Trojan Attack!

Discussion in 'Trading Software' started by Option_Attack, Jun 27, 2003.

  1. This may be of interest because my main trading computer was just attacked with the backdoor trojan "Backdoor.Dvldr". Here it is at Symantec:

    It's my own fault, but it was surprising how fast it happened. Day before yesterday I re-installed Win2000 (w/complete format). The only thing I had on the machine was IB TWS, Outlook, and Visual Studios - stuff I have had forever with no problems. I also installed W2k SP3 from the MSFT update site. Like a dumbass I didn't update Norton AV and install the firewall. I still don't know where I got the trojan, unless it could have been from my unprotected ports? I haven't opened any mail attachments.

    Anyway, I knew something was up when a window popped up asking to configure WINVNC, which is a remote desktop control program. I have never used it. The good news is that I don't think they got a look at my passwords but I'll change 'em all anyway. I ran Norton AV with Live Update and it found all the files.

    Also, soon after I re-installed my system I got one of those annoying messenger pop-up ads. I thought they were harmless and I disabled the Messenger services from starting. But it was strange as I haven't been bothered with those.

    Live and learn...
  2. how did you disable the messenger services?
  3. For Win2k click on: Control Panel, Admin Tools, Services - then highlight the Messenger service and right-click and select "Properties" then set it to "Disabled".

    Note also that Norton found 26 infected files with a nice little package of backdoor goodies like "Litmus" and "Sdbot".

    I'm trying to find out where all this sh*t came from. I only had about three apps on this machine that didn't come with it 2 years ago. I'm also going to reformat (again!) and put Norton on first thing and keep it running. Then I can see if what I put on is the trouble. This sux...
  4. Option Attack,
    Maybe after re-installing Win2K, your browser (IE) option set up was back to default? In your IE browser, Tools/Internet options/Advanced, in the Browsing section, was the Enable Install On Demand checked? I uncheck that one, so any software installation requested by the webpage go thru' me (with a pop up request for instalation), and are not done automatically.

    Cheers!! :)
  5. After you get the firewall up and running, it should shut down "many" of the prone ports. Get that firewall up, asap. Once up, test it WELL before the market opens, and be sure that you wind up any sensitive open positions (you don't want to find out that you're firewall caused a conflict with you execution platform).

    As far as pop up ads, some of them will install programs on your PC, and they can be a real PIA to get rid of. I had one on workstation and had to go into the registry to get rid of it. CHeck out some of these links, they'll help you:

    Checks registry, and really cleans out the PC:

    Stops most popup ads: (the best money you'll ever spend, the noise it makes is great too!)

    Finally, make sure that you're hard drives are not shared. Learn from my mistakes, I battled with the same for a while.

    Let us know how you make out.
  6. i have used both AdAware & Spybot. Spybot seems very good, free, frequent updates...

    a few times i tested one against the other, Spybot seemed to pick up more junk (maybe) so now i run spybot exclusively..

    edit: the latest version of AdAware found a an evil file that Spybot missed. AdAware rules!


    Try this program on for size for reclaiming LOTS of disk space, removing unused files (go to wash options to clean "slack space" too, and dont forget to add "bleach" to the wash), not free but a 30 day free trial .. you be amazed at how much extra space you recover. program is ROCK SOLID too. :)

    And finally,

    Here's a great one for the registry. I've used it many times without a single problem (as you know reg fiddling may get you into trouble)...not free but 30 day trial.
  7. I think Windows 2000 comes with IIS enabled by default, and there have been a number of holes in it. SP4 is available on CD now, and firewall-less folks ought to install it before putting the system on the big bad Internet...
  8. nkhoi

    nkhoi Moderator

    I got nasty pop up from odysseymarketinggroup so I download and run ad-aware from it kill a bunch of them include trojan, save..etc. then I download spybot search & destroy and this kill even more of them, both are good product.
  9. funky


    you don't even need to spend money on that one. google toolbar now offers it on their beta version,

    i've also used this for about a year now, and its been great (its free, or at least i think it is, a quick check on their site looks like they are charging optionally now):
    #10     Jul 5, 2003