MWAV cant detect the spyware SMITFRAUD

Moderators: Divesh, Gurdip Singh

MWAV cant detect the spyware SMITFRAUD

Postby cmora » Fri Feb 01, 2008 3:12 am

Hi.

The laptop of a client was displaying too many messages related with NetSky infection, and a "Microsoft Security Alert" providing info related with a computer infection, and try to open a web named safenavweb.com.

i check the laptop wih the latest mwav, under windows safe mode, without network and with the system restore disabled.

Mwav detect too many addware, trojans, and registry failtures, but when restart in normal mode, the message related with netsky continue appearing.

I search in the spyware forums, and found information related with a trojan Named SMITFRAUD, so i search and download a tool named SmitfraudFix.zip.

After to check the system with that tool, the problem was solved correctly.

Now the client are asking me why The latest MWAV version was fail. He use AV 9.0.721.1 in all the network, and need to know if this trojan are present in the LAN.

What can i do in that cases?

Thanks in advance
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Postby Varghese » Fri Feb 01, 2008 5:45 pm

Hi,

Please Post your latest Logs of MWAV here or send it as an attachement to mathew@mwti.net at the earliest.

Also send MWAVC.log from your %temp% folder.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Postby cmora » Thu Mar 06, 2008 1:12 am

Hi.

I have again problems with the SMITFRAUD Trojan. I install the latest AV (799), latest mwav and cant remove the trojan

This is the logs

http://www.jconsultores.com/mwti/forums-mwti/MWAV.LOG

http://www.jconsultores.com/mwti/forums-mwti/MWAVC.LOG

This is the log of the tool used to removed the trojan

http://www.jconsultores.com/mwti/forums ... apport.txt

So, why escan continue without detect thats trojan?

thanks in advance
“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Re:

Postby Varghese » Fri Mar 07, 2008 5:26 pm

Hi,

If you could send us a file pinfect.zip from the infected system the infections can be added to our updates and this should resolve the problem. This is a password protected zipped files which stores the possible new infections on your system.

The default path of the file pinfect.zip is :

c:\progra~1\escan\infected\pinfect.zip
In My Documents.
%temp% folder.

:)
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Postby cmora » Sat Mar 08, 2008 4:27 am

“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Detection Added

Postby Varghese » Mon Mar 10, 2008 1:00 pm

Hello Cmora,

New malicious code was found in the uploaded file pinfect.zip. Its detection will be added in the next updates.

fqspogw.exe - not-a-virus:AdWare.Win32.Vapsup.cds
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai


Return to Virus-related Issues

Who is online

Users browsing this forum: No registered users and 1 guest

cron