Virus at Talkgold

Pages: 1

Virus at Talkgold
(Click here to view the original thread with full colors/images)

Posted by: sceptre

If you were at talkgold yesterday, and read posts in the general folder from the person

Quote:

fukinsuicide

scan your systems for trojans. Just by reading the post it is believed that your system could be infected. The trojan is not detected by Norton or many other virus scanners, though it was detected attempting to send information by Norton Firewall. The trojan was not detected by Zone Alarm. I would recommend that everyone using Windows, scans their systems and have a look in the startup. The startup process can be found by typng "msconfig" into Run. If you see anything suspicious investigate it. The trojan is believed to record everything typed, all information saved to the clipboard and be able to record SRK.

Posted by: Anonymous

I don't go to TalkGold anymore, but if it's there it's likely to be other places too. Do you by any chance know the name of the Trojan, Sceptre?

Thanks -
Rhys

Posted by: sceptre

I really dont' know much about the virus. My firewall recognized it as "Paradise Trojan".

Norton Firewall

Quote:

Paradise Trojan Has been blocked while attempting to access the internet

Posted by: memorex

You can find the Information regarding this trojan on the below url, Showing what it is capable of and how to remove it from your registry:

http://www.commodon.com/threat/threat-mp.htm

regards
memorex

Posted by: bibinje

sceptre are you running windows 98?according to this site it says that it effects win 95-98.just wondering if it would do any damage on my xp

Posted by: HettK

Does it matter what browser your using if you get the trojan, I use Mozilla Firebird exclusively (as IE won't even work on my PC, which is a good thing =D> )

Posted by: sceptre

Quote:

Originally Posted by bibinje

sceptre are you running windows 98?according to this site it says that it effects win 95-98.just wondering if it would do any damage on my xp

I'm also using windows xp, and hoping that it doesn't affect my system. I have run many, many virus scanners and trojan scanners. It in the end found one, by the name of Netspy, I think it might have been spynet lol. Anyways do you know anything about Netspy?

Sceptre

Posted by: sceptre

I have found the sysedit.exe file. Though it is part of the windows system. Is there anyway to detect if it is the real thing?

Posted by: sceptre

I think this might show something good,
http://www.hyipchat.com/sysedit.jpg

The File was created April 25th, long ago
and was last edited back in august prior to the virus warning

Wouldn't this file have to be created/edited just a few days ago :-k

Posted by: Anonymous

Netspy info is at:

http://www.sharewareorder.com/NetSpy-download-4067.htm

Rhys

Posted by: ptc

You can configure your firewall to block or alert you
if any of the next ports are used

* Most Common ports are Placed in

31 TCP Hacker's Paradise, Master's Paradise
456 TCP Hacker's Paradise
3129 TCP Master's Paradise
40421 TCP (Master's Paradise Trojan)
40422 TCP Master's Paradise
40423 TCP Master's Paradise
40425 TCP Master's Paradise
40426 TCP Master's Paradise
1024 TCP NetSpy
1033 TCP NetSpy
31338 TCP NetSpy DK
31339 TCP NetSpy DK
-----------------------------------------

You can check/find weird changes at your registry
with hijackthis http://mjc1.com/mirror/hjt/

Posted by: admin

Thanks ptc, Good info, I did not know that b4

I find it hard to believe that a poster can install a trojan on your computer by you simply reading their post and WITHOUT clicking on any links, it does not seem possible

If "neo" is around or anyone else "in the know" I would be interested in his or their comments on this, as to how and if this could occur?

http://www.hphyips.com/santa7.gif

Posted by: sceptre

Does anyone know how to remove this netspy

Posted by: admin

This is for Master's Paradise, not sure about Net Spy

Quote:

How to Remove

The first five steps involve editing the Windows 95/98 registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, look for a key that loads a file called "sysedit.exe".

Step 4.
In the right window, highlight the key that loads the file and hit the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Reboot your computer

Step 7.
After the computer has restarted, open Windows Explorer

Step 8.
Go to the WINDOWS directory and look for the "sysedit.exe" file. Once you've found the file, DELETE it.

Step 9.
Also within the WINDOWS directory, look for the "keyhook.dll" file. Once you've found the file, DELETE it.

Step 10.
Exit Windows Explorer and reboot your computer.

Congratulations, Master's Paradise has now been removed from your system.

Important Notes:
Because the trojan deletes and replaces Microsoft's SYSEDIT utility with the "server" portion, you'll have to either extract the original sysedit.exe from the CAB files, or copy it from another PC

Source:

http://www.commodon.com/threat/threat-mp.htm

Posted by: admin

Quote:

31 TCP Hacker's Paradise, Master's Paradise
456 TCP Hacker's Paradise
3129 TCP Master's Paradise
40421 TCP (Master's Paradise Trojan)
40422 TCP Master's Paradise
40423 TCP Master's Paradise
40425 TCP Master's Paradise
40426 TCP Master's Paradise
1024 TCP NetSpy
1033 TCP NetSpy
31338 TCP NetSpy DK
31339 TCP NetSpy DK

Hi ptc,

I just probed all the ports listed using Shields Up and they all came up Stealth

So does that mean that they are not being used or are they just invisable??

