| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56478 | 2005-04-06 04:26:00 | loadnew.exe ?? Harnig.p trogan ?? | Mantis (3703) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 342076 | 2005-04-06 04:26:00 | Running windows xp home sp1 ... updated Zonealarm, spybot, adaware and AVG free... I'm very careful about what I download and install.... Have somehow managed to pick up this file somewhere adn avg has just quarentined it ..... Trogan Horse Harnig.p c:\windows\loadnew.exe Backup copy Infected I have googled and found a descriptoin of this trogan via the avg database but I have no idea how I have contracted this file and trojan. Anyone have any ideas???? Thanks as always MANTIS. |
Mantis (3703) | ||
| 342077 | 2005-04-06 04:49:00 | You may be running as an "administrator", which has write "rights" to the Windows directories. You may want to create a standard user with limited rights which you use for "Internet" only tasks. |
KiwiTT_NZ (233) | ||
| 342078 | 2005-04-06 04:50:00 | Google says: Details: This JAVA malware is found in malicious Web sites as part of a Web page applet . It comes in the form of a compiled Java class, and may be called from an HTML page . It exploits the ByteVerifier vulnerability in unpatched versions of Microsoft (MS) Java Virtual Machine, which could allow a file to be downloaded and executed without a user’s knowledge . This variant of the JAVA_BYTEVER malware arrives as the following files: counter . class matrix . class The file, COUNTER . CLASS, which contains the specially crafted code of the exploit, uses the classes defined in MATRIX . CLASS to execute its payload . It connects to the following Web site where it downloads a file and saves it as LOADNEW . EXE: . biz/dl/loadadv479 . exe" target="_blank">ifram<BLOCKED>lars . biz It then executes the file . This malware takes advantage of the ByteCode verifier exploit that allows Java applets to execute malicious code . More information on this exploit is available in the following Web page: Microsoft Security Bulletin MS03-011 . microsoft . com/technet/treeview/encyclopedia . php?url=/technet/security/bulletin/MS03-011 . asp" target="_blank">www . microsoft . com |
godfather (25) | ||
| 342079 | 2005-04-06 04:55:00 | Sounds like an updated java engine is required. Get it version 1.50.2 from java.sun.com | KiwiTT_NZ (233) | ||
| 342080 | 2005-04-06 05:05:00 | Thanks guys... Godfather... what you have posted I tkae it that it is fairly safe to delete thie file form the AVG quatentine area? I am currently on dialup and have ordered broadband which should hopefully be installed soon, I'm also looking at getting a dvd writer early next week for backup purposes before I install sp2. Once I have broadband I will update these security patchs too... ( as you can imagine dialup is not fun to download large files) Thanks. |
Mantis (3703) | ||
| 342081 | 2005-04-06 05:11:00 | According to java.sun.com J2SE 5.0 Download Java 2 Platform Standard Edition 5.0 ....is the lastest version.... is this what I need to download and update? Thanks. |
Mantis (3703) | ||
| 342082 | 2005-04-06 05:21:00 | Yes. Thats the one. | KiwiTT_NZ (233) | ||
| 342083 | 2005-04-06 05:28:00 | DONE. :) Thanks again. Mantis. |
Mantis (3703) | ||
| 342084 | 2005-04-06 05:31:00 | Thats another version of Java, u can use, but that isnt what fixes that trojan, like byteverify . I think this is what u need . microsoft . com/technet/security/bulletin/ms03-011 . mspx" target="_blank">www . microsoft . com Or go to Windowsupdate . |
Speedy Gonzales (78) | ||
| 1 | |||||