Trojan horse Agent.AOMA

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
thewolfe
DBB Admiral
DBB Admiral
Posts: 1987
Joined: Tue Nov 05, 2002 3:01 am
Contact:

Trojan horse Agent.AOMA

Post by thewolfe »

I'm running AVG on a friend's son's computer and it's found 35,000 \"threats\" so far.

Infection - Trojan horse Agent.AOMA

They're all zip files in
C:\\Docs&Setting\\\"owners name\"\\!\\.......

With no files hidden a \"search\" comes up empty.

The owner uses Limewire and has a lot of songs under \"Shared\".

Never seen this before. What say you?
User avatar
thewolfe
DBB Admiral
DBB Admiral
Posts: 1987
Joined: Tue Nov 05, 2002 3:01 am
Contact:

Post by thewolfe »

Found Sys files that were not being shown. The \"threats\" are there.
shaktazuki
DBB Ace
DBB Ace
Posts: 187
Joined: Thu Nov 06, 2008 10:56 pm

Post by shaktazuki »

Now you need to eradicate the viral threat from the computer. This reminds me of a video game plot. Some old 90's game...
Duck: “So, what’s that horn for?”

Unicorn: “Oh, you know, to stab my foe. I know, that sounds pretty harsh and brutal, or whatever. And it grants wishes! It also just looks good on a unicorn, *rawr*.”
User avatar
thewolfe
DBB Admiral
DBB Admiral
Posts: 1987
Joined: Tue Nov 05, 2002 3:01 am
Contact:

Post by thewolfe »

Got 38,029 bad guys so far.
User avatar
Duper
DBB Master
DBB Master
Posts: 9214
Joined: Thu Nov 22, 2001 3:01 am
Location: Beaverton, Oregon USA

Post by Duper »

you share music, you run that chance. My daughter ruined her hard drive doing the same thing. I just finally pitched it, it was so infected.
User avatar
thewolfe
DBB Admiral
DBB Admiral
Posts: 1987
Joined: Tue Nov 05, 2002 3:01 am
Contact:

Post by thewolfe »

Hard to get the message through the kids until you take the hd out but don't put a new one back in.
User avatar
Canuck
DBB Admiral
DBB Admiral
Posts: 1345
Joined: Tue Jun 12, 2001 2:01 am

Post by Canuck »

Do an online scan as well;
http://housecall.trendmicro.com/
shaktazuki
DBB Ace
DBB Ace
Posts: 187
Joined: Thu Nov 06, 2008 10:56 pm

Post by shaktazuki »

What kind of virus rides MP3 files?
Duck: “So, what’s that horn for?”

Unicorn: “Oh, you know, to stab my foe. I know, that sounds pretty harsh and brutal, or whatever. And it grants wishes! It also just looks good on a unicorn, *rawr*.”
User avatar
Duper
DBB Master
DBB Master
Posts: 9214
Joined: Thu Nov 22, 2001 3:01 am
Location: Beaverton, Oregon USA

Re:

Post by Duper »

thewolfe wrote:Hard to get the message through the kids until you take the hd out but don't put a new one back in.
True. and I did just that. She went several months without a computer ... which resulted in some kind of confrontation nightly when I would not let her use mine.

Skakt, none that I'm aware of, but these sharing softwares are hardly secure. They leave all sorts of holes. Even through firewalls.
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

More often viruses that infect P2P software are distributed to masquerade as software cracks or free pornography. When someone runs them they copy themselves to hundreds or thousands of similar filenames inside the users shared folders in an attempt to make someone else download them and repeat the same mistake. In addition they usually take control of the computer to turn it into a botnet zombie computer, steal information from the computer, log keystrokes and spy on the user(s) for identity theft purposes.

Any peer to peer service that uses \"shared folders\" such as kazaa, edonkey, direct connect, limewire, etc are all vulnerable to this type of virus spread. Although the applications themselves may be fairly secure, it is user error or ignorance that causes the virus to execute. No amount of anti-virus software can protect your computer from you, even if you are running a registered commercial software suite to protect your computer this kind of attack will breeze right through it as if it wasn't there at all.
User avatar
Canuck
DBB Admiral
DBB Admiral
Posts: 1345
Joined: Tue Jun 12, 2001 2:01 am

Post by Canuck »

Its like putting the best deadbolt on your door to keep people out, but when you file share you are \"opening the deadbolt\" and letting them in.
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

Actually that analogy isn't very good. Antivirus programs are more like smoke alarms: when they do go off, usually something is already burnt beyond recognition and its depending on what burned it is possible you will be unable to prevent your house from burning down. They do not protect you from something bad happening, they warn you when something bad has already happened.

The only deadbolt on your computers door is you and security updates to your operating system and software. Getting infected by a virus is usually like ordering a package from a shady dealer, you expected some handy appliance for cheap but what you got was an incendiary device and you failed to properly inspect it before turning it on.

Your antivirus software can act like a watch dog, but only if you wake it up and make it smell something before you try and use it. However, if you are going to go that far; inspecting the package yourself is equally as effective. Really the safest thing to do is only accept packages from trustworthy sources and inspect them carefully before using them. The only time the dog is going to bark at something all on its own, is when it is painfully obvious to everyone in the entire neighborhood that there is a problem (like your house is burning down).
User avatar
Spidey
DBB Grand Master
DBB Grand Master
Posts: 10808
Joined: Thu Jun 28, 2001 2:01 am
Location: Earth

Post by Spidey »

Well…there is no such thing as a “A fire is about to start” alarm…so a smoke alarm is the next best thing, and they \"can\" help prevent the entire house from burning down, or worse…

My AV software “prevents” infection all the time, by blocking stuff and warning of threats. (but in fairness, the firewall has something to do with that as well)

I do agree with Canuck’s analogy, it’s like having a good lock, and then leaving the door open.