If members want to probe their ports, try Sheilds Up

https://grc.com/x/ne.dll?bh0bkyd2

Interesting site as it shows how vulnerable your ports are and if they are OPEN, CLOSED or STEALTH to Hackers

Posted by: awty

Yep, I'm working on my firewall, got a new one, different config.
GRC is an excellent resource for that. As for trojans/viruses in emails? Usually Outlook and Outlook Express are chosen 'carriers'.
Problem can arise when the 'preview' mode is turned on, to display the first few lines of the message. Outlook/OE has already opened it, and if the settings are right, it can install WITHOUT user intervention...
Jeff

Posted by: bibinje

hello sceptre try this http://service1.symantec.com/SUPPOR...src=bar_sch_nam i hope this works

Posted by: Anonymous

I'm pretty sure that a2 free will remove this one for you. Go to:

http://www.emsisoft.com/en/software/free/

If you don't have any luck there, post again - it's a common Trojan, so I reckon most AT software will get it, and this one you can download without paying for.

HTH -
Rhys

Posted by: sceptre

I have tried the A2 AT and it has found a trojan and removed it

Posted by: ptc

congratz sceptre

Quote:

Originally Posted by hphyips

Quote:

yeah they all say stealth is the safer(safety?) mode because the ports don't respond to external requests that's useful against hackers and port scanners. I'm thinking if you already have a trojan into your pc it probably can open a stealth port(not sure), if your firewall admin is password protected and the port is blocked outbound it must be harder for the trojan.
Regarding to get infected reading a post, I remember when most of the forum boards had javascript enabled it was used to infect peoples pc's. I don't think it's actually possible if you have activex disabled and the forum only have text, no more scripting capabilities.

Posted by: memorex

This is shields up answer to my little old windows computer

)

Quote:

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Posted by: sceptre

:-k They couldn't use the BB code for it could they :-s
Probably not, it only seems useful for visuel effects

Posted by: neo

For a virus/trojan to be installed from a post, html has to be enabled.

BB codes will not allow it and smilies cannot either.

Of course if one clicks on a link in a post then you could get anything.

From my reading ot it, you can detect the infection by an entry in the registry

Run regedit and locate the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

Then look for an entry with "sysedit.exe" within the right hand window. If it is there then follow the directions given earlier in this topic (and you are already 1/2 way there anthow). If it is not there then you are not infected.

Posted by: sceptre

Luckily is seems that my PC is clean \

/
But I can never be too careful [-X

Posted by: mdegryse

Shields up

Quote:

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Posted by: Sailor

Quote:

Originally Posted by sceptre

I have tried the A2 AT and it has found a trojan and removed it

Hello!

Im glad to have a free version A2
from http://www.emsisoft.com/en
Yesterday killed one while Agnitum Tauscan and
AVG-antivirus have missed it.
Thanks this forum for recommendation !
Stan

Posted by: bibinje

hmmm. :-k i don't know about this a2 utility.i tried it out(i didn't have anything else on)and maybe half way through ,my norton kicked in and deleted a virus immediately.after the scan(a2)it said i did not have any malware.i went back to norton to see what the hell it caught.it was a zip .sfx file described as a backdoor trojan.i usually get about 2 viruses a year,so this just proves to me that nav 2004 pro(in my opinion)is the best protection.

Posted by: memorex

Quote:

Originally Posted by Sailor

Quote:

Originally Posted by sceptre

I have tried the A2 AT and it has found a trojan and removed it

Hello!

Im glad to have a free version A2
from http://www.emsisoft.com/en
Yesterday killed one while Agnitum Tauscan and
AVG-antivirus have missed it.
Thanks this forum for recommendation !
Stan

As far as I am concerned the Jury and verdict are still out on this program.
I still cant see see any real difference from the adaware 6 from Lavasoft and A2 apart from the latter is only a 30 day trial and Adaware 6 from Lavasoft is a free version.
So why would you buy it ??
regards
memorex

Posted by: Anonymous

Unless something has changed drastically in the past few days there is still a free version of A2 which you never have to pay for and can update manually, along with A2 personal (the pay-for version).

So you shouldn't need to buy it, and the reason for having it - cos no scanner picks up everything. Also, ad-aware concentrates more on spyware, A2 more on Trojans.

HTH -
Rhys

Posted by: memorex

Quote:

Originally Posted by rhysem

Unless something has changed drastically in the past few days there is still a free version of A2 which you never have to pay for and can update manually, along with A2 personal (the pay-for version).

So you shouldn't need to buy it, and the reason for having it - cos no scanner picks up everything. Also, ad-aware concentrates more on spyware, A2 more on Trojans.

