Second Life Forums Archive - Backdoor Trojan

Susie Boffin

Certified Nutcase

Join date: 15 Sep 2004

Posts: 2,151

04-13-2006 20:48

I know this sounds a little dirty but every once in awhile I run a spyware scan and a trojan called backdoor.small shows up. What is this thing? Does anyone know?

I am grateful that it is not backdoor.large I guess.

_____________________

"If you see a man approaching you with the obvious intent of doing you good, you should run for your life." - Henry David Thoreau

Toy LaFollette

I eat paintchips

Join date: 11 Feb 2004

Posts: 2,359

04-13-2006 21:25

http://www.viruslist.com/en/viruses/encyclopedia?virusid=76726

_____________________

"So you see, my loyalty lies with Second Life, not with Linden Lab. Where I perceive the actions of Linden Lab to be in conflict with the best interests of Second Life, I side with Second Life."-Jacek

Jillian Callahan

Rotary-winged Neko Girl

Join date: 24 Jun 2004

Posts: 3,766

04-13-2006 22:08

From: Toy LaFollette

Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself

_____________________

nimrod Yaffle

Cavemen are people too...

Join date: 15 Nov 2004

Posts: 3,146

04-14-2006 00:06

From: Jillian Callahan

Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself

*rolls his eyes and clicks the link*

"This Trojan program will provide a malicious remote user with access to the victim machine.

The Trojan file is usually called "HWCLOCK.EXE" and is usually approximately 7KB in size.

It connects to an IRC channel and waits for a command from the remote malicious user. It is able to download other (Trojan) programs on the command of the remote malicious user, and can also exploit one of the network vulnerabilities in MS Windows to penetrate other machines in the network.

Service name:

hwclock

Display Name:

Hardware Clock Driver

Service Description:

Enables a computer to save and restore system time information using the
hardware clock. Stopping or disabling this service will result in system instability.

It creates the following registry values:

[HKLM\software\microsoft\ole\enabledcom] = "n" [HKLM\system\currentcontrolset\control\lsa\restrictanonymous]
= "1"

The program contains the following text strings:

"symantec.loves.the.cock.pheer.biz" <--- O_o
"owjgp.game2max.net"

Korvus Division

you made a good meal

Join date: 15 Jan 2006

Posts: 84

04-14-2006 01:09

Crap, not what I thought this would be.

<puts away lotion>

Peyden Russell

Registered User

Join date: 25 Oct 2005

Posts: 377

04-18-2006 23:10

From: Korvus Division

Crap, not what I thought this would be.

<puts away lotion>

with ya on that...lol!

Briana Dawson

Attach to Mouth

Join date: 23 Sep 2003

Posts: 5,855

04-19-2006 07:09

From: Susie Boffin

I know this sounds a little dirty but every once in awhile I run a spyware scan and a trojan called backdoor.small shows up. What is this thing? Does anyone know?

I am grateful that it is not backdoor.large I guess.

Susie, what ever became of this?

Briana Dawson

Lucca Kitty

Connie Dobbs' Incarnation

Join date: 13 Dec 2004

Posts: 60

04-19-2006 09:18

From: Jillian Callahan

Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself

You actually trust an antivirus program? All they do is slow your machine down and give you the illusion of invulnerability. The illusion of invulnerability is a far greater danger than the actual vulnerability to begin with. I find that safe computing habbits reduce viruses and spyware exponentially. This is starting to sound a little bit like Sex Ed talking about STDs... hrmmm.

You know, you condoms don't really protect very well against STDs... They can have imperfections in the material that let viruses (which are tiny, even smaller than bacteria) slip through. Ontop of that, they can have fissures in them or worse yet, rupture. A far better practice to reduce the risk of STD is being extremely selective about who you have sex with.

