Specifically targetted trojans

[db]

I use broadband. I run Zonealarm anti virus and PC tools spyware used at
different times. Yesterday while working off line my anti virus stated that
it had blocked a trojan attempting to erase a specific file in a specific
folder. On return to work on the file some hours later it had disappeared and
its shortcut stated it no longer could find it and no amount of searching the
whole computer could find it. They had got it. Luckily most of it had been
back-up in a pen. Later while again working on the same folder off line (ADSL
out) and off phone (phone line out) the antivirus again reported that it had
blocked a trojan attempting to delete the same file as before . Its name had
been changed by then.
This means
(i) trojans can delete specific files in specific folders
(ii) they can do this with adsl disconnected
(iii) they can do this with adsl and phone disconnected
(iv) they might be able to do so via phone and 50cps power supply together
with no adsl
(v) trojans can be set to work at preordained times
(vi) because the anti spy ware is meticulous, trojan programs can get in via
formal updates or other sites with permitted access, it has to go through the
firewall.

Question
Can trojans attack with adsl disconnected; and can they be carried on the
power supply: ie in through phone, to power supply which is common to phone
through the transformer and computer, and so on to hard disc? db

 

[Mr. Arnold]

Re: Specifically targetted trojans


"db" <db@discussions.microsoft.com> wrote in message
news:26880D0D-AA63-4F42-8C50-1DDA642A2E92@microsoft.com...


<snipped>


> Question
> Can trojans attack with adsl disconnected; and can they be carried on the
> power supply: ie in through phone, to power supply which is common to
> phone
> through the transformer and computer, and so on to hard disc? db

If malware has compromised the computer, then 9 times out of 10 or 10 times
out of 10 IMHO , the user behind the mouse and keyboard doing the typing and
clicking contributed to it in someway. It just doesn't happen by itself.

Here are some things to use or consider when a computer has been
compromised.

<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>

You can use Process Explorer, which will allow you to look at all running
processes and any hidden processes they may be hosting.

With PE, you go to Menu/View/Show lower pane/show all dlls and PE will show
you everything that a process is hosting in the upper pane, when you click
on a process in the upper pane. You can also right-click a line in the upper
pane to go to Properties where you can get more information. You can do the
same in the lower pane, right-click.

Maybe you should find an AV forum or newsgroup with people that can help
you.

practice safe hex

http://www.eweek.com/article2/0,1895,2132447,00.asp
http://www.claymania.com/safe-hex.html

You may not like this one, but sometimes it's the right thing to do with a
machine that has numerous compromises.
anyway.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

 

[Charlie42]

Re: Specifically targetted trojans

"db" <db@discussions.microsoft.com> wrote:

> Question
> Can trojans attack with adsl disconnected;

When a computer is already compromised by malware, that malware may wreak
it's havoc, regardless of you disconnecting the from the Internet. And btw,
by copying back the files from your pen, you may effectively have reinfected
the computer.

> and can they be carried on the
> power supply: ie in through phone, to power supply which is common to
> phone
> through the transformer and computer, and so on to hard disc? db

Through an old fashioned 56k modem on an analog phone line, yes. Through the
power supply, well, at least it can in spy novels.

My point is: Infections usually happens because the user lets the malware
through, probably via a download or an infected email, and/or the firewall
and anti-malware doesn't catch it. Take it from there.

In this newsgroup, you will find lots of posts on how to get rid of malware.
Read them, and try their advice.

Charlie42

 

[roy69]

Re: Specifically targetted trojans


You also get what is know as a virus with a timed payload, you download
it (I say this because a virus can not download itself) and after a
certain amount of time the virus activates. This can be anything from a
keylogger collecting data to a compleate "**** you" virus that kills
your computer.


--
roy69

- Core 2 Quad Q6600
- Abit IP35 Pro
- 4 x 1GB OcUK PC2-6400 C5 800 MHZ Duel Channel
- Leadtek GeForce 8800 GTS 640MB GDDR3
- CiBox TFT 22" Widescreen LCD Panel. 1680 x 1050
- Creative X-Fi 7.1 PCI-E
- Antec 900 Ultimate Gaming Case
- Creative Inspire 7.1 T7900 Speakers

 

[db]

