I know no one program offers complete protection against malware, but I
thought Super Anti Spyware was one of the more effective programs.
AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran SAS,
Spybot S&D and Adaware.
The results:
SAS found tracking cookies only.
S&D found CyberDefender in the registry.
Adaware found nothing.
Is this a particularly difficult Trojan to detect?
Cheers,
Rusty
Rusty wrote:
> I know no one program offers complete protection against malware, but I
> thought Super Anti Spyware was one of the more effective programs.
>
> AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran SAS,
> Spybot S&D and Adaware.
>
> The results:
> SAS found tracking cookies only.
> S&D found CyberDefender in the registry.
> Adaware found nothing.
>
> Is this a particularly difficult Trojan to detect?
>
> Cheers,
> Rusty
Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
your system? Can you post the scan long here and send me the files to
samples AT superantispyware.com?
They may simply be "traces" that are not specifically harmful - if they
are actual files, I will update our definitions to handle them
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1167622993.918052.59810@k21g2000cwa.googlegro ups.com...
>
> Rusty wrote:
>> I know no one program offers complete protection against malware, but I
>> thought Super Anti Spyware was one of the more effective programs.
>>
>> AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran
>> SAS,
>> Spybot S&D and Adaware.
>>
>> The results:
>> SAS found tracking cookies only.
>> S&D found CyberDefender in the registry.
>> Adaware found nothing.
>>
>> Is this a particularly difficult Trojan to detect?
>>
>> Cheers,
>> Rusty
>
> Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
> your system? Can you post the scan long here and send me the files to
> samples AT superantispyware.com?
>
> They may simply be "traces" that are not specifically harmful - if they
> are actual files, I will update our definitions to handle them
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com
>
- <rec time="2007/01/01 06:59:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:902-901;iavi:621-620;</attr>
</rec>
- <rec time="2007/01/01 11:00:03" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/01/01 11:16:29" user="SYSTEM" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\TweakNow RegCleaner
Std\RegCleaner.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot2.OUW</attr>
- <rec time="2007/01/01 12:07:51" user="Ken" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\TweakNow RegCleaner
Std\RegCleaner.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/01/01 12:55:55" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">1</attr>
</rec>
- <rec time="2007/01/01 12:55:57" user="SYSTEM" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\TweakNow RegCleaner
Std\RegCleaner.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
</history>
Rusty wrote:
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167622993.918052.59810@k21g2000cwa.googlegro ups.com...
> >
> > Rusty wrote:
> >> I know no one program offers complete protection against malware, but I
> >> thought Super Anti Spyware was one of the more effective programs.
> >>
> >> AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran
> >> SAS,
> >> Spybot S&D and Adaware.
> >>
> >> The results:
> >> SAS found tracking cookies only.
> >> S&D found CyberDefender in the registry.
> >> Adaware found nothing.
> >>
> >> Is this a particularly difficult Trojan to detect?
> >>
> >> Cheers,
> >> Rusty
> >
> > Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
> > your system? Can you post the scan long here and send me the files to
> > samples AT superantispyware.com?
> >
> > They may simply be "traces" that are not specifically harmful - if they
> > are actual files, I will update our definitions to handle them
> >
> > Nick Skrepetos
> > SUPERAntiSpyware.com
> > http://www.superantispyware.com
> >
> - <rec time="2007/01/01 06:59:42" user="SYSTEM" source="Update">
> <value>@HL_UpdateOK</value>
> <attr name="version">avi:902-901;iavi:621-620;</attr>
> </rec>
> - <rec time="2007/01/01 11:00:03" user="SYSTEM" source="General">
> <value>@HL_TestStarted</value>
> <attr name="testname">@TestName_02</attr>
> </rec>
> - <rec time="2007/01/01 11:16:29" user="SYSTEM" source="Virus">
> <value>@HL_ReportFind</value>
> <attr name="where">C:\Program Files\TweakNow RegCleaner
> Std\RegCleaner.exe</attr>
> <attr name="type">@EID_Id_trj</attr>
> <attr name="what">IRC/BackDoor.SdBot2.OUW</attr>
> - <rec time="2007/01/01 12:07:51" user="Ken" source="Virus">
> <value>@HL_ActionTaken</value>
> <attr name="filename">C:\Program Files\TweakNow RegCleaner
> Std\RegCleaner.exe</attr>
> <attr name="action">@HL_ActCleaned</attr>
> </rec>
> - <rec time="2007/01/01 12:55:55" user="SYSTEM" source="General">
> <value>@HL_TestEnded</value>
> <attr name="testname">@TestName_02</attr>
> <attr name="infectedfiles">1</attr>
> </rec>
> - <rec time="2007/01/01 12:55:57" user="SYSTEM" source="Virus">
> <value>@HL_ActionTaken</value>
> <attr name="filename">C:\Program Files\TweakNow RegCleaner
> Std\RegCleaner.exe</attr>
> <attr name="action">@HL_ActCleaned</attr>
> </rec>
> </history>
So it detected the TweakNow Registry Cleaner as
"IRC/BackDoor.SdBot2.OUW"? If that's really the case, that's a false
positive on AVG's part.
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1167629901.160710.246330@48g2000cwx.googlegro ups.com...
>
> Rusty wrote:
>> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
>> news:1167622993.918052.59810@k21g2000cwa.googlegro ups.com...
>> >
>> > Rusty wrote:
>> >> I know no one program offers complete protection against malware, but
>> >> I
>> >> thought Super Anti Spyware was one of the more effective programs.
>> >>
>> >> AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran
>> >> SAS,
>> >> Spybot S&D and Adaware.
>> >>
>> >> The results:
>> >> SAS found tracking cookies only.
>> >> S&D found CyberDefender in the registry.
>> >> Adaware found nothing.
>> >>
>> >> Is this a particularly difficult Trojan to detect?
>> >>
>> >> Cheers,
>> >> Rusty
>> >
>> > Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
>> > your system? Can you post the scan long here and send me the files to
>> > samples AT superantispyware.com?
>> >
>> > They may simply be "traces" that are not specifically harmful - if they
>> > are actual files, I will update our definitions to handle them
>> >
>> > Nick Skrepetos
>> > SUPERAntiSpyware.com
>> > http://www.superantispyware.com
>> >
>> - <rec time="2007/01/01 06:59:42" user="SYSTEM" source="Update">
>> <value>@HL_UpdateOK</value>
>> <attr name="version">avi:902-901;iavi:621-620;</attr>
>> </rec>
>> - <rec time="2007/01/01 11:00:03" user="SYSTEM" source="General">
>> <value>@HL_TestStarted</value>
>> <attr name="testname">@TestName_02</attr>
>> </rec>
>> - <rec time="2007/01/01 11:16:29" user="SYSTEM" source="Virus">
>> <value>@HL_ReportFind</value>
>> <attr name="where">C:\Program Files\TweakNow RegCleaner
>> Std\RegCleaner.exe</attr>
>> <attr name="type">@EID_Id_trj</attr>
>> <attr name="what">IRC/BackDoor.SdBot2.OUW</attr>
>> - <rec time="2007/01/01 12:07:51" user="Ken" source="Virus">
>> <value>@HL_ActionTaken</value>
>> <attr name="filename">C:\Program Files\TweakNow RegCleaner
>> Std\RegCleaner.exe</attr>
>> <attr name="action">@HL_ActCleaned</attr>
>> </rec>
>> - <rec time="2007/01/01 12:55:55" user="SYSTEM" source="General">
>> <value>@HL_TestEnded</value>
>> <attr name="testname">@TestName_02</attr>
>> <attr name="infectedfiles">1</attr>
>> </rec>
>> - <rec time="2007/01/01 12:55:57" user="SYSTEM" source="Virus">
>> <value>@HL_ActionTaken</value>
>> <attr name="filename">C:\Program Files\TweakNow RegCleaner
>> Std\RegCleaner.exe</attr>
>> <attr name="action">@HL_ActCleaned</attr>
>> </rec>
>> </history>
>
> So it detected the TweakNow Registry Cleaner as
> "IRC/BackDoor.SdBot2.OUW"? If that's really the case, that's a false
> positive on AVG's part.
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com
>
Thanks Nick for the prompt service!
Much appreciated.
Rusty
Rusty wrote:
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167629901.160710.246330@48g2000cwx.googlegro ups.com...
>> Rusty wrote:
>>> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
>>> news:1167622993.918052.59810@k21g2000cwa.googlegro ups.com...
>>>> Rusty wrote:
>>>>> I know no one program offers complete protection against malware, but
>>>>> I
>>>>> thought Super Anti Spyware was one of the more effective programs.
>>>>>
>>>>> AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran
>>>>> SAS,
>>>>> Spybot S&D and Adaware.
>>>>>
>>>>> The results:
>>>>> SAS found tracking cookies only.
>>>>> S&D found CyberDefender in the registry.
>>>>> Adaware found nothing.
>>>>>
>>>>> Is this a particularly difficult Trojan to detect?
>>>>>
>>>>> Cheers,
>>>>> Rusty
>>>> Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
>>>> your system? Can you post the scan long here and send me the files to
>>>> samples AT superantispyware.com?
>>>>
>>>> They may simply be "traces" that are not specifically harmful - if they
>>>> are actual files, I will update our definitions to handle them
>>>>
>>>> Nick Skrepetos
>>>> SUPERAntiSpyware.com
>>>> http://www.superantispyware.com
>>>>
>>> - <rec time="2007/01/01 06:59:42" user="SYSTEM" source="Update">
>>> <value>@HL_UpdateOK</value>
>>> <attr name="version">avi:902-901;iavi:621-620;</attr>
>>> </rec>
>>> - <rec time="2007/01/01 11:00:03" user="SYSTEM" source="General">
>>> <value>@HL_TestStarted</value>
>>> <attr name="testname">@TestName_02</attr>
>>> </rec>
>>> - <rec time="2007/01/01 11:16:29" user="SYSTEM" source="Virus">
>>> <value>@HL_ReportFind</value>
>>> <attr name="where">C:\Program Files\TweakNow RegCleaner
>>> Std\RegCleaner.exe</attr>
>>> <attr name="type">@EID_Id_trj</attr>
>>> <attr name="what">IRC/BackDoor.SdBot2.OUW</attr>
>>> - <rec time="2007/01/01 12:07:51" user="Ken" source="Virus">
>>> <value>@HL_ActionTaken</value>
>>> <attr name="filename">C:\Program Files\TweakNow RegCleaner
>>> Std\RegCleaner.exe</attr>
>>> <attr name="action">@HL_ActCleaned</attr>
>>> </rec>
>>> - <rec time="2007/01/01 12:55:55" user="SYSTEM" source="General">
>>> <value>@HL_TestEnded</value>
>>> <attr name="testname">@TestName_02</attr>
>>> <attr name="infectedfiles">1</attr>
>>> </rec>
>>> - <rec time="2007/01/01 12:55:57" user="SYSTEM" source="Virus">
>>> <value>@HL_ActionTaken</value>
>>> <attr name="filename">C:\Program Files\TweakNow RegCleaner
>>> Std\RegCleaner.exe</attr>
>>> <attr name="action">@HL_ActCleaned</attr>
>>> </rec>
>>> </history>
>> So it detected the TweakNow Registry Cleaner as
>> "IRC/BackDoor.SdBot2.OUW"? If that's really the case, that's a false
>> positive on AVG's part.
>>
>> Nick Skrepetos
>> SUPERAntiSpyware.com
>> http://www.superantispyware.com
>>
>
> Thanks Nick for the prompt service!
>
> Much appreciated.
>
> Rusty
>
>
I looked on <http://free.grisoft.com/doc/virbase/lng/us/tpl/v5> and I
didn't find that virus name, so maybe it is a new variant??
But you might submit the file to
<http://www.virustotal.com/en/indexf.html> and see what the results are
from multiple vendors AV software
If it does appear to be a false positive please let Grisoft know so they
can adjust their definitions
John
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote