PDA

View Full Version : Downloader.Dyfica.T trojan, possibly something else



Craig
27-01-2004, 08:07 PM
Does anyone know much about the trojan Downloader.Dyfica.T?

I recently got an AVG warning about an infected tempory internet file. I
took no notice of the infections name, forgeting that my browser is set to unload temporary files on closure.

In AVG's automatic scan logs the trojan Downloader.Dyfica.T was detected and (supposidly) headled. A search about the trojan brings up next to no results.

My mums work has been sent infected emails from our home address which sparked my inquirey.

Can someone please help. At the moment no damage to our computer appears to be present, and I recently had it reformated so I'd rather not have to go through that again. I can't find any traces of an active infection after using multiple detection software. But obviously there is something present for infected emails to be sent from our computer.

Chilling_Silently
27-01-2004, 11:11 PM
Just going from memory, I removed it from a clients PC last year around October.

Its a Trojan and I used a Trojan Remover to get rid of it in the end (This is over AVG AND Noton's the client had on the PC).

Make sure you disable system restore while removing it :-)

Sorry I cant be more specific.. Its late in the evening and it was a while back. It was a pain in the behind, but I got rid of it, so try looking for freeware Trojan Removers and hope for the best :-)

Cheers


Chill.

BTW - The Trojan Remover picked up one instance of it, even though AVG and Nortons gave it the all clear ?!

beama
27-01-2004, 11:26 PM
try this A2 (http://www.emsisoft.com/en/software/free/)
or one of the on line virus checkers The one I use
http://www.pcpitstop.com/antivirus/default.asp

beama
27-01-2004, 11:35 PM
sorry
BTW if you you use A2 be sure to update it I just have and there were a considerable amount of update signature files.
IT is very easy to use. It found one on my PC that no virus checker picked up

Craig
28-01-2004, 04:01 PM
Thanks for your replies. I had already installed A2 Free, Ad-ware Professional 6.181, Ad-watch 3.0, AVG 6.0 Anti-Virus. I have now also installed an run Base Line Security Analyzer 1.2 and numerous online virus and trojan scanners, all of which detected no issues or infections, and ZoneAlarm Firewall. I have temporarily set ZoneAlarm to alert me of its activities have been bombarded with popups telling me it has blocked such and such access - could someone tell me if this is normal or whether is is likely I have a virus and remote computers are trying to gain access?

beama
28-01-2004, 11:11 PM
Craig
you seem to have the field covered have you any room left on on your pc :)
sorry.
Have you tried spy bot sorry dont remeber the url but a search on google should reveal it

beama
28-01-2004, 11:27 PM
here you go Craig this may help you
dogpile search (http://www.dogpile.com/info.dogpl/search/web/Downloader.Dyfica.T)

Pheonix
28-01-2004, 11:47 PM
With a Trojan or worm, they are trying to get OUT not in. So your firewall will tell you when a non-usual program tries to access the Internet. It even does so if the normal programs executable file has been modified.

As for getting in, there is extremely low chances of that happening with a decent firewall. Usually only coming in through e-mail or program installs. Only other way I can think of at the moment is a ddos attack which can drop the firewall because of overloading. ZoneAlarm test OK against this type of attack anyway.

So you look fine and on guard. As for ZoneAlarms log, just remember that the there is p2p programs like Kazaa, pinging you as it was last reported IP address. The vast majority are quite innocent and harmless. And the Blaster worm is still out there as well, but is stopped by any firewall.