Friday, May 20, 2011

bench3

Spyware Win32 WebHancer.A Found In Scrnpix.Zip File

A Trojan "WebHancer.A" created Registry Items for file sharing, CSS file associations allowing files to be opened, Shell Extensions and downloaded DLL's and "EXE's" as "UserSoftware" (with innocent looking names like "rcbdyctl.dll","SNDVOL32.EXE" , "msoobe.exe and "ntbackup.exe").

The 2 open ports were 80 and 25 which weren't picked up by GRC scanners because MS makes the assumption that we want to keep the bad guys out so only monitors incoming traffic.

The High issue was "Spyware:Win32 /WebHancer.A" found in a zip file called "scrnpix.zip". Please note that System Restore was turned off all the time that this problem existed so any reinfection did not come from a stealthed virus or Trojan. MS Scan Tools has been able to deal with the Registry Entries but not couldn't clean scrnpix.zip or make recommendations about the two open ports.

Also that the DLL and EXE files *may* have been opening other ports for brief periods of time but I don't know sufficient about the syntax of Registry Entries to comment further.

There are 7 ways to identify if your computer is infected with malicious software. Not all the sever will suit at one time. But if you experience any of these seven habits on your system, then chances are there for your computer to be affected with spyware or malware or even with some virus. Read more: http://www.bench3.com/2011/05/7-reasons-to-say-that-your-computer-is.html

bench3

About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :