|
|
#51
02-01-2006, 11:20 PM
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
Hi,
Just to add fuel to the fire I've detected it too; on both of my computers: the laptop --where I play poker, and my desktop -- where I seldom play poker. In fact I cannot remember opening party on the desktop since much earlier than December '05. I have not clicked on the OOT link you mentioned either. Please keep us posted; I followed yr removal method too. Also, I think a precautionary password change is in order. EDIT: Perhaps a link on the Internet forum is in order. that way we can gauge how widespread this is.... (am I too paranoid???). 
|
|
#52
02-01-2006, 11:37 PM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
It is infact the party poker client that is creating them.
You can watch it do so by using something such as Filemon by Sysinternals. Ex: <font class="small">Code:</font><hr /><pre>7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CREATE C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS Options: Create Access: All 7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CLEANUP C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS 7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CREATE C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS Options: Open Access: All </pre><hr /> I have contacted Party as a result of this but they are being slow to respond with anything of use.
|
|
#53
02-01-2006, 11:42 PM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
LR,
The files that party poker client is creating (which are not executable) do not look anything like the original xx.tmp files which were executable.
|
|
#55
02-02-2006, 12:00 AM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
No, they all had the extension .tmp but were in fact renamed .dll files when i looked inside them with a binary viewer. All of them also had a date of January 5. Files that Party client creates have current time/date.
|
|
#56
02-02-2006, 12:15 AM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
OK, I took some pics after finding those on my laptop too.
First of all, here's what Party's file looks like Here is the original 34.tmp file . It's clearly an executable/dll. Here i scrolled down a bit to see what it links to: link It links to such kernel functions as SetWindowsHookExA , CallNextHookEx etc, which is typical for trojans (well, normal applications too , but meh. Edit : Also, to make it clear, the date on these files is January 5 2005 , which means it's fabricated because i only bought this laptop in August.
|
|
#58
02-02-2006, 01:32 AM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
You will see the Karma Sutra worm be activated on Feb 3rd, this friday. I am not sure if it is the same worm, but it is something you should be aware of at home and work. It has been posted on CNN and Slashdot. It will go after any saved office files on your machine.
|
|
#59
02-02-2006, 07:03 AM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
[ QUOTE ]
I have contacted Party as a result of this but they are being slow to respond with anything of use. [/ QUOTE ] Please keep us updated. God I hate Party Support.
|
|
#60
02-02-2006, 07:12 AM
|
|||
|
|||
|
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
I downloaded MS anti spyware and it is on my computer also. Norton didnt pick it up.
After restarting and scanning again, the file came back. I dont know what to do?
|
 |
|
|
Linear Mode
