TROJ_AGENT.ALL

Discussion in 'Computer Security' started by Thund3rstruck_n0i, Jan 30, 2005.

  1. A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    vague on how TROJ_AGENT.ALL is spread. Anyone know?

    TIA

    NOI
     
    Thund3rstruck_n0i, Jan 30, 2005
    #1
    1. Advertising

  2. Thund3rstruck_n0i

    donnie Guest

    On Sat, 29 Jan 2005 21:29:50 -0500, Thund3rstruck_n0i
    <> wrote:

    > A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    >site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    >vague on how TROJ_AGENT.ALL is spread. Anyone know?
    >
    > TIA
    >
    > NOI

    #################################
    Most times the user clicked on an attachment but make sure file
    sharing isn't enabled or that some service such as FTP isn't running.
    donnie.
     
    donnie, Jan 30, 2005
    #2
    1. Advertising

  3. Trojans are spread by the stupidity of people downloading haphazardly crap off the Internet.
    Trojans are NOT viruses and don't replicate.

    --
    Dave




    "Thund3rstruck_n0i" <> wrote in message
    news:pyXKd.6250$...
    | A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    | vague on how TROJ_AGENT.ALL is spread. Anyone know?
    |
    | TIA
    |
    | NOI
    |
     
    David H. Lipman, Jan 30, 2005
    #3
  4. David H. Lipman spilled my beer when they jumped on the table and proclaimed
    in <XC_Kd.79$Xs6.49@trnddc01>

    > Trojans are spread by the stupidity of people downloading haphazardly crap
    > off the Internet. Trojans are NOT viruses and don't replicate.


    Yeah...

    Thanks Dave.

    NOI
     
    Thund3rstruck_n0i, Jan 30, 2005
    #4
  5. donnie spilled my beer when they jumped on the table and proclaimed in
    <>

    > Most times the user clicked on an attachment but make sure file
    > sharing isn't enabled or that some service such as FTP isn't running.
    > donnie.


    Thanks Donnie. I'll have him check for that.

    NOI
     
    Thund3rstruck_n0i, Jan 30, 2005
    #5
  6. Thund3rstruck_n0i

    ed Guest

    Dave wrote:


    > Trojans are spread by the stupidity of people downloading haphazardly crap
    > off the Internet.
    > Trojans are NOT viruses and don't replicate.


    Not entirely true, as I have a web server that has been compromised twice by
    several back door Trojans. I do not download anything with the server and
    can only presume it was hacked, which is the other way to get Trojans and
    backdoors. It had all the MS OS updates applied, antivirus running, etc.

    Since then, I have ran MS Baseline Security Analyzer on it and made all
    possible changes

    Also,

    Applied an additional update to SQL Server
    Applied an additional update to .Net
    Changed the name of IUSR and IWAM Accounts
    Removed the Admin account
    Turned off NetBIOS

    And still not sure if this will help, as I do not know how the server was
    infected either time.


    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:XC_Kd.79$Xs6.49@trnddc01...
    > Trojans are spread by the stupidity of people downloading haphazardly crap
    > off the Internet.
    > Trojans are NOT viruses and don't replicate.
    >
    > --
    > Dave
    >
    >
    >
    >
    > "Thund3rstruck_n0i" <> wrote in message
    > news:pyXKd.6250$...
    > | A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    > | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    > | vague on how TROJ_AGENT.ALL is spread. Anyone know?
    > |
    > | TIA
    > |
    > | NOI
    > |
    >
    >
     
    ed, Jan 30, 2005
    #6
  7. Servers are different. I should have stated user computers.

