Trojan Missed by Super Anti Spyware

Discussion in 'Spyware' started by Rusty, Jan 1, 2007.

  1. Rusty

    Rusty Guest

    I know no one program offers complete protection against malware, but I
    thought Super Anti Spyware was one of the more effective programs.

    AVG detected the Trojan IRC/BackDoor.SdBot2.OUW. Before healing I ran SAS,
    Spybot S&D and Adaware.

    The results:
    SAS found tracking cookies only.
    S&D found CyberDefender in the registry.
    Adaware found nothing.

    Is this a particularly difficult Trojan to detect?

    Cheers,
    Rusty
     
    Rusty, Jan 1, 2007
    #1
    1. Advertisements

  2. Rusty - what EXACTLY (files, registry entries, etc.) did AVG find on
    your system? Can you post the scan long here and send me the files to
    samples AT superantispyware.com?

    They may simply be "traces" that are not specifically harmful - if they
    are actual files, I will update our definitions to handle them :)

    Nick Skrepetos
    SUPERAntiSpyware.com
    http://www.superantispyware.com
     
    Nick Skrepetos, Jan 1, 2007
    #2
    1. Advertisements

  3. Rusty

    Rusty Guest

    - <rec time="2007/01/01 06:59:42" user="SYSTEM" source="Update">
    <value>@HL_UpdateOK</value>
    <attr name="version">avi:902-901;iavi:621-620;</attr>
    </rec>
    - <rec time="2007/01/01 11:00:03" user="SYSTEM" source="General">
    <value>@HL_TestStarted</value>
    <attr name="testname">@TestName_02</attr>
    </rec>
    - <rec time="2007/01/01 11:16:29" user="SYSTEM" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Program Files\TweakNow RegCleaner
    Std\RegCleaner.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">IRC/BackDoor.SdBot2.OUW</attr>
    - <rec time="2007/01/01 12:07:51" user="Ken" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Program Files\TweakNow RegCleaner
    Std\RegCleaner.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    - <rec time="2007/01/01 12:55:55" user="SYSTEM" source="General">
    <value>@HL_TestEnded</value>
    <attr name="testname">@TestName_02</attr>
    <attr name="infectedfiles">1</attr>
    </rec>
    - <rec time="2007/01/01 12:55:57" user="SYSTEM" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Program Files\TweakNow RegCleaner
    Std\RegCleaner.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    </history>
     
    Rusty, Jan 1, 2007
    #3
  4. So it detected the TweakNow Registry Cleaner as
    "IRC/BackDoor.SdBot2.OUW"? If that's really the case, that's a false
    positive on AVG's part.

    Nick Skrepetos
    SUPERAntiSpyware.com
    http://www.superantispyware.com
     
    Nick Skrepetos, Jan 1, 2007
    #4
  5. Rusty

    Rusty Guest

    Thanks Nick for the prompt service!

    Much appreciated.

    Rusty
     
    Rusty, Jan 1, 2007
    #5
  6. I looked on <http://free.grisoft.com/doc/virbase/lng/us/tpl/v5> and I
    didn't find that virus name, so maybe it is a new variant??

    But you might submit the file to
    <http://www.virustotal.com/en/indexf.html> and see what the results are
    from multiple vendors AV software

    If it does appear to be a false positive please let Grisoft know so they
    can adjust their definitions


    John
     
    John Mason Jr, Jan 1, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.