Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: trojan-spy.html.fraud.gen

  1. #1
    freaky Guest

    Default trojan-spy.html.fraud.gen

    hi. I've been using zass for a few years now and have never had a problem. When i upgraded to ver.7, on the very first scan, it found: trojan-spy.html.fraud.gen and trojan-spy.html.bayfraud.p. ZL goes thru the process where it automaticly quarentines or deletes or has me delete on reboot. but what ever i do it just pops right back up 2 min. later and wants me to do the same thing again. kapursky says it is a phishing thing but offers no help. You guys and Malware help. org. have no listings for it. I have run 5 other virus scan programs and they do not catch anything. When i maximize the scan results in ZL, this is the path i get: C:\documents and settings\jim\local settings\application data\microsoft\MSN\db30\mail(heatfreek..... That is as much as it gives me. I don't know how to go any further to get the extension. I did boot into safe mode and ran ZL virus scan on the document and settings\jim\local settings\ etc. folder but it found nothing. there are like 20k files in that db30 folder thing... i had no problems with ver.6 and i don't think i did any surfing between ver. 7 and those trojans or spys or whatever they are. Any help will be appreciated... thanks... jim...

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: trojan-spy.html.fraud.gen

    Hi!most probably you received an e-mail(s) which contained a link to the fake page; this link exploits the Frame Spoof vulnerability in Internet Explorer.See here: http://www.viruslist.com/en/viruses/...?virusid=66363You can find the exact location of the detection in the Alert/logs tab --> Alert type "antivirus" --> Select it --> look down (entry detail) --> Right click in the entry detail box --> copy --> paste it here.Are both trojan detected in the same location?Probably its enough to delete (remember to empty thetrash) all junk e-mail or e-mail you received that are fake... can you recognise thse e-mails in you mail box?Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    freaky Guest

    Default Re: trojan-spy.html.fraud.gen

    Decription

    Anti-virus attempted but failed to quarantine a virus or viruses
    Date / Time
    2007/04/24 07:37:12-7:00 GMT
    Type







    Treat
    Virus name

    Trojan-Spy.HTML.Bayfraud.p
    Filename



    C:\Documents and Settings\JIM\Local Settings\Application Data\Microsoft\MSN\db30\Mail (heatfreek@msn.com)\stm0x3000adb.000
    Action





    Quarantine failed
    Mode







    Manual
    E-mail






    Decription

    Anti-virus attempted but failed to quarantine a virus or viruses
    Date / Time
    2007/04/24 07:37:12-7:00 GMT
    Type







    Treat
    Virus name

    Trojan-Spy.HTML.Fraud.gen
    Filename



    C:\Documents and Settings\JIM\Local Settings\Application Data\Microsoft\MSN\db30\Mail (heatfreek@msn.com)\stm0x3000d95.000
    Action





    Quarantine failed
    Mode







    Manual
    E-mail






    hey hey. There is the entire path. Wonders never cease. Thank You Very Much.
    Should i try to delete them is safe mode?
    ZL found 10 of them. 2 of the bayfraud and 8 of the fraud.gen.
    thanks.. jim...

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: trojan-spy.html.fraud.gen

    Hi!what application do you use for sending/receiving e-mails?I cannot recognise this path ....Microsoft\MSN\db30\Mail ....It should be enough to go to your e-mail client and delete those e-mails (NOTE: empty the trash bin after).Going into SAFE MODE and delete may corrupt your mailbox... depending on what are you using as e-mail client. In principle, you would alsoneed to set your OS to show hidden files and folder since "Local Settings\Application Data" is hidden in XP systems.Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    freaky Guest

    Default Re: trojan-spy.html.fraud.gen

    hi. i have verizon with msn premium so i think i use verizon's mail and more. Altho up at the top of this screen it says msn mail. i do have show hidden files turned on. so, first i will go and delete all junk emails from the junk email folders. then i will delete all trash can folders. Is trash can the same as recycle bin?
    i just thought of something. I remember forwarding some phishing emails to the companys they were phishing about. Would this mean that there might be a copy in my sent folder? But why wouldn't have ZL ver.6 have caught anything??
    Also, somewhere it said these things were part of IE vers. 5 and 6. and i have ver. 7.
    Oh well... I'm getting a headache. Hope i haven't given you guys one too. I'll go try something and let you know what happens...
    thanks... jim...

