Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.VB.VZO

23 Jul 2009   #1
DJG

 
Trojan.VB.VZO

Anybody know anything about Trojan.VB.VZO? Couldn't get anything useful from Bing or Google other than a couple of "i seen it"s. It's suddenly now being flagged in an installation Zip archive for Next Up!'s Natural Voices' Audrey (yes, my car's MP3 player is a gorgeous British Lass, so sue me!). Thing is, Ive installed this from Winzip several times over many years. Only now I got a hit on a scan.

What is the potential damage? I guess I'm about to reload everything over again (except this!) .

My System SpecsSystem Spec
.

23 Jul 2009   #2

 

On the case with no solution yet. But I did find this one and thought it was "cute".

Trojan.VB.Zu blocks access to pornographic web pages based on the sites keywords. Upon visiting one of these sites, Internet Explorer is minimized and a message from the Koran is displayed.
My System SpecsSystem Spec
23 Jul 2009   #3

 

And, duh. If your scanner got a hit, your AV provider has a definition at their site.
My System SpecsSystem Spec
.


23 Jul 2009   #4

ultimate 64 sp1
 
 

hopefully a false positive as it comes from a commercial software company?

have you tried submitting zip file to any online scanners?

(sorry if i'm stating the obvious...)
My System SpecsSystem Spec
23 Jul 2009   #5
DJG

 

Quote   Quote: Originally Posted by Antman View Post
And, duh. If your scanner got a hit, your AV provider has a definition at their site.
And zero info other than "it's a trojan!" Gee, thanks! I did Bing & Google - got a hit for Trojan condoms!

Oh no! My porno life is ruined! OK, let me test that one out, see if it's a pseudonym.

Typically, while I understand the backdoor paradigm, how do they normally get activated and used? Is it mostly annoyanceware? I haven't had any unusual behavior, other than some BSODs attributable to shifting OC parameters in the hardware.

The firewall hasn't reported anything like "Trojan.VB.VZO is asking to trash your C: drive [DENY] [ALLOW]".

I always set my FW to no auto rules and no auto training. I get prompted 1st time for everything and it creates the rule based on my response.

I started to upload but it's a 654MB Zip archive, and I have 800Kbs upstream - would take forever ... I'm waiting to get a little more info if possible.
My System SpecsSystem Spec
23 Jul 2009   #6

 

Quote   Quote: Originally Posted by DJG View Post
I did Bing & Google...
I would not do that without a Trojan.

Quote   Quote: Originally Posted by DJG View Post
But I DO have one! HE-LLOOO! Read the title!
You are free to Bing & Google your brains out.
My System SpecsSystem Spec
23 Jul 2009   #7
DJG

 

But I DO have one! HE-LLOOO! Read the title!
My System SpecsSystem Spec
23 Jul 2009   #8
DJG

 

OK, I just rebooted from my 7232 install, which hasn't been up in a few days. Also I have an earlier beta of OSS. I immediately scanned the file and - no hit. So it's either new heuristics in the released version, or new def. I run the update cycle & re-scan- Bingo! Trojan hit.

I'm scratching my head. If it's a new ware, what's it doing in an old file? Maybe injected recently? It's a huge zip file, so probably tempting place to hide crappola in. I suppose they can do it without altering size & dates. The file is originally from 2005. I extracted from an image backup from 6/22 and it's there too.

Or maybe it's a false positive? I have installed this thing many times, several in the past three months . If it is indeed infected, wonder what it's doing? I hope they get really bored, fall asleep on the keyboard, hit the DEL key and delete their main data bank ...

OMG! Antman used a wormhole post!
My System SpecsSystem Spec
23 Jul 2009   #9

 

Quote   Quote: Originally Posted by DJG View Post
...OMG! Antman used a wormhole post!
I can find ref's to Trojan.Downloader.VB.VZO, circa 2005-2006. No good def's though.

At a minimum, write protect your compressed files. I find it odd that someting would inject a payload into a single archive. Transient malware. Hit one file and leave before detection, with the payload undetected? That is one clever worm.

Speaking of clever worms, I have a court date at 10 a.m.
My System SpecsSystem Spec
24 Jul 2009   #10
DJG

 

Well, I'm on a new fairly bare clean install. I think it may be a false positive. When I have time I'll ship it upstream to Agnitum and let them check it out. Now I'm re-installing and putting things back in order, again, minus the one. Sigh ...

OTOH, that install was an upgrade, so I don't feel as bad .

Thanks for the scouting. Have a fine day in court ...
My System SpecsSystem Spec
Reply

 Trojan.VB.VZO




Thread Tools



Similar help and support threads for2: Trojan.VB.VZO
Thread Forum
Solved Need some help got a trojan System Security
Is that a Trojan? System Security
trojan BSOD Help and Support
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro System Security
Solved Trojan, Please HELP!!! System Security
Trojan System Security
New trojan System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:08 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33