    --
    Dave




    "ed" <> wrote in message news:vKbLd.582$...
    | Dave wrote:
    |
    |
    | > Trojans are spread by the stupidity of people downloading haphazardly crap
    | > off the Internet.
    | > Trojans are NOT viruses and don't replicate.
    |
    | Not entirely true, as I have a web server that has been compromised twice by
    | several back door Trojans. I do not download anything with the server and
    | can only presume it was hacked, which is the other way to get Trojans and
    | backdoors. It had all the MS OS updates applied, antivirus running, etc.
    |
    | Since then, I have ran MS Baseline Security Analyzer on it and made all
    | possible changes
    |
    | Also,
    |
    | Applied an additional update to SQL Server
    | Applied an additional update to .Net
    | Changed the name of IUSR and IWAM Accounts
    | Removed the Admin account
    | Turned off NetBIOS
    |
    | And still not sure if this will help, as I do not know how the server was
    | infected either time.
    |
    |
    | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    | news:XC_Kd.79$Xs6.49@trnddc01...
    | > Trojans are spread by the stupidity of people downloading haphazardly crap
    | > off the Internet.
    | > Trojans are NOT viruses and don't replicate.
    | >
    | > --
    | > Dave
    | >
    | >
    | >
    | >
    | > "Thund3rstruck_n0i" <> wrote in message
    | > news:pyXKd.6250$...
    | > | A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    | > | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    | > | vague on how TROJ_AGENT.ALL is spread. Anyone know?
    | > |
    | > | TIA
    | > |
    | > | NOI
    | > |
    | >
    | >
    |
    |
     
    David H. Lipman, Jan 30, 2005
    #7
  8. Thund3rstruck_n0i

    winged Guest

    ed wrote:
    > Dave wrote:
    >
    >
    >
    >>Trojans are spread by the stupidity of people downloading haphazardly crap
    >>off the Internet.
    >>Trojans are NOT viruses and don't replicate.

    >
    >
    > Not entirely true, as I have a web server that has been compromised twice by
    > several back door Trojans. I do not download anything with the server and
    > can only presume it was hacked, which is the other way to get Trojans and
    > backdoors. It had all the MS OS updates applied, antivirus running, etc.
    >
    > Since then, I have ran MS Baseline Security Analyzer on it and made all
    > possible changes
    >
    > Also,
    >
    > Applied an additional update to SQL Server
    > Applied an additional update to .Net
    > Changed the name of IUSR and IWAM Accounts
    > Removed the Admin account
    > Turned off NetBIOS
    >
    > And still not sure if this will help, as I do not know how the server was
    > infected either time.
    >
    >
    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > news:XC_Kd.79$Xs6.49@trnddc01...
    >
    >>Trojans are spread by the stupidity of people downloading haphazardly crap
    >>off the Internet.
    >>Trojans are NOT viruses and don't replicate.
    >>
    >>--
    >>Dave
    >>
    >>
    >>
    >>
    >>"Thund3rstruck_n0i" <> wrote in message
    >>news:pyXKd.6250$...
    >>| A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's
    >>| site) and ISTBAR on his PC. I've read up on istbar but Trend's site is
    >>| vague on how TROJ_AGENT.ALL is spread. Anyone know?
    >>|
    >>| TIA
    >>|
    >>| NOI
    >>|
    >>
    >>

    >
    >
    >

    Sure hope you did a clean build on the server else you probably are
    still compromised. You should ensure your SQL server is constrained to
    only talk to the web host and possibly admin terms and block SQL server
    access at the firewall. Ideally the sq server is on a separate box else
    wise run sq server on a virtual IP. It is not good practice to do
    client side processing with exposed SQL services. .NET introduces a
    whole gambit of security issues into the mix. For example there are a
    number of calls where .NET works with client side MS apps where code can
    be induced into the system. This usually requires an authenticated
    user. This is why a number of major players in the .NET community have
    been dumping .NET If the compromise is properly executed the "bad guy"
    trojaned other connecting clients to make re-exploit easier. We have
    found .NET can have significant issues if improperly implemented and
    improperly restricted.

    Winged
     
    winged, Feb 2, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Moderator
    Replies:
    5
    Views:
    659
    loyola
    Feb 2, 2006
  2. Moderator
    Replies:
    0
    Views:
    625
    Moderator
    Jan 23, 2006
  3. Matt K

    Troj_agent.z2

    Matt K, Jun 23, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    456
    °Mike°
    Jun 23, 2004
  4. PackRat2112

    TROJ_AGENT.FZ question

    PackRat2112, Aug 18, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    1,577
    dragonarok
    Jul 23, 2007
  5. Bucky Breeder

    ![Oof Topix] All McCain, All Flip-Flop, All the Time

    Bucky Breeder, Sep 27, 2008, in forum: Computer Support
    Replies:
    7
    Views:
    650
    HEMI-Powered
    Sep 27, 2008
Loading...

Share This Page