Korean Job Discussion Forums

[Hindsight]

I suppose all of you have read about Google's charge of the Chinese trojan horse. If I have it straight, Chinese hackers, possible tied to the Chinese government, were able to get worms onto computers, primarily via PDFs opened through the Adobe reader. But some say, particularly the German government, that Internet Explorer may be partly to blame.

Well, I don't use either, normally. Sometimes you have to use Internet Explorer, though, especially here. I use Foxit Reader to open PDFs.

http://www.foxitsoftware.com/downloads/index.php

Nevertheless, a trojan horse got onto my system. I had trouble booting up, so I booted into safe mode and did a scan with Avast home (which is free):

http://www.avast.com/eng/avast_4_home.html

It found the trojan fairly quickly. I rebooted, and now I scanned some more areas of my computer. Thank you Avast, you saved my ass!

I last scanned my Windows files about a month ago. And I have kept Windows up to date. This is the first time I have found a virus on my system in a long time. However, Avast has alerted me to attempts to install stuff, and stopped it.

I don't know if my trojan was connected to the ones in the news. But when there is all this publicity, it means other hackers hear about the vulnerabilities, and could try the same attack.

So this seems to be a good time to do a virus scan on your system, if you haven't in a while.

[bassexpander]

I don't use Adobe's .pdf reader, either. I use Foxit to read .pdf files.

Adobe's version has become noting more than spyware that searches your system for illegal copies of Adobe products like photoshop, then phones home and deactivates them. It's a really fat pig of a program, too.

And as we've seen, it's also something that can be used to get a trojan into your system.

Avoid Adobe's .pdf reader.

[bassexpander]

In addition to your virus scanner, I suggest running Malwarebytes from www.malwarebytes.org at least every few weeks. It's free, and great.

[Hindsight]

I tried www.malwarebytes.org and it found remnants of a trojan in my registry, and removed it. Tip: go to the drive directory, or any portion of the drive, and right click, and you can then scan with malwarebytes. It seemed to work fine even with Avast running, no conflict.

Thanks for the tip, bassexpander.

[bassexpander]

Yesterday I received a suspicious e-mail with a zip attachment. THe e-mail was labeled "You missed an International DHL Delivery". I scanned the file using this site:

http://virusscan.jotti.org/en

... which will scan using multiple free online scanners from 20 or more companies. It was interesting, because 8 of the companies detected it. Avast, Kaspersky, Sophos, Bit Defender, Avira, and others missed it, and my own scan with Microsoft missed it. I submitted it as a suspicious file to several of the sites individually, including Norton Symantec. Couldn't send it to Kaspersky, because they only allow the "Send suspicious file" option if you have Kaspersky installed. Eset, ClamAV, F-Secure, and some others I can't remember were of the 8 companies that DID find it.

Norton was the quickest to respond, saying it was indeed a trojan downloader, they named it, and they would include it in their next set of definitions. I got responses from Sophos, Microsoft, and Avira much the same. It was new to all of them.

I scanned the same file with Microsoft today, and it now finds it. Pretty cool!

Still haven't heard from Avast.

[Hindsight]

So what was in the DHL delivery?

Good advice, bassexpander.

I checked my email, but didn't find anything suspicious to test it on.

I assume you can't get infected just by opening an e-mail, you have to click on something first, like opening a PDF or .exe file, right?

Just a reminder to all the folks out there, you also have to do Windows update, and update Microsoft Office, if you have it. I've me people who complained about problems with Windows, but it turns out they had never done an update, or set it to auto update.

[bassexpander]

Yeah, you have to download and open the file to be infected.

Virus scanners that catch it either won't allow the file to be downloaded, or will delete it as it downloads.