BigFix User Group
You are not logged in.
Pages: 1
- Index
- » Security Configuration and Vulnerability Management
- » ASPROX trojan found (RSS Feed)
#1 2008-01-05 12:47:03
- BarryWallis
- Active Member
- From: San Diego, CA
- Registered: 2007-11-14
- Posts: 17
ASPROX trojan found
We have found this trojan on a machine running BigFix AV. However, neither real-time scanning or an on-demand scan identified this. Is this an issue with BigFix AV?
Offline
#2 2008-01-05 21:34:35
- BarryWallis
- Active Member
- From: San Diego, CA
- Registered: 2007-11-14
- Posts: 17
Re: ASPROX trojan found
Updated information: It looks like this is a new variant of the ASPROX trojan. Trend Micro has it listed as TROJ_ASPROX.A: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FASPROX%2EA&VSect=P>.
Offline
#3 2008-01-06 12:15:16
Re: ASPROX trojan found
Hi Barry,
eTrust is the engine that powers the BigFix AntiVirus and I spent some time looking through their AV information at http://www.ca.com/us/securityadvisor/default.aspx , but I didn't find anything that looked like this trojan. This might mean that the eTrust engine doesn't know about this trojan yet.
We can escalate this issue to eTrust and let you know, but I think it makes sense for you to start a BigFix case so we can track this and communicate with you properly.
Thanks,
Ben
Offline
#4 2008-01-06 12:26:39
- BarryWallis
- Active Member
- From: San Diego, CA
- Registered: 2007-11-14
- Posts: 17
Re: ASPROX trojan found
Our desktop engineer has opened a ticket on this with BigFix support. Trend Micro has had definitions for this variant since 12/13/2007: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FASPROX%2EA&VSect=P>
Last edited by BarryWallis (2008-01-06 12:26:57)
Offline
#5 2008-01-06 14:08:18
Re: ASPROX trojan found
Hey Barry,
Actually, it looks like eTrust does have a definition for this trojan, but it is called DANMEC and it is here: http://www.ca.com/securityadvisor/pest/ … =453112813
However, this trojan is considered Spyware and so it is detected by BigFix AntiSpyware and not BigFix AntiVirus (which explains why you did not see it detected). To remove this trojan and all other spyware, you need to use the AntiPest software.
Until you can get AntiPest in place, I wrote a Fixlet that will detect and remove this particular trojan so you can help deal with this problem now. It is attached to this post (you can only see attachments if you are logged into the forum).
I couldn't test the Fixlet and I am not sure it will remove every single piece of the trojan so let me know what you find.
Ben
Offline
#6 2008-01-06 14:43:02
- BarryWallis
- Active Member
- From: San Diego, CA
- Registered: 2007-11-14
- Posts: 17
Re: ASPROX trojan found
Thanks for the quick turn-around on this, it is appreciated. Unfortunately, we may not be able to test this until tomorrow.
Offline
#7 2008-01-07 15:13:38
- BarryWallis
- Active Member
- From: San Diego, CA
- Registered: 2007-11-14
- Posts: 17
Re: ASPROX trojan found
The Fixlet is great at detecting the infected machines. Unfortunately, we need to do the remediation by hand because it requires booting into Safe Mode.
Offline
Pages: 1
- Index
- » Security Configuration and Vulnerability Management
- » ASPROX trojan found (RSS Feed)