Ginger5
Premium
join:2002-03-24
Madison, WI
 ·Charter Pipeline
|  Virus/Trojan Help Needed
A friend using software EAnthony, a spyware and virus tool I'm told, returned "QO WebDL", and offered to "clean it". After this, the "trojan.yab.20" was removed. However, still shows the following trojans:
trojan.ie.start;
trojan.yab.20;
trojan.apex.10
OS: Win98
Connection: dial up
AV: NAV 2002, dB definitions updated
Moosoft and NAV show he's clean.
Suggestions?
Much thanks in advance 
--
We tweak it because it's there. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Only to tell you that there are trojans out there by that name.
Suggesting to you also that if all this is on a friends machine..that this forum is open to everyone even that friend..if and he/she thinks they are infected..it would be much easier to help if they posted..so you do not have to remote control. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC | reply to Ginger5
Troj/WebDL
»www.sophos.com/virusinfo/analyse···ecs.html
Trojan:
Server name
WebDL.exe |
|
Ginger5
Premium
join:2002-03-24
Madison, WI
·Charter Pipeline
| Time out, thank you very kindly. I will suggest he do just that. I'll encourage him to participate in broadband.
Sincerely,
Ginger
--
We tweak it because it's there.
PS: I do not have remote control, nor do I wish remote control. Nonetheless, I've encouraged his security questions in this forum.
[text was edited by author 2002-09-13 02:34:58] |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Ginger5
Probably a good idea..I have never heard of EAnthony software..it appears no one else has or they would have posted..I have no idea if your friends system is clean..but obvious they are not sure either. They do not have to join..as you know anyone can post in the forum. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Name Game. This the company that has the flashing red "button" with a stop sign on a pop-up to lure customers to their site. There have been some excellent discussions on Stop Sign by Eanthology over at GRC discussions
»www.www.grc.com/discussions.htm
See the Spyware threads in August and you will see a discussion with a representative of that company and some valid questions about their marketing practices and services. The service tends to be known for many "false positives" that many feel dupe their customers into believing they are infected and need to buy this company's service.
Check it out...I'd like to see your opinion on Stop Sign from Eanthology.
Edit: correct typos Add link to Stop Sign
»www6.buttonware.net/dlp_def/dlp_···m=notags)
[text was edited by author 2002-09-13 08:17:24] |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Ginger5
Thanks, Jane..I know all about them..and others...also feel that this could be a false positive...but not going to second guess anything..not even EAnthony for Eanthology.
Although I was sure that is what it meant and another reason to have the individual come here in "real time". That way he and then others would get benefit out of the tread.
My opinion of the latter ?????...people are always looking for a another proggie beside what they do have..in this forum we find people running 2 or three AV's at the same time just to be sure..they get daily on line scans...they set all their scan engines to real time as the surf the net..then at night they set one of those to Scan all 1,000,0000 files they have and it all takes 20 min to 2hours.
Now we have people running multiple firewalls.
I will not be using anything from Eanthology..but I will be glad to help someone sort out if they have any bad boys running on their system.
Regards, John |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| quote:
not even EAnthony for Eanthology.
Ah! Guess I picked up on the "Stop Sign" rather than EAnthony. Thanks for your comment.
P.S. Love the new avatar...my Dad was a football referee -Time Out's well known to me! 
--
It takes a disaster to make a woman out of a female
[text was edited by author 2002-09-13 09:40:24]
[text was edited by author 2002-09-13 09:43:42] |
|
Ginger5
Premium
join:2002-03-24
Madison, WI | reply to Name Game
Much appreciated. I haven't used/heard of EAnthony either.
No matter. Your expertise is most sincerely appreciated.
Thank you.
--
We tweak it because it's there. |
|
Quantic
@eacceleration.com
| reply to Ginger5
Stop-Sign is a product contained within a suite named eAnthology.
Stop-Sign itself is a virus scanner coupled with the ability to detect spyware. It can, and will remove any virus you may have, either with its internal cleaner, or with the help of their support guys.
I had a couple viruses and they cleaned my system up pretty good. Although I had to ask for help a couple times, they came through in helping me remove gator, and some trojans I had. |
|
Ginger5
Premium
join:2002-03-24
Madison, WI
·Charter Pipeline
| Thanks, Quantic.
He's a young lad with a frequent history of worms/viruses -- norty fellow.
Haven't heard from him in a bit; so he must be ok
--
We tweak it because it's there. |
|
Ryan
Premium
join:2001-03-03
Attleboro, MA
| reply to Ginger5
Im seriously wondering what this product is up too. NO OTHER VIRUS SCAN picks up what it picks up and it seems to pick up stuff on a clean install. I guess according to this program every windows cd is infected with trojans. DO NOT TRUST THIS PRODUCT! |
|
guycad$
In Search Of Free Speech
Premium
join:2002-05-02
Pompton Lakes, NJ
| reply to Ginger5
said by Ginger5  :
A friend using software EAnthony, a spyware and virus tool I'm told, returned "QO WebDL", and offered to "clean it". After this, the "trojan.yab.20" was removed. However, still shows the following trojans:
trojan.ie.start;
trojan.yab.20;
trojan.apex.10
I asked here about eAnthology as well. My (sole) experience with it so far is uniformly negative. Each component seems to be in constant communication over the internet. Part of the suite includes a virus mail sensor. I get real nervous about any program which processes mail and communicates over the internet before, at the same time, and after.
This is addition to not detecting the win32.kazaa.benjamin virus.
[shrug] YMMV |
|
kcazzie
One Of Jerry's Kids
Premium
join:2000-08-13
Morton Grove, IL | reply to Ginger5
I remember there was a post about this , just the other day...Here's the link... »eAnthology |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC |  reply to Ginger5
Well..that's it..guess I can sell my stock in Eanthology real quick . |
|
Ryan
Premium
join:2001-03-03
Attleboro, MA | reply to Ginger5
do any trojan scanners even pick up what this thing picks up? |
|
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| said by Ryan :
do any trojan scanners even pick up what this thing picks up?
TrojanHunter doesn't have those listed in its detected trojans. Ginger said NAV and Moosoft (The Cleaner) detected nothing. Maybe someone here who owns TDS-3 or KAV can check their database: but I doubt it, at this point -- really sounds flaky to me.
EDIT: I went to Kaspersky Labs and did a search on the following, and got no hits:
trojan.ie.start;
trojan.yab.20;
trojan.apex.10
No hits on Google either: do these trojans actually exist, or what? :)
[text was edited by author 2002-09-23 20:09:06] |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
|  reply to Ginger5
Well guys..there is an "ie start" I think its a virus/worm....there is a YAB and also APEX. I will post them if you can not find them..it is one of those "let's use our own name things"...they all do it..but seem these guys have it down to a science. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Ginger5
Yet Another Binder 2.01
Description:Yet Another Binder (YAB) is a powerful multi-featured file binding tool that can be used to distribute a number of files to a target system very discretely.
Up to 50 commands
Compatible with Windows 9x/NT/ME/2K/XP. (Untested on 95, NT and ME)
Up to 100MB of files can be bound in total. Each file can be up to 10MB in size
File Extraction, Execution, Deletion all supported
Random characters in filenames (by using wild cards)
Fake (customizable) message box.
Custom icon for output file.
Built in icon library.
Melt stub on execution.
Much, much, more! |
|
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| reply to Ginger5
I found this at Symantec, which I'm unsure is the same thing referred to here (not much info):
DSME.Apex.2893
»securityresponse.symantec.com/av···082.html
I also found this at Sophos:
Sophos virus analysis: Joke/Apex-A
»www.sophos.com/virusinfo/analyse···exa.html
As a final step, I sent an IM to IGGY who runs TDS-3 on his system, to check his database for these trojans and post here if he finds anything. :)
[text was edited by author 2002-09-23 22:25:11] |
|
