permaculture playing cards
The moose likes General Computing and the fly likes undetected virus Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » General Computing
Bookmark "undetected virus" Watch "undetected virus" New topic

undetected virus

Dirk Schreckmann

Joined: Dec 10, 2001
Posts: 7023
I'm pretty sure that I have one or two virus programs running on my computer. I believe that one does initialize during startup as I have seen a mysterious program icon appear on the main taskbar and in the taskbar tray. I'm quite familiar with controlling what programs run at startup (through start menu, registry run entries, and ini files) but I cannot figure out how this program is able to run and what exactly it's doing. Norton AntiVirus 2002 cannot find a virus or malicious script.
The icon and title that appear (only briefly) on the taskbar claims to be the SETI Spy program, but I know that it is not this program as I do not have it installed. The icon that has appeared one time (and only for ten seconds) in the taskbar tray was an icon that looks like the old speaker control icon found on default installations of Windows 95 and 98. The program name associate with this icon claimed to be mIRC. I do not have mIRC or any IRC program installed. The graphics for both of these icons were not of the same quality as the actual program and system icons and I find them to be highly suspect.
Also, about five times during the past 3 days, internet explorer windows start appearing at an uncontrolled rate in what would seem to be uncontrolled numbers. The only way I've been able to stop the windows from popping is by pressing ctrl+alt+delete and terminating all internet explorer processes.
Looking at the processes list (when pressing ctrl+alt+delete) doesn't reveal any programs that seem suspect or out of the ordinary.
ZoneAlarm doesn't report any blocked or attempted internet access or service.
This would seem to have all started when I was browsing the web a few days ago looking for security information related to blocking port trojans and loser script bunnies. I happened upon a site that tried to run some quesionable scripts and install a plug-in. I refused the plug-in and scripts and when I closed my browser window I found a program installation file (and exe) sitting on my desktop and a shortcut to it in my start menu. I deleted both files and didn't think to remember their names. Shortly thereafter, this suspicious activity began.
Has anybody else experienced anything like this?
[ August 28, 2002: Message edited by: Dirk Schreckmann ]

[How To Ask Good Questions] [JavaRanch FAQ Wiki] [JavaRanch Radio]
Randall Twede
Ranch Hand

Joined: Oct 21, 2000
Posts: 4351

all i can tell you is that many anti-virus programs cant find trojans. there is a free(or free trial) anti-trojan program i used once that found some that the anti-virus programs i tried had missed. i cant remember the name but a google search should turn it up(thats how i found it in the first place)

Visit my download page
sridhar satuloori
Ranch Hand

Joined: Nov 05, 2001
Posts: 144
Some of the anti-trozan applications they them selves creates a trozan becareful while chosing a trozan
Barry Gaunt
Ranch Hand

Joined: Aug 03, 2002
Posts: 7729
Dirk, set up ZoneAlarm to get every program that wants Internet access to ask for it. Refuse server access for everything too. Maybe you can trap it in that way.
Try a trial version of ZA Pro if there is one, maybe that can catch it.
I just noticed that Symantec list some very recently found backdoors on their web site.
Keep us informed, please.
-Good Luck
[ August 29, 2002: Message edited by: Barry Gaunt ]

Ask a Meaningful Question and HowToAskQuestionsOnJavaRanch
Getting someone to think and try something out is much more useful than just telling them the answer.
Dirk Schreckmann

Joined: Dec 10, 2001
Posts: 7023
I've had zone alarm protecting me for years (thanks zone alarm) and I've not noticed any unusual attempts to access the net (which does sort of diminish the possibility that this is a trojan).
I did discover an ad-ware program (WURL) on my system that did have an icon in one of its files that looked a bit like the seti@home icon. I removed it with ad-aware. Pretty sneaky that it was trying to pretend to be seti-spy.
I've scanned my system with two different trojan scanners and found nothing.
Since removing the WURL I haven't had a recurrance of the unlimited browsers popping up.
Thanks for the ideas, everyone.
I agree. Here's the link:
subject: undetected virus
It's not a secret anymore!