Trojan Dropper found in notepad.exe

Discussion in 'Computer Security' started by buzz Light Beer, Aug 2, 2004.

  1. Recently I helped an elderly in-law update her NAV def files on an XP
    home box. < was last updated last part of 2003 just before
    expiration>...> Most of the box's use come from grandchildren < and
    that's appears to be ICQ, chat, and MS IE w/ weak security settings>
    After updating her definitions, I ran a full system scan and found a
    *Trojan Dropper* < forget the name now> in
    windows\system32\notepad.exe
    Norton auto deleted it and I reset the path to the windows directory
    and notepad works fine again.
    Anyone had anything like this happen to them...I mean a bogus
    notepad.exe as a trojan ?
    bLB
    buzz Light Beer, Aug 2, 2004
    #1
    1. Advertising

  2. buzz Light Beer

    Andy Smith Guest

    "buzz Light Beer" <> wrote in message
    news:...
    > Recently I helped an elderly in-law update her NAV def files on an XP
    > home box. < was last updated last part of 2003 just before
    > expiration>...> Most of the box's use come from grandchildren < and
    > that's appears to be ICQ, chat, and MS IE w/ weak security settings>
    > After updating her definitions, I ran a full system scan and found a
    > *Trojan Dropper* < forget the name now> in
    > windows\system32\notepad.exe
    > Norton auto deleted it and I reset the path to the windows directory
    > and notepad works fine again.
    > Anyone had anything like this happen to them...I mean a bogus
    > notepad.exe as a trojan ?
    > bLB
    >
    >


    Yep, it happened to me. Norton Personal Firewall was reporting that
    Notepad.exe was trying to access the internet. Looked at the notepad.exe
    file and determined it was not the original. Also my mstask.exe somehow got
    replaced. I had Windows 2000 Pro and IE 5.5. Have since upgraded to IE 6.

    Andy
    Andy Smith, Aug 2, 2004
    #2
    1. Advertising

  3. buzz Light Beer

    Guest

    On Mon, 2 Aug 2004 12:38:30 -0400, "Andy Smith"
    <> wrote:

    >
    >"buzz Light Beer" <> wrote in message
    >news:...
    >> Recently I helped an elderly in-law update her NAV def files on an XP
    >> home box. < was last updated last part of 2003 just before
    >> expiration>...> Most of the box's use come from grandchildren < and
    >> that's appears to be ICQ, chat, and MS IE w/ weak security settings>
    >> After updating her definitions, I ran a full system scan and found a
    >> *Trojan Dropper* < forget the name now> in
    >> windows\system32\notepad.exe
    >> Norton auto deleted it and I reset the path to the windows directory
    >> and notepad works fine again.
    >> Anyone had anything like this happen to them...I mean a bogus
    >> notepad.exe as a trojan ?
    >> bLB
    >>
    >>

    >
    >Yep, it happened to me. Norton Personal Firewall was reporting that
    >Notepad.exe was trying to access the internet. Looked at the notepad.exe
    >file and determined it was not the original. Also my mstask.exe somehow got
    >replaced. I had Windows 2000 Pro and IE 5.5. Have since upgraded to IE 6.
    >
    >Andy
    >

    You should have your firewall set to allow only the exe's of certain
    applications the right to access the internet. Block all other exe's
    after that rule.

    I'm guessing Norton is pretty much the same as other firewalls.
    , Aug 2, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gorf
    Replies:
    3
    Views:
    1,982
    relic
    Dec 13, 2004
  2. Andy Mann

    Trojan dropper Win32.purityscan.k

    Andy Mann, Feb 24, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    616
    ┬░Mike┬░
    Feb 24, 2005
  3. Big Ron

    trojan.dropper

    Big Ron, Oct 10, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    515
    Brian
    Oct 10, 2005
  4. ~misfit~

    Dropper.DP.A Trojan?

    ~misfit~, Sep 4, 2003, in forum: NZ Computing
    Replies:
    22
    Views:
    946
    ~misfit~
    Sep 11, 2003
  5. ~misfit~

    Dropper.DP.A Trojan. Help please!!

    ~misfit~, Sep 6, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    489
    ~misfit~
    Sep 7, 2003
Loading...

Share This Page