Reply

Join Date: May 2004
Posts: 16
Reputation: webtor is an unknown quantity at this point 
Solved Threads: 0
webtor webtor is offline Offline
Newbie Poster

Trojan: IRC/SdBot.AFN

 
0
  #1
May 30th, 2004
This is a moving target.

Have observed morphing.

SYS32 item that seemingly does not have
an identifiable fixtool that I can find with
my resources.

Have discovered a remedy that 'tricks' this
SYS32 problem with non-hacking.

Have yet to fully identify the original exposure
date of this critter.http://www.daniweb.com/techtalkforum...cons/icon4.gif

Feed back from within this domain is invited
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 3,826
Reputation: Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough 
Solved Threads: 144
Team Colleague
Catweazle Catweazle is offline Offline
Grandad

Re: Trojan: IRC/SdBot.AFN

 
0
  #2
May 30th, 2004
NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 16
Reputation: webtor is an unknown quantity at this point 
Solved Threads: 0
webtor webtor is offline Offline
Newbie Poster

Re: Trojan: IRC/SdBot.AFN

 
0
  #3
May 30th, 2004
Originally Posted by Catweazle
NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!
A very embarassing response for me to recieve.
I rely on NOD32.

SIT: as reported
File C:\WINDOWS\System32\navmgrd.exe is infected with a trojan
IRC/SdBot.AFN.
SIT: Newly reinstalled Zonelabs 4.0 reports that navmgrd.exe is
attempting to act as a server.
SIT: NOD32 reports that it cannot clean this infiltration.
SIT: This is kind of tough!!
SIT: NOD32 has allready recieved a pointed comm from
me on this sit ( allways polite ).

Spent time with other issues this past week that seem to point back to
this same item. http://www.daniweb.com/techtalkforum...cons/icon4.gif
Last edited by webtor; May 30th, 2004 at 8:03 am. Reason: Additional input
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 3,826
Reputation: Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough 
Solved Threads: 144
Team Colleague
Catweazle Catweazle is offline Offline
Grandad

Re: Trojan: IRC/SdBot.AFN

 
0
  #4
May 30th, 2004
NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 16
Reputation: webtor is an unknown quantity at this point 
Solved Threads: 0
webtor webtor is offline Offline
Newbie Poster

Re: Trojan: IRC/SdBot.AFN

 
0
  #5
May 30th, 2004
Originally Posted by Catweazle
NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.
I trust that we are not both moving too fast for each other.
I repeat, this is a moving target.
Is a morphing item.
Have scanned and observed how quickly it has taken on other
nuances.
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 3,826
Reputation: Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough 
Solved Threads: 144
Team Colleague
Catweazle Catweazle is offline Offline
Grandad

Re: Trojan: IRC/SdBot.AFN

 
0
  #6
May 30th, 2004
heh heh..... Looks like it's me standing still, I reckon. I'll leave this to others more knowledgeable than myself. All I know is NOD32 has never let me down, and I've seen reference to its signature files including mention of this particular trojan.

**** whistles and wanders off, awaiting developments......

Reply With Quote Quick reply to this message  
Join Date: Aug 2003
Posts: 9,549
Reputation: caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold 
Solved Threads: 493
Team Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Prodigy

Re: Trojan: IRC/SdBot.AFN

 
0
  #7
May 30th, 2004
A goolgle search of navmgrd.exe ,show these , http://www.google.com/search?sourcei...=navmgrd%2Eexe ,
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 3,826
Reputation: Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough 
Solved Threads: 144
Team Colleague
Catweazle Catweazle is offline Offline
Grandad

Re: Trojan: IRC/SdBot.AFN

 
0
  #8
May 30th, 2004
That's what I did caperjack.

The Google results indicate NOD32 has included this trojan in their signature files since version V.1.730
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 16
Reputation: webtor is an unknown quantity at this point 
Solved Threads: 0
webtor webtor is offline Offline
Newbie Poster

Re: Trojan: IRC/SdBot.AFN

 
0
  #9
Jun 1st, 2004
Originally Posted by Catweazle
NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!
Traded emails with "SOURCE".
"Source" gave me advices.
Decided to go my own way and had a VERY,VERY,VERY successful resolution
without future compromises.
This was a GREAT learning experience and has given me
a whole new *^killer*^ marketing approach / perspective
on the AV industry. BIGTIME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 16
Reputation: webtor is an unknown quantity at this point 
Solved Threads: 0
webtor webtor is offline Offline
Newbie Poster

Re: Trojan: IRC/SdBot.AFN

 
0
  #10
Jun 1st, 2004
Originally Posted by Catweazle
NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.
My path of travel on this whole manouver was creative without hacking skills.
Had to tell 'others' how to do their job as part of the remedy.
We accomplished our 'mission'.
Reply With Quote Quick reply to this message  
Reply

This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC