Jump to content
KenC

I-Worm.Trojan.B scam

Recommended Posts

I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue.

Share this post


Link to post
Share on other sites

I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue.

Please post your latest scan log for review - it should have been detected and removed.

Share this post


Link to post
Share on other sites

Sorry for sounding dumb, but how do I do that? I've tried, but can't figure it out!!

Go to the main window of SAS, then Preferences and then the Statistics/Log tab. Double click on the latest scan log to open/display it. Then just copy it and paste it back here in your post. (To copy it, select all of it and then simultaneously hit Ctrl and the C key on your keyboard. This will copy it to your clipboard. When you are ready to paste it into your next forum post, just simultaneously hit Ctrl and the V key on your keyboard.)

Share this post


Link to post
Share on other sites

OK...I thought I was supposed to get the file, as it says 'Attach File' below. Copy & Paste...no problem...here it is:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 09/21/2010 at 08:38 AM

Application Version : 4.43.1000

Core Rules Database Version : 5548

Trace Rules Database Version: 3360

Scan type : Complete Scan

Total Scan Time : 00:42:06

Memory items scanned : 612

Memory threats detected : 0

Registry items scanned : 8600

Registry threats detected : 0

File items scanned : 32677

File threats detected : 83

Adware.Tracking Cookie

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@atdmt[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ads.pointroll[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@bs.serving-sys[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@content.yieldmanager[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@serving-sys[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@microsoftwindows.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@doubleclick[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@pointroll[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ad.yieldmanager[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@advertising[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@2o7[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@content.yieldmanager[3].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ad.wsod[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@questionmarket[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@media6degrees[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@kontera[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@canadapost.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@questionmarket[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@casalemedia[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@server.iad.liveperson[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@stats1.clicktracks[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@overture[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@serving-sys[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@tribalfusion[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adserver.adtechus[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@fastclick[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@realmedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ad.yieldmanager[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@media6degrees[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@kontera[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftinternetexplorer.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@analytics.rogersmedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@mediaplex[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftoffice.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@stats.paypal[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@doubleclick[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[5].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[4].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@interclick[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@atdmt[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@pointroll[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adcentriconline[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@content.yieldmanager[3].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@content.yieldmanager[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.pointroll[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftwindows.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@collective-media[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.tdcanadatrust[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@statcounter[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@statse.webtrendslive[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@zedo[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@tacoda[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@canoe.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@airmilesrewardprogram.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@revsci[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adbrite[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@2o7[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@steelhousemedia[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.undertone[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@invitemedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@bs.serving-sys[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@torstardigital.122.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@at.atwola[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@richmedia.yahoo[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@apmebf[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@lfstmedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@advertising[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@in.getclicky[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@cmedia.com[3].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@atwola[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@oasc12.247realmedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@paypal.112.2o7[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@rogersmedia[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@rotator.adjuggler[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@sales.liveperson[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[1].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[2].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[3].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[4].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[5].txt

C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[6].txt

Share this post


Link to post
Share on other sites

Hi Ken.

Your log doesn't show any relevant infections, so I think you dodged a bullet.

Does the computer show any indication that it might be infected?

Share this post


Link to post
Share on other sites

Ken,

Just so you know what was detected; they are cookies, and here is some information about them.

Cookies are NOT harmful to your computer. We do not block them in real-time as it is a waste of system resources.

Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way. Typically cookies are used to remember logins and keep track of user settings on web-sites.

Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies. Because of their use in tracking, many feel that this constitutes spyware.

We do not consider cookies to be threats of anywhere near the same level of severity as actual malware threats that can steal real personal information, serve ads, or render a computer unusable.

SUPERAntiSpyware will detect tracking cookies as "Adware.Tracking Cookies" and you can choose to remove them or leave them on your system. You may turn off this feature in the Preferences -> Scanning Control tab of SUPERAntiSpyware should you not wish cookies to be scanned, detected and removed.

SUPERAntiSpyware.com Customer Service

Share this post


Link to post
Share on other sites

Hi Ken.

Your log doesn't show any relevant infections, so I think you dodged a bullet.

Does the computer show any indication that it might be infected?

Thanks Seth...no, there are no indications that I'm infected. Should this type of problem be caught by my antivirus or SAS, before it comes up. In other words, should this one have been blocked? If SAS should have, it may be because I didn't have the preferences set properly...hopefully I do now and won't see this again.

Share this post


Link to post
Share on other sites

Ken,

Just so you know what was detected; they are cookies, and here is some information about them.

Cookies are NOT harmful to your computer. We do not block them in real-time as it is a waste of system resources.

Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way. Typically cookies are used to remember logins and keep track of user settings on web-sites.

Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies. Because of their use in tracking, many feel that this constitutes spyware.

We do not consider cookies to be threats of anywhere near the same level of severity as actual malware threats that can steal real personal information, serve ads, or render a computer unusable.

SUPERAntiSpyware will detect tracking cookies as "Adware.Tracking Cookies" and you can choose to remove them or leave them on your system. You may turn off this feature in the Preferences -> Scanning Control tab of SUPERAntiSpyware should you not wish cookies to be scanned, detected and removed.

SUPERAntiSpyware.com Customer Service

Thanks Sean...I think I'd prefer to have the cookies flagged and removed...feels safer that way. :)

Share this post


Link to post
Share on other sites

I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue.

FWIW.. First, while you may already know this, Windows Security Center will never tell you your computer is infected. Second, when receiving a pop-up, such as that you refer to, beware that many times clicking on the red x to close the window actually activates the malware. This design is of course in response to the habit of windows users to exit by clicking the x. If, in the future, you encounter such a thing, click on a free space within the pop-up then press alt + F4. This will close the window without executing the malware.

Share this post


Link to post
Share on other sites

FWIW.. First, while you may already know this, Windows Security Center will never tell you your computer is infected. Second, when receiving a pop-up, such as that you refer to, beware that many times clicking on the red x to close the window actually activates the malware. This design is of course in response to the habit of windows users to exit by clicking the x. If, in the future, you encounter such a thing, click on a free space within the pop-up then press alt + F4. This will close the window without executing the malware.

Thanks for the tip...I just switched over to a computer with Vista Business, from XP Pro and wasn't sure if that was a normal warning for Vista or not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×