantine nor remove this thing.
| It is not picked up by Ad-Aware pro,Kaspersky Anti-Virus Personal
| Pro,Macafee anti-virus.
| Anyone have any knowledge of this trojan and how to permanently remove it.
|
| Thanks in advance for any help
|
| Wxp/sp2 with latest security updates.
|


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Please submit 'server.lock' to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 16 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

* * * Please post back the EXACT results. * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[pike]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Dave,

Here is result of scans:

Antivirus Version Update Result
AntiVir 6.30.0.7 03.31.2005 no virus found
AVG 718 03.31.2005 no virus found
BitDefender 7.0 03.31.2005 no virus found
ClamAV devel-20050307 03.31.2005 no virus found
DrWeb 4.32b 03.31.2005 no virus found
eTrust-Iris 7.1.194.0 04.01.2005 no virus found
eTrust-Vet 11.7.0.0 03.31.2005 no virus found
Fortinet 2.51 03.31.2005 no virus found
F-Prot 3.16a 03.31.2005 no virus found
Ikarus 2.32 03.21.2005 no virus found
Kaspersky 4.0.2.24 04.01.2005 no virus found
McAfee 4459 03.31.2005 no virus found
NOD32v2 1.1042 03.31.2005 no virus found
Norman 5.70.10 03.31.2005 no virus found
Panda 8.02.00 03.31.2005 no virus found
Sybari 7.5.1314 04.01.2005 no virus found
Symantec 8.0 04.01.2005 no virus found


Giant/MS is researching it using the logs I sent them.Will post back
when I hear something.

Steve

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eQkpI6jNFHA.3512@TK2MSFTNGP15.phx.gbl...
> From: "Pike" <stevenospam@rac4sql.net>
>
> | Hello,
> |
> | Giant Anti-Spyware (must be similar to MS beta,they bought company) has
> | picked
> | up this trojan but only when connected to AOL.It points to the AOL
> | 'server.lock' file.
> | Giant cannot seem to quarantine nor remove this thing.
> | It is not picked up by Ad-Aware pro,Kaspersky Anti-Virus Personal
> | Pro,Macafee anti-virus.
> | Anyone have any knowledge of this trojan and how to permanently remove
> it.
> |
> | Thanks in advance for any help
> |
> | Wxp/sp2 with latest security updates.
> |
>
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> Please submit 'server.lock' to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against 16 different AV vendor's
> scanners.
>
> Another way to submit is to send the suspect file to the following email
> address
> scan<at>virustotal.com
> { replace <at> with @ } with only the word SCAN as the subject.
>
> * * * Please post back the EXACT results. * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Pike" <stevenospam@rac4sql.net>

| Thanks Dave,
|
| Here is result of scans:
|
| Antivirus Version Update Result
| AntiVir 6.30.0.7 03.31.2005 no virus found
| AVG 718 03.31.2005 no virus found
| BitDefender 7.0 03.31.2005 no virus found
| ClamAV devel-20050307 03.31.2005 no virus found
| DrWeb 4.32b 03.31.2005 no virus found
| eTrust-Iris 7.1.194.0 04.01.2005 no virus found
| eTrust-Vet 11.7.0.0 03.31.2005 no virus found
| Fortinet 2.51 03.31.2005 no virus found
| F-Prot 3.16a 03.31.2005 no virus found
| Ikarus 2.32 03.21.2005 no virus found
| Kaspersky 4.0.2.24 04.01.2005 no virus found
| McAfee 4459 03.31.2005 no virus found
| NOD32v2 1.1042 03.31.2005 no virus found
| Norman 5.70.10 03.31.2005 no virus found
| Panda 8.02.00 03.31.2005 no virus found
| Sybari 7.5.1314 04.01.2005 no virus found
| Symantec 8.0 04.01.2005 no virus found
|
| Giant/MS is researching it using the logs I sent them.Will post back when I hear
| something. |


I think then there is a high probability that Giant SW made a False Positive declaration.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[pike]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hope so
And thank you for help/time once again.

Steve

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ODFEJgtNFHA.244@tk2msftngp13.phx.gbl...
> From: "Pike" <stevenospam@rac4sql.net>
>
> | Thanks Dave,
> |
> | Here is result of scans:
> |
> | Antivirus Version Update Result
> | AntiVir 6.30.0.7 03.31.2005 no virus found
> | AVG 718 03.31.2005 no virus found
> | BitDefender 7.0 03.31.2005 no virus found
> | ClamAV devel-20050307 03.31.2005 no virus found
> | DrWeb 4.32b 03.31.2005 no virus found
> | eTrust-Iris 7.1.194.0 04.01.2005 no virus found
> | eTrust-Vet 11.7.0.0 03.31.2005 no virus found
> | Fortinet 2.51 03.31.2005 no virus found
> | F-Prot 3.16a 03.31.2005 no virus found
> | Ikarus 2.32 03.21.2005 no virus found
> | Kaspersky 4.0.2.24 04.01.2005 no virus found
> | McAfee 4459 03.31.2005 no virus found
> | NOD32v2 1.1042 03.31.2005 no virus found
> | Norman 5.70.10 03.31.2005 no virus found
> | Panda 8.02.00 03.31.2005 no virus found
> | Sybari 7.5.1314 04.01.2005 no virus found
> | Symantec 8.0 04.01.2005 no virus found
> |
> | Giant/MS is researching it using the logs I sent them.Will post back
> when I hear
> | something. |
>
>
> I think then there is a high probability that Giant SW made a False
> Positive declaration.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

 

[pike]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ODFEJgtNFHA.244@tk2msftngp13.phx.gbl...
> From: "Pike" <stevenospam@rac4sql.net>
>
> | Thanks Dave,
> |
> | Here is result of scans:
> |
> | Antivirus Version Update Result
> | AntiVir 6.30.0.7 03.31.2005 no virus found
> | AVG 718 03.31.2005 no virus found
> | BitDefender 7.0 03.31.2005 no virus found
> | ClamAV devel-20050307 03.31.2005 no virus found
> | DrWeb 4.32b 03.31.2005 no virus found
> | eTrust-Iris 7.1.194.0 04.01.2005 no virus found
> | eTrust-Vet 11.7.0.0 03.31.2005 no virus found
> | Fortinet 2.51 03.31.2005 no virus found
> | F-Prot 3.16a 03.31.2005 no virus found
> | Ikarus 2.32 03.21.2005 no virus found
> | Kaspersky 4.0.2.24 04.01.2005 no virus found
> | McAfee 4459 03.31.2005 no virus found
> | NOD32v2 1.1042 03.31.2005 no virus found
> | Norman 5.70.10 03.31.2005 no virus found
> | Panda 8.02.00 03.31.2005 no virus found
> | Sybari 7.5.1314 04.01.2005 no virus found
> | Symantec 8.0 04.01.2005 no virus found
> |
> | Giant/MS is researching it using the logs I sent them.Will post back
> when I hear
> | something. |
>
>
> I think then there is a high probability that Giant SW made a False
> Positive declaration.

You were correct.Here is Giant response:

'This appears to be a false positive. A bug in Giant AntiSpyware is
detecting the PoeBot worm when it is not really present. You can safely
ignore any warnings you should receive.'

Thanks again.
Steve