HTH -
Rhys

I was evaluating the program on it having to purchase it and I feel that it is still no better than adaware 6 there is a free program for download but it is not a full program Just by download size will tell you this.
But my Anti Trojan program and my norton firewall and norton antivirus.
Does all of this admirably without fail, so far and I have STEALTH COMPUTER, according to Sheilds Up and also through Symantec .com .
Which has stopped all breaches to my security, no matter who have tried it has picked it up and blocked them.
So why would I want or even need another program doing the same job ??

regards
memorex

Posted by: betrdanevr

Hey, guys! Just a heads-up kind of thing here. I've been having some "strange" incidences with my computer, such as not being able to bring up Windows Notepad. Instead, I got "syshos.exe" (a black, DOS-like screen).

Turns out I had a keylogger, "msto32.dll," and it was caught by Norton Antivirus. (By the way, I downloaded and scanned with the A squared program, and I run Norton Firewall, too.)

Oh, I printed out instructions from the Symantec web site about how to scan, then edit the registry, but I didn't get very far.

For what it's worth, I went to the live help on the Symantec web site, and I just wanted to tell you that they got rid of the darn thing for me for the very small cost of $19.95!!!

Maybe some of you folks have used online repair before, but I hadn't. It was smooth as silk because I'm on a cable ISP. But the tech "took over" my mouse and keyboard and it was WONDERFUL!
Everything's fixed!!! (Whew!)

Terri

Posted by: sceptre

There are so many keyloggers these days, someone should make a program dedicated to finding keyloggers

Posted by: memorex

Quote:

Originally Posted by sceptre

There are so many keyloggers these days, someone should make a program dedicated to finding keyloggers

Apart from the actual person who is the keylogger whom they dont normally find, there are programs that can detect Keylogger activity.

regards
memorex

Posted by: Anonymous

Memorex -

Going back in this thread a bit - A2 free is a fully functional programme, just not bloatware.

The reason I recommended it? Cos both my AVs, anti-Trojans, and Ad-aware and Spybot were saying my machine was fine, and it wasn't, but I couldn't find the problem. (Yes, I have a firewall and the Proxomitron, but I had been doing some traffic exchanges and those can be bad places.)

So...I downloaded A2 free and found a nasty little keylogger - fortunately it hadn't been there long enough to do damage. The programme deleted it for me too, which was nice.

The free version isn't memory resident, so it's just for doing system scans and removals.

You're right, the jury is still out, I don't know how it rates compared to everything else, and if you're happy with what you've got, you don't need it.

As it turns out, I did need it, and it fixed the problem, and it didn't cost me anything. I know a lot of people out there who don't have AT software, and this is one fairly decent free alternative, and it does seem to cover some gaps that Ad-aware misses. That's the only reason I bring it up. I'm very much in favour of good free security stuff - not just A2, but that did solve a problem for me, it's pretty new, and I wanted to mention it is all.

Cheers -
Rhys

Posted by: memorex

Rhysem

I am not trying to have a go at aІ ? or even you, or about whatever method you or anyone chooses to secure their computer as this is an individual choice with whatever program they feel comfortable with.

I am still testing aІ out on my own computer which I am using with the 30 day trial.

The freeware version doesnt get a background scanner, which isnt fully functional on the main program yet anyway but is supposedly being upgraded in the very near future.

Which leads to my next question what else isnt finished yet, have they any other little parts of this program, that isnt fully functional yet, or even possibly not quite covering your computer's security

I think a scanner is important to the safety and security of any computer when on the Web no matter what you are doing.

This is why I use Anti Trojan or the Cleaner,Norton Firewall and even the Norton Anti Virus also the program called the Cleaner's scanner is perpetually running in the background.

Yes I know they arent free but you only get what you pay for in this arena and sometimes they dont come up to scratch either but in the main I have found the free versions to be somewhat lacking

I am a little luckier than most as I receive a lot of the programs for my business purposes and they are fully functional without cost.

I think that the freeware may of course find your problem and possibly eradicate it but will it stop it happening in the future as they only give you a taste of the real program in the hope you will upgrade.

Anyway good luck with the aІ program and I hope it does work for all that use it including me

)

regards
memorex

Posted by: Anonymous

Hi Memorex -

No offence taken, and I use the Cleaner too. Just someone had mentioned A2 to me, and it found a Trojan that slipped past the Cleaner.

Yup, I am also paranoid - and I tend to check out lots of security software too. Though right now I should be checking out this site to get the changes in the works!

Cheers -
Rhys

Posted by: jaboles

Quote:

Originally Posted by betrdanevr

Maybe some of you folks have used online repair before, but I hadn't. It was smooth as silk because I'm on a cable ISP. But the tech "took over" my mouse and keyboard and it was WONDERFUL!

It's also known as VNC (now "RealVNC") and I love it! I can control my Windows computer from upstairs, and even use it when I'm not home by going thru the internet!!!