Results 1 to 6 of 6

Thread: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

  1. #1
    mistress Guest

    Default Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    I am getting hammered with these below.
    They are coming in through FireFox, a program called "AGAVA AntispamServant for TheBat",
    that I got for my email client that was suppose to stop spyware NOT cause it!

    not-a-virus:AdWare.Win32.TMAagent.a,
    Trojan-Spy.HTML.Paylap.cf,
    Exploit.Win32.IMG-ANI.w

    This is getting very frustrating!

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    Hi!Can you post the exact location of these thread?For "Trojan-Spy.HTML.Paylap.cf" . This is just a link into an e-mail - just delete the e-mail.For "Exploit.Win32.IMG-ANI.w" : Have you patched your system to cover the ANI vulnerability?I have no idea if AGAVA AntispamServant for TheBat is a rouge antispam. Why don't you use ZASS antispam features.It works very well here....You wrote: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7? Nope, I don't... actually I have experienced the contrary....Fax

    Message Edited by fax on 04-30-2007 03:34 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    mistress Guest

    Default Re: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    Hi FAX!
    I placed your questions to me, in ().
    (For "Trojan-Spy.HTML.Paylap.cf" . This is just a link into an e-mail - just delete the e-mail.)
    In ZASS, when 'something' is found, the exact email is not shown, just the location, and I have ZASS set to
    automatically repair or steps necessary to kill it. So when I try to find it, it's gone.
    (For "Exploit.Win32.IMG-ANI.w" : Have you patched your system to cover the ANI vulnerability?)
    Yesterday was the 1st time I ever heard of this exploit. Where might I find that patch?
    (I have no idea if AGAVA AntispamServant for TheBat is a rouge antispam)
    I will have to email TheBat and the company that makes AntispamServant.
    (Why don't you use ZASS antispam features.)
    I am! That is why ZASS is catching all of this stuff!

    I was just wondering if anyone had seen the same kind of increase, especially coming
    through Firefox, which is very strange. I went through the whole time just about, with
    version 6.5, and not having 1 Trojan or exploit even dare to come close to my machine LOL!
    Thanks LOTS!!!

    I am going to try and paste my condensed log of ZASS. OH.. Technically, there is NO directory called:
    "\Temporary Internet Files\Content.IE5\" It's just called "\Local Settings\Temporary Internet Files\"

    Is that what you meant with me 'posting the log' by:
    (Can you post the exact location of these thread?)?
    ---------
    ---------
    AV/treatment,2007/04/26,15:11:22 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t171.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:16:24 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t175.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:21:34 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t176.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:26:38 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t177.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:31:44 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t179.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:36:54 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t17A.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:41:54 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t17E.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:47:04 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t182.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:52:04 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t183.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,15:57:14 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t184.tmp,File Repair Failed,Auto
    AV/treatment,2007/04/26,16:02:24 -4:00 GMT,Trojan-Spy.HTML.Paylap.cf,C:\DOCUME~1\ME\LOCALS~1\Temp\ba t185.tmp,File Repair Failed,Auto

    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat171.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat175.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat176.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat177.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat179.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat17A.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat182.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat183.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat184.tmp,Delet ed on Reboot,Manual
    AV/treatment,2007/04/26,16:12:20 -4:00 GMT,,C:\DOCUME~1\ME\LOCALS~1\Temp\bat185.tmp,Delet ed on Reboot,Manual
    ================================================
    AV/treatment,2007/04/26,18:13:26 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Downloads\New Downloads\agtbp.exe,Infected,Manual
    AV/scan,2007/04/26,18:13:26 -4:00 GMT,C:\Downloads\New Downloads\agtbp.exe,Scan Completed,Manual
    PE,2007/04/26,18:15:36 -4:00 GMT,The Bat! E-Mail Client by Ritlabs,C:\Program Files\The Bat!\thebat.exe,192.168.1.254:53,N/A
    PE,2007/04/26,18:15:36 -4:00 GMT,The Bat! E-Mail Client by Ritlabs,C:\Program Files\The Bat!\thebat.exe,72.246.25.138:53,N/A

    AV/treatment,2007/04/26,18:33:44 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Downloads\New Downloads\agtbp.exe,Infected,Manual
    AV/scan,2007/04/26,18:33:44 -4:00 GMT,C:\Downloads\New Downloads\agtbp.exe,Scan Completed,Manual
    PE,2007/04/26,18:36:14 -4:00 GMT,AGAVA AntispamServant for TheBat! setup module,C:\Downloads\New Downloads\agtbp.exe,0.0.0.0:0,N/A
    AV/treatment,2007/04/26,18:36:22 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll,Infected,Auto
    AV/treatment,2007/04/26,18:36:22 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe,Infected,Auto
    AV/treatment,2007/04/26,18:36:54 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe,Infected,Manual
    AV/treatment,2007/04/26,18:36:54 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll,Infected,Manual
    AV/treatment,2007/04/26,18:37:56 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe,Infected,Auto
    AV/treatment,2007/04/26,18:42:28 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll,Infected,Auto
    AV/treatment,2007/04/26,18:42:28 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe,Infected,Auto
    AV/treatment,2007/04/26,18:42:50 -4:00 GMT,,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll,Deleted on Reboot,Manual
    AV/treatment,2007/04/26,18:42:50 -4:00 GMT,,C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe,Deleted on Reboot,Manual
    AV/treatment,2007/04/28,09:29:58 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\System Volume Information\_restore{8E5AC674-2D71-489F-8A4F-70174F97B107}\RP96\A0019853.exe,Infected,Auto
    AV/treatment,2007/04/28,09:29:58 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\System Volume Information\_restore{8E5AC674-2D71-489F-8A4F-70174F97B107}\RP96\A0019854.exe,Infected,Auto
    AV/treatment,2007/04/28,10:11:36 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\System Volume Information\_restore{8E5AC674-2D71-489F-8A4F-70174F97B107}\RP96\A0019854.exe,Infected,Manual
    AV/treatment,2007/04/28,10:11:38 -4:00 GMT,not-a-virus:AdWare.Win32.TMAagent.a,C:\System Volume Information\_restore{8E5AC674-2D71-489F-8A4F-70174F97B107}\RP96\A0019853.exe,Infected,Manual
    =================================================
    AV/treatment,2007/04/30,16:03:54 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:54 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:54 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:56 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:56 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\CAXWMDHF.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:58 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\CAXWMDHF.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:58 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\CAA387D6.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:58 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\CAA387D6.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:58 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:03:58 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:00 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\CAVIIL3Z.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:00 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\CAVIIL3Z.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:00 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\CARMXS1R.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:00 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\9JNCGH9J\CARMXS1R.bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:00 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\riff_last[1].bin,File Repair Failed,Auto
    AV/treatment,2007/04/30,16:04:12 -4:00 GMT,Exploit.Win32.IMG-ANI.w,C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\USHL7T9G\riff_last[1].bin,File Repair Failed,Auto

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    Hi

    Either delete the manually files in the Temp/Internet folders or just run the CCleaner to do the job.

    Turn off system restore in the windows XP and then scan and let the scanners delete the restore files.

    What is this "Target Marketing Agency" ??? Did you install this or is this an associated software from the installs??
    If you do not want it, just try uninstalling it in Add/Remove of the Control Panel.

    The Bat is okay as far as I know, so that is probably a false positive. Set the files/folders to exceptions in the ZASS.

    Oldsod

    Message Edited by Oldsod on 05-01-2007 02:23 PM
    Best regards.
    oldsod

  5. #5
    mistress Guest

    Default Re: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    Target Marketing Agency is part of the supposed anti spam email product,
    AGAVA AntispamServant for TheBat. I sent an email to them, and to thebat.

    I don't use IE that much, but for both IE and FF I have the cookies and cache
    cleared a few times a day, and I use CCleaner once a day, at the end of the day.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Has anyone noticed a HUGE amount of Trojans and Exploits sneaking in, with ZASS 7?

    http://www.targetmarketing.org/

    Does sounds a little like adware. But maybe it is okay.

    Good that you emailed them. At least The Bat will get in touch with kaspersky labs and get things cleared up.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •