Win32.PSW.Qqdragon trojan ?

[Carbo]

What the hell is this pain in the ass I just found, and removed, from my system? I never heard of it, don't know how it got here, and can't find much info on it.
Anyone?

 

[mechBgon]

Maybe it's a variant of a better-known trojan that goes by another name; I can't find anything either (yet). Do you have any major risk factors (file-sharing software, instant-messaging software, warez, etc)? Got a firewall between you and the world, either hardware- or software-based? Got your browser and Windows patches all up-to-date? If you need a firewall, try ZoneAlarm. For patches, assuming you run Windows... duh, Windows Update .

Hope that helps

 

[Carbo]

This is a PC I run in my home office. No AIM, no warez, no file sharing programs. I'm really surprised I was hit with this thing. I run behind a Netgear Gateway Router, and I also have Computer Associates eTrust EZ Antivirus running at all times.
I tried to visit my home page and it was obviously hijacked and I was led to another page, and then my two CD drives opened simultaneously. This new page flashed a message telling me that if my CD players just opened my system is vulnerable and I should download whatever program this page was touting. I passed, of course, and figured I'd better run a scan quickly. My virus program picked it up and deleted the infected file. And that's where I am. Weird stuff, indeed.

 

[mechBgon]

Originally posted by: Carbo
This is a PC I run in my home office. No AIM, no warez, no file sharing programs. I'm really surprised I was hit with this thing. I run behind a Netgear Gateway Router, and I also have Computer Associates eTrust EZ Antivirus running at all times.
I tried to visit my home page and it was obviously hijacked and I was led to another page, and then my two CD drives opened simultaneously. This new page flashed a message telling me that if my CD players just opened my system is vulnerable and I should download whatever program this page was touting. I passed, of course, and figured I'd better run a scan quickly. My virus program picked it up and deleted the infected file. And that's where I am. Weird stuff, indeed.

:Q

My main familiarity is with McAfee VirusScan, but it sounds like the primary problem is that your on-access scanner, the real-time watchdog component of your antivirus software, was not running when your home page got hijacked. With VirusScan, anything it can detect with a manual scan, it can detect with its on-access scanner (if running) and get the first punch in against the virus. So my counsel is to make sure that your on-access/real-time scanning is running all the time.

You'll like this: I work at a non-profit social-services agency that does lots of good wholesome stuff like child-welfare work, counselling & treatment of sexually-abused kids or kids from violent homes, etc. So I usually set up our systems to go to our agency's website as their home page because it's guaranteed to be "child-safe." But our website hosting company, Interland, got hacked repeatedly, and our own agency website was trying to cram viruses down the throats of our PCs!

The irony... I tell ya. Good thing our branch runs a very tight ship on the AV stuff.