Vulnerability Development mailing list archives

RE: Update on grokster trojan domain name

From: "Ken Pfeil" <Ken () infosec101 org>
Date: Fri, 28 Dec 2001 12:01:31 -0500

At lease two different AntiVirus companies now detect this. TROJ_DLDER.A or
Trojan/W32.Dlder is installed with the full installation of Grokster.
InCntrl5 install logs available to womever needs it..
Here's the response from Panda's lab.

Best Regards,
Ken



-----Original Message-----
From: Virus Research Lab. [mailto:virus () pandasoftware com]
Sent: Friday, December 28, 2001 11:47 AM
To: Ken () infosec101 org
Subject: RE: (EG)FW: New Trojan


Dear customer,

After checking in our laboratory the files you enclose, we can confirm they
belong to the trojan known as Trojan/W32.Dlder. Due to the nature of the
files, they can only be deleted.

 <<Pav.zip>>
Find enclosed the latest signatures file, you can detect and eliminate this
trojan with. Follow this procedure:

1.- Decompress the Pav.zip file in the directory where the antivirus is
installed.
2.- Copy the PAV.SIG file generated to the \Windows\System (if you run
W95/W98) or \WinNT\System32 directory (if you run NT).
3.- Restart your system and use the antivirus normally.

If you find any problems with the process, you may contact our technical
support department (support () pandasoftware com) where you can be given the
right directions.

You will soon find information about this trojan in the following URL:

http://service.pandasoftware.es/library/virusCard.jsp?Virus=Trojan/W32.Dlder

Best regards,

Virus Research Lab
mailto:virus () pandasoftware com

Panda Software
Buenos Aires 12
48001 BILBAO - SPAIN
Phone: +34 94 425 11 00      Fax: +34 94 424 46 97
http://www.pandasoftware.com
"The first antivirus company in the world to offer technical support
services 24 hours a day, 365 days a year and daily updates. "
Ridding the Planet of Viruses! Try our products, FREE! at
http://www.pandasoftware.com/form.htm

-----Mensaje original-----
De:   Ken Pfeil [SMTP:Ken () infosec101 org]
Enviado el:   viernes 28 de diciembre de 2001 16:04
Para: virus () virus pandasoftware com
Asunto:       (EG)FW: New Trojan




-----Original Message-----
From: Ken Pfeil [mailto:Ken () infosec101 org]
Sent: Friday, December 28, 2001 9:25 AM
To: support () pandasoftware com; labs () pandasoftware com
Cc: pbustamante () pandasoftware com; pbustamante () pandasoftware es
Subject: New Trojan


The online scanner did not pick this up, however Trend's did. TROJ_DLDER.A
is what it came up with.

Password is "test"

Thanks,
Ken
 <<Archivo: test.zip>>

Current thread:

Update on grokster trojan domain name scott (Dec 27)
- Re: Update on grokster trojan domain name Markus Kern (Dec 28)
  - RE: Update on grokster trojan domain name Ken Pfeil (Dec 28)