#51
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
Hi,
Just to add fuel to the fire I've detected it too; on both of my computers: the laptop --where I play poker, and my desktop -- where I seldom play poker. In fact I cannot remember opening party on the desktop since much earlier than December '05. I have not clicked on the OOT link you mentioned either. Please keep us posted; I followed yr removal method too. Also, I think a precautionary password change is in order. EDIT: Perhaps a link on the Internet forum is in order. that way we can gauge how widespread this is.... (am I too paranoid???). |
#52
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
It is infact the party poker client that is creating them.
You can watch it do so by using something such as Filemon by Sysinternals. Ex: <font class="small">Code:</font><hr /><pre>7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CREATE C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS Options: Create Access: All 7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CLEANUP C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS 7:27:52 PM PartyPoker.exe:1532 IRP_MJ_CREATE C:\DOCUME~1\Lazyrobot\LOCALS~1\Temp\C27.tmp SUCCESS Options: Open Access: All </pre><hr /> I have contacted Party as a result of this but they are being slow to respond with anything of use. |
#53
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
LR,
The files that party poker client is creating (which are not executable) do not look anything like the original xx.tmp files which were executable. |
#54
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
Did you have something called "34.tmp.exe"?
|
#55
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
No, they all had the extension .tmp but were in fact renamed .dll files when i looked inside them with a binary viewer. All of them also had a date of January 5. Files that Party client creates have current time/date.
|
#56
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
OK, I took some pics after finding those on my laptop too.
First of all, here's what Party's file looks like Here is the original 34.tmp file . It's clearly an executable/dll. Here i scrolled down a bit to see what it links to: link It links to such kernel functions as SetWindowsHookExA , CallNextHookEx etc, which is typical for trojans (well, normal applications too , but meh. Edit : Also, to make it clear, the date on these files is January 5 2005 , which means it's fabricated because i only bought this laptop in August. |
#57
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
I had this file and removed it with MS AntiSpyware.
Someone needs to come up with a connection, this is pretty puzzling. |
#58
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
|
#59
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
[ QUOTE ]
I have contacted Party as a result of this but they are being slow to respond with anything of use. [/ QUOTE ] Please keep us updated. God I hate Party Support. |
#60
|
|||
|
|||
Re: Microsoft Anti-Spyware just found trojan.backdoor.small.fb
I downloaded MS anti spyware and it is on my computer also. Norton didnt pick it up.
After restarting and scanning again, the file came back. I dont know what to do? |
|
|