“inspecting the package yourself is equally as effective”

Maybe for a geek... :P
shaktazuki
DBB Ace
DBB Ace
Posts: 187
Joined: Thu Nov 06, 2008 10:56 pm

Post by shaktazuki »

I don't use AV software - I've gotten 1 virus in all my years as a computer user, back in 2000, when I discovered the emulation scene.

Some helpful tips:
  • Keep your important *documents* backed up on a thumb drive - the stuff you really wouldn't want to lose if your computer died.
  • Don't download zips or executables from, nor visit, sites that have pr0n ads on them.
  • Don't open zip files or executables from sites that aren't \"big names.\" Big names are the highly recognizable sites like www.download.com, www.microsoft.com, and the like - important, well-known publishers.
  • Don't open zip files or executables from file-sharing services! You don't know where that file's been, or what's in it. If you're going to download, only download media content files (.AVI files, .MP3 files, etc.). I don't know yet if someone has infected disc images, since they contain executables, but it's a logical possibility. Caveat downloader.
  • If you use windows, make sure you have all the updates, and your firewall is turned on.
  • Don't open zips or executables sent to you via email under any circumstances - unless your email has a virus scan, as Yahoo mail does, and even then you have to evaluate if you can trust the sender to not sent you malware.
In short: only trust sites whose owners you can sue if something goes wrong. Don't trust that nifty screen-saver executable Aunt Tillie just emailed you. And avoid all sites of bad intent (like www.descentbb.com).
Duck: “So, what’s that horn for?”

Unicorn: “Oh, you know, to stab my foe. I know, that sounds pretty harsh and brutal, or whatever. And it grants wishes! It also just looks good on a unicorn, *rawr*.”
User avatar
TechPro
DBB Admiral
DBB Admiral
Posts: 1520
Joined: Thu May 20, 2004 11:51 pm

Re:

Post by TechPro »

shaktazuki wrote:I don't use AV software ...
Ticking time bomb.
shaktazuki
DBB Ace
DBB Ace
Posts: 187
Joined: Thu Nov 06, 2008 10:56 pm

Re:

Post by shaktazuki »

TechPro wrote:
shaktazuki wrote:I don't use AV software ...
Ticking time bomb.
9 years and it ain't gone off. What's your record?
Duck: “So, what’s that horn for?”

Unicorn: “Oh, you know, to stab my foe. I know, that sounds pretty harsh and brutal, or whatever. And it grants wishes! It also just looks good on a unicorn, *rawr*.”
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Re:

Post by Krom »

shaktazuki wrote:9 years and it ain't gone off. What's your record?
Been using PCs since the early 1990s and the internet since 1997. No problems yet.

Every job I've gone out to clean viruses from a computer, the infected machine had a up to date anti-virus/security software suite installed and it was operating properly when the machine was infected (usually Norton Internet Insecurity <insert year here>, but there were others) with a current paid subscription. Sometimes the suite had been disabled by the virus. A long time ago I concluded that anti-virus/security suite software was some of the most dangerous software available because of these experiences.

The main sources for infection are either individually or a mix of:
#5: Email worms from friends and relatives + Microsoft Outlook/Outlook Express (most webmail sites are immune to this type).
#4: Unsupervised children/adults doing "homework/games/chat" and catching a STD in the process.
#3: Microsoft Internet Explorer (often in combination with #2 and #4).
#2: Failure to install critical security updates.
#1: Overconfidence in their security suite leading to careless behavior like #2-5 ("But I have anti-virus software!").
User avatar
captain_twinkie
DBB Ace
DBB Ace
Posts: 222
Joined: Sun Mar 07, 2004 3:35 pm
Location: Orem, Utah

Post by captain_twinkie »

All the downloading that happens on my system, happens in a virtual machine.
User avatar
Warlock
DBB 3D Artist
DBB 3D Artist
Posts: 3370
Joined: Wed May 12, 1999 2:01 am
Location: Midland, Tx, U.S.
Contact:

Post by Warlock »

I use avast boot scanner to kill any bugs.
User avatar
Hattrick
DBB Admiral
DBB Admiral
Posts: 1114
Joined: Thu Jul 19, 2001 2:01 am
Location: Southern Oregon
Contact:

Re:

Post by Hattrick »

shaktazuki wrote: And avoid all sites of bad intent (like www.descentbb.com).
:roll:
User avatar
EngDrewman
DBB Ace
DBB Ace
Posts: 232
Joined: Mon Oct 13, 2008 12:01 am
Location: Sacramento, CA
Contact:

Post by EngDrewman »

The whimpy AVG, Norton, McAfee, Avast, and TrendMicro all bow before the almighty NOD32. No it isn't a freebie, but it is SO worth it! Easy to use and light on system resources. Get it here! I recommend the full security suite, but a standalone scanner is available. They also have a free online scanner.

If you are tight on money, the best free scanner is Avira.

So pretty much, if you use one of those scanners and Spybot- Search & Destroy you should be malware free :)
Post Reply