My Trojan Killer scan last night found 6 trojans missed by Norton Internet Security, Malwarebytes..
They are all paid versions I bought since my horrible browser hijacking in Feb 2014 on my new computer.
I run Trojan Killer each evening, and very glad I did.
Norton is notoriously bad with trojans, but I was surprised that Malwarebytes missed them.
They were Trojan.U.Gamburl and Trojan.U.BlacolerRef
I looked them up and they can come from a legitimate website.
Were seeing plenty of reports for a JavaScript redirector malware family that we call Gamburl; previous reports have called it Gumblar or Redir.
These attacks seem to be coming from legitimate Web sites with pages that have been modified to contain this malicious script. So even if youre visiting a Web site that you trust, theres still the possibility that you may be a victim of these so-called drive-by attacks.
When a user visits a site containing a Gamburl script, the browser will be redirected to a specific Web site that contains a slew of exploits and other malware. As of this writing, Gamburl is known to redirect to the following Web sites:
gumblar.cn
martuz .cn
Once connected to the above sites, Gamburl tries to download other malware into the system. From what we have observed, these malware are mostly backdoors, PDF and Shockwave exploits. However, some of the observed downloaded malware are variants of the Win32/Daonol family. Examples of MD5 of Daonol seen are 7de29e5e10adc5d90296785c89aeabce and 2131112053ed144c46277b9024bcf39f. Daonol trojans are capable of preventing access to security Web sites, and redirecting searches to sites hosting other malware. Daonol is also capable of stealing information, such as FTP credentials, and placing the information in a file in the Windows system folder called sqlsodbc.chm. Note that a file named sqlsodbc.chm exists by default when you install Windows, and so is overwritten if your system has been infected by Daonol. This may be a symptom of Gamburl/Daonol infection. In case you suspect infection, you might want to check the list of some the unique hashes and file size of a clean sqlsodbc.chm.
http://blogs.technet.com/b/mmpc/archive/2009/05/27/gamburl-gone-wild.aspx
hobbit709
(41,694 posts)Since then about half the infected computers brought in have Norton on them and about a third more have MacAfee.
Malwarebytes has never failed to detect anything trying to get in on my systems, it immediately blocks a website with anything malicious on it.
About once a month I use various boot disk scanners like Kapersky.
hobbit709
(41,694 posts)2 False positives: It claimed both my Revouninstaller and my TrayPlay were malware.
found 4 PUPS that were already blocked by Malwarebytes.
madfloridian
(88,117 posts)Norton and Trojan Killer are no good...is that what you are saying?
Okay. Not gonna argue. Not worth it.
hobbit709
(41,694 posts)Trojan Killer found false positives-just about all security software will find at least one. It's just that TK was the first to ever identify those two programs on my system as malware.
madfloridian
(88,117 posts)I posted this because it alarmed me that older trojans slipped through like this. They were not quarantined by Norton or Malwarebytes which really concerns me a lot.
I hope you find programs you like. I was once told Trojan Killer was no good, but it has bailed me out of problems several times now. Norton is good in many ways, has found things others did not find. But it is lacking in finding trojans.
Malwarebytes usually does a good job. However I checked out the quarantine there, and those files were not listed.
I posted because it might cause others to be aware those trojans are still around and still slipping through security.
Somehow Norton NIS continues to be in the top 10 and often top 5 so someone thinks it does something right.
Historic NY
(37,449 posts)I regularly use Webroot...my employer has a modified version of AVG it runs scan twice one after the other. I gave up on a lot of other stuff but I do keep Spybot (free) as a backup. The combination seems to work well, even IT was amazed. I'm hoping a new system and computer comes in next month cause Windows XP-Pro is stressing me out.
I never like Norton even AVG lets lots of stuff slip by.
madfloridian
(88,117 posts)It finds stuff even after other scans are run. I think Norton's research allows it to find things others haven't found before. But it is very weak on trojans.
Go Vols
(5,902 posts)until I read the part about "find and remove".
If you have any cracks,keygens,patches,ect. it would prolly remove them,is there a choice to leave/restore?
madfloridian
(88,117 posts)So that's a good thing.