[thelist] Virus/Trojan what next...
Liam Delahunty
ldelahunty at britstream.com
Tue Apr 30 10:37:00 CDT 2002
Despite running Inoculate it on this work computer and updating the virus
records daily I just ran a scan and discovered:
Scanning file(s)...
C:\WINDOWS\SYSTEM\qxpyhs.ohs - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\dadw.qwc - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\xnjumlse.xdr - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\kowtvp.gvs - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\eccrqf.vbd - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\qbwbdhkv.vus - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\lndaywb.bgj - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\xpqxh.aos - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\rcvv.dpf - Win32.SubSeven.22.plug trojan. Deleted.
C:\WINDOWS\SYSTEM\fejumts.pgf - Win32.SubSeven.22.plug trojan. Deleted.
The scan is still in progress so there may be more...
Anyway, this is a Back Orifice type trojan. I do run Zone Alarm and reject
all requests to access the internet by programmes and stop outside computers
getting in. So, what action do I take next, am I safe from snooping because
of the firewall? Or do I have to change things like my password-safe key,
and do I need to change my PGP private keys?
Kind regards,
Liam
More information about the thelist
mailing list