I've been up all night trying to figure this trojan out and how to stop it. Here's what
I've determined so far. The trojan seems to be self mutating with multiple payloads that
are randomized as to selection of payload (a,b,c,d.....) Example: payload a= game file
infection, payload b= file permission changes/tampering, payload c= spontaneous reboot,
payload d= setup.exe and ISSetup.dll and so forth. Multiple antivirus scans with Trend
Micro Housecall and AVG results in no infection found. Scans with ClamWin Anti virus
results in permission to scan all files denied on a file by file basis. There is a
possibility of rootkit, but I have not fully tested as of yet with results of rootkit
detectors being sometimes cryptic and too informative. Has anyone seen this behavior before
August 21, 2007 which appears to be when the first initial reports started appearing in
this form and my system was compromised.? People are saying this is a False Positive, but everytime I run a AVG scan 4 to 6 of the same trojans seem to be detected.
Grizz of CTGNY
I've determined so far. The trojan seems to be self mutating with multiple payloads that
are randomized as to selection of payload (a,b,c,d.....) Example: payload a= game file
infection, payload b= file permission changes/tampering, payload c= spontaneous reboot,
payload d= setup.exe and ISSetup.dll and so forth. Multiple antivirus scans with Trend
Micro Housecall and AVG results in no infection found. Scans with ClamWin Anti virus
results in permission to scan all files denied on a file by file basis. There is a
possibility of rootkit, but I have not fully tested as of yet with results of rootkit
detectors being sometimes cryptic and too informative. Has anyone seen this behavior before
August 21, 2007 which appears to be when the first initial reports started appearing in
this form and my system was compromised.? People are saying this is a False Positive, but everytime I run a AVG scan 4 to 6 of the same trojans seem to be detected.
Grizz of CTGNY