The same goes for computers. You shouldn't have to trust your computer because you have no other choice, you should trust your computer because you know where it's been, you know where all the software on it has been, and you deliberately avoid programs that are full of security holes (Outlook Express and Internet Explorer comd to mind IMMEDIATELY about programs to avoid at all costs... I flat out refuse to run Outlook Express or MSIE... If a web page like CinemaNow refuses to let me do business there without Internet Explorer, then they obviously don't want my money bad enough)

Backdoor Trojan
Susie Boffin Certified Nutcase Join date: 15 Sep 2004 Posts: 2,151	04-13-2006 20:48 I know this sounds a little dirty but every once in awhile I run a spyware scan and a trojan called backdoor.small shows up. What is this thing? Does anyone know? I am grateful that it is not backdoor.large I guess. _____________________ "If you see a man approaching you with the obvious intent of doing you good, you should run for your life." - Henry David Thoreau
Toy LaFollette I eat paintchips Join date: 11 Feb 2004 Posts: 2,359	04-13-2006 21:25 http://www.viruslist.com/en/viruses/encyclopedia?virusid=76726 _____________________ "So you see, my loyalty lies with Second Life, not with Linden Lab. Where I perceive the actions of Linden Lab to be in conflict with the best interests of Second Life, I side with Second Life."-Jacek
Jillian Callahan Rotary-winged Neko Girl Join date: 24 Jun 2004 Posts: 3,766	04-13-2006 22:08 From: Toy LaFollette <a link> Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself _____________________
nimrod Yaffle Cavemen are people too... Join date: 15 Nov 2004 Posts: 3,146	04-14-2006 00:06 From: Jillian Callahan Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself rolls his eyes and clicks the link "This Trojan program will provide a malicious remote user with access to the victim machine. The Trojan file is usually called "HWCLOCK.EXE" and is usually approximately 7KB in size. It connects to an IRC channel and waits for a command from the remote malicious user. It is able to download other (Trojan) programs on the command of the remote malicious user, and can also exploit one of the network vulnerabilities in MS Windows to penetrate other machines in the network. Service name: hwclock Display Name: Hardware Clock Driver Service Description: Enables a computer to save and restore system time information using the hardware clock. Stopping or disabling this service will result in system instability. It creates the following registry values: [HKLM\software\microsoft\ole\enabledcom] = "n" [HKLM\system\currentcontrolset\control\lsa\restrictanonymous] = "1" The program contains the following text strings: "symantec.loves.the.cock.pheer.biz" <--- O_o "owjgp.game2max.net"
Korvus Division you made a good meal Join date: 15 Jan 2006 Posts: 84	04-14-2006 01:09 Crap, not what I thought this would be. <puts away lotion>
Peyden Russell Registered User Join date: 25 Oct 2005 Posts: 377	04-18-2006 23:10 From: Korvus Division Crap, not what I thought this would be. <puts away lotion> with ya on that...lol!
Briana Dawson Attach to Mouth Join date: 23 Sep 2003 Posts: 5,855	04-19-2006 07:09 From: Susie Boffin I know this sounds a little dirty but every once in awhile I run a spyware scan and a trojan called backdoor.small shows up. What is this thing? Does anyone know? I am grateful that it is not backdoor.large I guess. Susie, what ever became of this? Briana Dawson
Lucca Kitty Connie Dobbs' Incarnation Join date: 13 Dec 2004 Posts: 60	04-19-2006 09:18 From: Jillian Callahan Er, that link set off my virus guard. A link to information about the trojan might be better than a link to the trojan itself You actually trust an antivirus program? All they do is slow your machine down and give you the illusion of invulnerability. The illusion of invulnerability is a far greater danger than the actual vulnerability to begin with. I find that safe computing habbits reduce viruses and spyware exponentially. This is starting to sound a little bit like Sex Ed talking about STDs... hrmmm. You know, you condoms don't really protect very well against STDs... They can have imperfections in the material that let viruses (which are tiny, even smaller than bacteria) slip through. Ontop of that, they can have fissures in them or worse yet, rupture. A far better practice to reduce the risk of STD is being extremely selective about who you have sex with. The same goes for computers. You shouldn't have to trust your computer because you have no other choice, you should trust your computer because you know where it's been, you know where all the software on it has been, and you deliberately avoid programs that are full of security holes (Outlook Express and Internet Explorer comd to mind IMMEDIATELY about programs to avoid at all costs... I flat out refuse to run Outlook Express or MSIE... If a web page like CinemaNow refuses to let me do business there without Internet Explorer, then they obviously don't want my money bad enough)

Welcome to the Second Life Forums Archive

Backdoor Trojan