Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Loads of "Trojan Horse" detections

Status
Not open for further replies.
Vargar

Vargar

MIS
Apr 16, 2003
7
0
0
US
Since my clients either got on the 6/22 or 6/23 dat files, I have noticed a huge jump in detections on web sites. All it ever labels the threat as is "Trojan Horse".

Is anybody else seeing this? and do you know if Symantec has expanded their dat to look for new types of threats?

Thanks,
Ned
 
Sort by date Sort by votes
We have had a few pc's do the same thing here yesterday. Employees would visit certain web sites and an av warning would pop up. Could not clean, quarentee, delete etc.. After further search on symantec's site it mentioned there was nothing you could do to remeove this because the infection was at the site you visited. Funny thing was that I visited those sites via another pc and nothing happened. Might have been some faulty dat's or something. dunno
 
Upvote 0 Downvote
I was able to duplicate this issue by going to and clicking on the rebates center.

I'm still getting other users that are getting the same issues on other sites. It almost seems like SAV is picking up threats that it used to let go.


hmmmmm...
 
Upvote 0 Downvote
I found a story this morning on Foxnews that there's a new virus threat out that attacks IIS and tries to plant software on a users computer that visits an infected website. Haven't found anything beyond that story so far.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Thanks for the tip on Fox. I'll look around.
 
Upvote 0 Downvote
Its happening because of un-patched IIS5 machines which includes 2000 and XP pre SP2. Which have not installed this update
Its allow for an attacker to download files to the webserver, some IT admins are finding strange dlls on their servers located in \winnt\system32\inetsrv .

Within the dlls in some javascript which points to a russain site which is still known to be live at this time, it then downloads malware to the person computer this is why you are picking up an increase in trojan dections on your network.

Its only some sites this is happening on not all.

Heres a link to MS site about it:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
C-Ware Bundled on "ALL" Freeware Sites
Replies
6
Views
90
xit
xit
javierdlm001
  • Locked
  • Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
91
2ffat
2ffat
SantaMufasa
  • Locked
  • Question
How can I get rid of "PC Fix Speed", a particularly nasty PC malware infection. 2
Replies
18
Views
171
kjv1611
kjv1611
diogenes10
  • Locked
  • Question
anti virus-futher abusing "dead horse" topic-rising?
Replies
1
Views
73
kjv1611
kjv1611
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
110
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top