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: trojan-spy.html.fraud.gen

    Hi!again, I don't know if deleting manually those messages in that folder is OK. Try at your own risk...Better you delete those mails directly from your MSN Mail Client. Never used this e-mail client, so, I don't know...Delete trash can folders? No. Just empty them...Also found this: http://belfiore.mvps.org/mail.htmZL version 6 used a weak antivirus provided by Computer Asssociates (it was OK few years ago, but malware evolves rapidly and CA is not so good anymore). ZL version 7 uses a much stronger AV engine (by Kaspersky). Kaspersky is one of the best AV scanners on the market right now (in terms of detection).Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    freaky Guest

    Default Re: trojan-spy.html.fraud.gen

    howdy... i emptied the trash can, l guess it had never been done, and that got rid of 9 of those things. Still have one left which i'll post below.
    Decription

    Anti-virus attempted but failed to quarantine a virus or viruses
    Date / Time
    2007/04/24 15:50:28-7:00 GMT
    Type







    Treat
    Virus name

    Trojan-Spy.HTML.Fraud.gen
    Filename



    C:\Documents and Settings\JIM\Local Settings\Application Data\Microsoft\MSN\db30\Mail (heatfreek@msn.com)\stm0x3001a92.000
    Action





    Quarantine failed
    Mode







    Manual
    E-mail






    or i get this when it pops up again.
    Decription

    Anti-virus successfully flagged virus or viruses for deletion on reboot
    Date / Time
    2007/04/24 15:50:36-7:00 GMT
    Type







    Treat
    Virus name


    Filename



    C:\Documents and Settings\JIM\Local Settings\Application Data\Microsoft\MSN\db30\Mail (heatfreek@msn.com)\stm0x3001a92.000
    Action





    Deleting on Reboot
    Mode







    Manual
    E-mail






    but after i reboot it comes right back. i went into ZL>anti-virus>advanced options>scan targets and went all the way down but only found files 1a91 and 1a93.000. no 1a92. could that be because ZL is holding it in quarantine?

    thanks again..
    jim...

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: trojan-spy.html.fraud.gen


    <BLOCKQUOTE><HR>freaky wrote:
    but after i reboot it comes right back. i went into ZL&gt;anti-virus&gt;advanced options&gt;scan targets and went all the way down but only found files 1a91 and 1a93.000. no 1a92. could that be because ZL is holding it in quarantine? thanks again.. jim...
    <HR></BLOCKQUOTE>Hi!not sure why you are using 'scan targets, 'scan targets' in the advancedoptions is used to exclude files from been detected.What you could do is to, go to the advanced options --&gt; Virus Management, Automatic Treatment and set to "Alert me - do not treat automatically".Next time those e-mails aredetected select "ignore always".Now, try to delete those two e-mails from your MSN Mail client or manually going in that archive folder.Once you have deleted those e-mail (empty trash can), go back to advanced option and set the automatic treatment to default. And remove the exclusion of that thread on the exception box (advanced options --&gt; virus managment --&gt; exceptions)Be aware that if your XP system restore is active, you may get these e-mail detected in XP restore points.If this is the case, disable system restore, restart your machine, enable again your system restore.(How to enable/disable System Restore: http://support.microsoft.com/kb/310405)Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    freaky Guest

    Default Re: trojan-spy.html.fraud.gen

    hi. if i click on ignore always, would i be able to get it back to where i can quarantine it?? I am afraid i wont be able to find the file to delete it. That is why i used scan targets. Because i could get all the way down to the files in question. When i used My Computer i could get down there but i could not find any files even anywhere close to the bad file. Would you happen to know how i could
    view files in My computer in the same structure as they are viewed in Scan targets??
    thanks...
    jim...

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: trojan-spy.html.fraud.gen

    Sorry, I don't know how to get to those files...Something you could try is to do a full AV/AS scan of your systembut in SAFE MODE.You have a similar view of scan targets in windows explorer:Go to start --&gt; All programs --&gt; Accessories --&gt; Windows explorerOr start --&gt; run --&gt; type explorerYou wrote: if i click on ignore always, would i be able to get it back to where i can quarantine it?? Yes, you remove it (them) from the exception list in the advanced option of the antivirus/antispyware tabFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •