|
|
|
|
|
|||||||
 |
Computer Security - Trojan Dropper found in notepad.exe |
|
|
Thread Tools | Search this Thread |
08-02-2004, 08:59 AM
|
#1 |
Trojan Dropper found in notepad.exe
Recently I helped an elderly in-law update her NAV def files on an XP
home box. < was last updated last part of 2003 just before expiration>...> Most of the box's use come from grandchildren < and that's appears to be ICQ, chat, and MS IE w/ weak security settings> After updating her definitions, I ran a full system scan and found a *Trojan Dropper* < forget the name now> in windows\system32\notepad.exe Norton auto deleted it and I reset the path to the windows directory and notepad works fine again. Anyone had anything like this happen to them...I mean a bogus notepad.exe as a trojan ? bLB buzz Light Beer |
|
|
|
08-02-2004, 05:38 PM
|
#2 |
|
Posts: n/a
|
Re: Trojan Dropper found in notepad.exe
"buzz Light Beer" <> wrote in message news:... > Recently I helped an elderly in-law update her NAV def files on an XP > home box. < was last updated last part of 2003 just before > expiration>...> Most of the box's use come from grandchildren < and > that's appears to be ICQ, chat, and MS IE w/ weak security settings> > After updating her definitions, I ran a full system scan and found a > *Trojan Dropper* < forget the name now> in > windows\system32\notepad.exe > Norton auto deleted it and I reset the path to the windows directory > and notepad works fine again. > Anyone had anything like this happen to them...I mean a bogus > notepad.exe as a trojan ? > bLB > > Yep, it happened to me. Norton Personal Firewall was reporting that Notepad.exe was trying to access the internet. Looked at the notepad.exe file and determined it was not the original. Also my mstask.exe somehow got replaced. I had Windows 2000 Pro and IE 5.5. Have since upgraded to IE 6. Andy Andy Smith |
|
|
|
08-02-2004, 05:49 PM
|
#3 |
|
Posts: n/a
|
Re: Trojan Dropper found in notepad.exe
On Mon, 2 Aug 2004 12:38:30 -0400, "Andy Smith"
<> wrote: > >"buzz Light Beer" <> wrote in message >news:.. . >> Recently I helped an elderly in-law update her NAV def files on an XP >> home box. < was last updated last part of 2003 just before >> expiration>...> Most of the box's use come from grandchildren < and >> that's appears to be ICQ, chat, and MS IE w/ weak security settings> >> After updating her definitions, I ran a full system scan and found a >> *Trojan Dropper* < forget the name now> in >> windows\system32\notepad.exe >> Norton auto deleted it and I reset the path to the windows directory >> and notepad works fine again. >> Anyone had anything like this happen to them...I mean a bogus >> notepad.exe as a trojan ? >> bLB >> >> > >Yep, it happened to me. Norton Personal Firewall was reporting that >Notepad.exe was trying to access the internet. Looked at the notepad.exe >file and determined it was not the original. Also my mstask.exe somehow got >replaced. I had Windows 2000 Pro and IE 5.5. Have since upgraded to IE 6. > >Andy > You should have your firewall set to allow only the exe's of certain applications the right to access the internet. Block all other exe's after that rule. I'm guessing Norton is pretty much the same as other firewalls. marty12@hotmail.com |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error: Physical sythesis tool PALAC is not supported by Formal Verification tool Conf | bbiandov | Software | 0 | 12-22-2008 05:25 AM |
| Trojan zlob? Please help! | whackamole | General Help Related Topics | 4 | 10-16-2008 09:23 PM |
| Beware of zCodec: it's malware | Jeff | DVD Video | 1 | 09-05-2006 02:27 AM |
| DVD Video FixVTS 1.24b Found VCID 2/1 at LBA 142834 (142834 out) | Sue Brumba | DVD Video | 2 | 03-09-2006 03:53 PM |
| "Pirate booty" found on Castle in the Sky R1 DVD | Robotech_Master | DVD Video | 26 | 01-01-2004 10:41 PM |
