Results 1 to 8 of 8

Thread: trt57.exe - how is this getting in?

  1. #1

    Default trt57.exe - how is this getting in?

    11/18/2009 8:10 AM
    Trojan.Win32.FraudPack.zyb was found in C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\trt57.exe on 11/18/2009 1:32:46

    Any idea how these things are making it in past zonealarm?

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: trt57.exe - how is this getting in?

    Hi!
    This is usually happening when you browse to sites with fake warnings that you are infected by malware. There is no consecuencies if you are not falling in the trap and actually download the fake antivirus to your system, like it seems in this case.

    Golden rules: Never trust any page or window that says you are infected. Only trust ZA and close the other windows. Always keep your ZA up-to-date and set your ZA to update the AV every 30 minutes. Check also that your are not running vulnerable software, click here.

    If you have ZA extreme please turn ON the virtualization (ZA browser security), this will ensure your browser is isolated from the system and cannot be passively infected.

    Hope this helps!

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3

    Default Re: trt57.exe - how is this getting in?

    I'm pretty sure that I did not download anything, but yet I must have. Some of these sites are very difficult to get off of with Javascript enabled. I've seen sites insist on Flash also and I had kill the FireFox process.

    Doesn't zonealarm scan downloads?

    Thanks.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: trt57.exe - how is this getting in?

    Quote Originally Posted by denverdave View Post
    Doesn't zonealarm scan downloads?

    Thanks.
    Depends on the version... usually yes. But these type of malware changes several time a day. ZA forcefield in ZA Extreme will certanly help you (not from voluntary install of executables).

    Fax
    Last edited by fax; November 19th, 2009 at 12:00 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: trt57.exe - how is this getting in?

    Quote Originally Posted by denverdave View Post
    I'm pretty sure that I did not download anything, but yet I must have. Some of these sites are very difficult to get off of with Javascript enabled. I've seen sites insist on Flash also and I had kill the FireFox process.

    Doesn't zonealarm scan downloads?

    Thanks.

    You should consider installing NoScript 1.9.9.15 if using Firefox.

    It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts, thanks to its unique ClearClick technology.

    Have a nice Day

  6. #6
    Adexenronse Guest

    Default trt57 exe how is this getting in

    I have been trying to get my Winodws XP Home Edition PC clean of Spyware/Malware. It was really infected and I removed most with out a problem using Spyware Doctor.But no matter what I do I cant seem to stop 2 executables from running, ripirr.exe & drkr.exe.Ive deleted the files from the windowsprefetch directory. deleted reference in the registry, ram msconfig to disbale them from the startup items.Ive done this in safe and well as normal mode, and they just keep coming back.Anyone know how to kill this thing?

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: trt57.exe - how is this getting in?

    Hi!
    remove other security tools than ZA and use only the ones suggested here: http://forums.zonealarm.com/showthread.php?t=70448

    Follow ALL steps.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    findley Guest

    Default Re: trt57 exe how is this getting in

    Quote Originally Posted by Adexenronse View Post
    ... they just keep coming back.Anyone know how to kill this thing?
    Old system restore points should be cleaned out to prevent possible reinfection. Likely these files were backed up and saved in prior system restore points. Since these are protected files, tools cannot access to delete, there can sometimes be reinfection from these system restore points. Good practice after any computer cleanup is to clear old restore points and set a new restore point and prevent any reinfection.

    Findley

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •