Netbus and other Trojans

[Misdiagnosed]

I recently found a Netbus Trojan Program attached to a download I was doing. This would not normally be of a lot of interest, except it got in. This program, once in, broadcasts your IP address. That is how I found it, Norton Internet Security kept screaming that Netbus was broadcasting from my puter. How did it get by the AV program, Nortons, and how did I figure the infecting program?
Well, NAV must be loosing it, cus they don't detect what the Internet Security program can.
As to how I found the infecting program, this is important for those who download lots, it came in just after the part that it was attached to finished downloading, in a self-extracting file that looked like a zip, was only on the screen 1 second. Both the downloaded part and the drives scan clean, yet it did get in on that part, the way discribed.
I'm getting more AV protection, at least, and I have had to get a Trojan Cleaner just to get rid of it.
Watch your alerts on your Internet Security programs, if your getting Netbus, or anything else very regular, your probably infected and broadcasting, especially if the IP address indicated is yours!

[Xayd]

Yeah, I had to go back to Zone Alarm from BlackIce due to a similar issue.

I like the automatic back trace of IP's that BlackIce has, but a virus such as the one you had would have to be damned sneaky to get something past Zone Alarm with all outgoing traffic restricted.

I've got a little hidden proggy that came with a chat client, for instance, that's been trying to send out my system info for two months now. ZA squishes the outgoing packet every time . I figured I could delete the executable, but what's the fun in that. Kinda like a pooch on a leash when it tries to run past ZA, I'm just gonna keep the proggy and call him Spot.

Xayd

[This message has been edited by Xayd (edited 07-19-2000).]

[Misdiagnosed]

I never liked BlackIce cus it looked too much like a proggie written with VB 3.0.
I think it is way too over-rated. It misses scans and broadcasts that Norton Internet Security gets every time.

------------------
Your just jealous because the voices talk to ME.

[Xayd]

I'm just inherently mistrusting of Norton products I guess, since that virus we got back at that ISP I worked for that caused Norton 2000 to quarantine Rundll32 for us. Was days of work putting about 5 or 6 NT workstations back together and getting them configured again.

Xayd

[Misdiagnosed]

The Norton Internet security kernal was aquired from another company that went out of buisness. Someone else may remember the particulars. That is why it is so much better than Nortons other products.
Norton Utilities is junk, NAV misses infectants and and will no doubt give you the option of quarenteening a system file, which is the fastest way to a crash I know of. NAV, and all other AV programs, if they can't clean a system file, they should advise you that it is a system file that is infected, and give you proper method for fix.
I only use NAV for it's convienient updates. That may be a mistake.

------------------
Your just jealous because the voices talk to ME.

[Xayd]

Yeah, you're probably right ya know.

Software with alot of functionality is great, I like software with lots of bells and whistles.

On the other hand, software with lots of bells and whistles in the hands of a user who barely knows how to double click is a Tech Support Nightmare.

NAV 2000 was just that. Not only did it give us fits (grumbles sales reps...) but caused quite a bit of a ruckuss with customers as well, since they call their ISP for anything they don't want to pay Microsoft for...

The old acronym does hold true in most cases, though....

Problem
Exists
Between
Keyboard
And
Chair

Xayd

[glc]

The best Trojan scanner and cleaner I have found is The Cleaner from http://www.moosoft.com

*NO* antivirus program is really very effective at sniffing out trojans because they were not designed for that particular job.