Re: Specifically targetted trojans

Thank you all. Unfortunately the website this file was destined to go to
(which is political) has had a file called "SECURITY" attached to it, which
I discovered by accident. When I downloaded this out of interest and
clicked to open it I was threatened with a major internal response if I
proceeded - and I did not proceed. The questions I asked here did not in the
replies you have all given suggest anyone else has met the problem. It doesnt
have the feel of the standard hacker who is not likely to be interested in
one named file. I think the security services will be at the bottom of it. My
problem was to discover how they were getting in. Microsoft will be obliged
under the Telecommunications Acts to cooperate and allow them access to
anyone's computer. And in 'updates' for example it will be undetectable. This
is one of the ways thought up! Yours db

"roy69" wrote:

>
> You also get what is know as a virus with a timed payload, you download
> it (I say this because a virus can not download itself) and after a
> certain amount of time the virus activates. This can be anything from a
> keylogger collecting data to a compleate "**** you" virus that kills
> your computer.
>
>
> --
> roy69
>
> - Core 2 Quad Q6600
> - Abit IP35 Pro
> - 4 x 1GB OcUK PC2-6400 C5 800 MHZ Duel Channel
> - Leadtek GeForce 8800 GTS 640MB GDDR3
> - CiBox TFT 22" Widescreen LCD Panel. 1680 x 1050
> - Creative X-Fi 7.1 PCI-E
> - Antec 900 Ultimate Gaming Case
> - Creative Inspire 7.1 T7900 Speakers
>

 

[CB]

Re: Specifically targetted trojans



"db" wrote:

> Thank you all. Unfortunately the website this file was destined to go to
> (which is political) has had a file called "SECURITY" attached to it, which
> I discovered by accident. When I downloaded this out of interest and
> clicked to open it I was threatened with a major internal response if I
> proceeded - and I did not proceed. The questions I asked here did not in the
> replies you have all given suggest anyone else has met the problem. It doesnt
> have the feel of the standard hacker who is not likely to be interested in
> one named file. I think the security services will be at the bottom of it. My
> problem was to discover how they were getting in. Microsoft will be obliged
> under the Telecommunications Acts to cooperate and allow them access to
> anyone's computer. And in 'updates' for example it will be undetectable. This
> is one of the ways thought up! Yours db
>
> db,

If you have malware on your computer it is because you enabled it or
you allowed it. Determine what you did to cause the problem and then don't do
it again.
If you wish to persist in blaming the problem on someone else or
something else feel free to do so. If you wish to continue to deny
culpability you have the right to do so.
You have been given the correct answers. If you persist in your quest
to lay the blame elsewhere you will get no help from anyone. I suggest you
educate yourself on the causes or malware infection. I would also suggest
that you scrutinize your security applications, which are apparently
inadequate.
Don't take my reply as harsh or demeaning. It is not. It is only
constructive criticism, well deserved.
Have a nice day.

C.B.

 

[db]

Re: Specifically targetted trojans

Thank you CB .
I am not arrogant and I listened to everybody. Tell me please how the
security services would get into your computer unopposed, if they wanted to.
Would they use files which are accorded free access such as the various
updates Microsoft or Adobe, your antivirus and your malware etc distribute?
They would be unable to refuse if requested you see. If you have an even
better idea that would also be very welcome. Kind regards, db

"CB" wrote:

>
>
> "db" wrote:
>
> > Thank you all. Unfortunately the website this file was destined to go to
> > (which is political) has had a file called "SECURITY" attached to it, which
> > I discovered by accident. When I downloaded this out of interest and
> > clicked to open it I was threatened with a major internal response if I
> > proceeded - and I did not proceed. The questions I asked here did not in the
> > replies you have all given suggest anyone else has met the problem. It doesnt
> > have the feel of the standard hacker who is not likely to be interested in
> > one named file. I think the security services will be at the bottom of it. My
> > problem was to discover how they were getting in. Microsoft will be obliged
> > under the Telecommunications Acts to cooperate and allow them access to
> > anyone's computer. And in 'updates' for example it will be undetectable. This
> > is one of the ways thought up! Yours db
> >
> > db,
>
> If you have malware on your computer it is because you enabled it or
> you allowed it. Determine what you did to cause the problem and then don't do
> it again.
> If you wish to persist in blaming the problem on someone else or
> something else feel free to do so. If you wish to continue to deny
> culpability you have the right to do so.
> You have been given the correct answers. If you persist in your quest
> to lay the blame elsewhere you will get no help from anyone. I suggest you
> educate yourself on the causes or malware infection. I would also suggest
> that you scrutinize your security applications, which are apparently
> inadequate.
> Don't take my reply as harsh or demeaning. It is not. It is only
> constructive criticism, well deserved.
> Have a nice day.
>
> C.B.