 Win32/ldpinch |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
 Nov 18 2006, 02:34 PM
Post
#1
|
|
|
Member  Group: Members Posts: 18 Joined: 18-November 06 Member No.: 96,391  |
Win32/Ldpinch windows defender is reporting this QUOTE Category: Password Stealer Description: This program has potentially unwanted behaviour. Advice: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software. Resources: file: D:\WINDOWS\Installer\UpdateService.exe View more information about this item online But norton / spybot/ adaware and super anti spyware are reporting that i'm clean apart from some tracking cookies here and there. What I'm wondering is if it is a false negative .. Any help will be great fully received. |
 |
 
|
 |
Replies
(1 - 5)
|
Nov 18 2006, 02:44 PM
Post
#2
|
|
|
Forum Addict Group: Members Posts: 3,917 Joined: 14-April 06 Member No.: 64,042 |
Discovered: November 3, 2003
Updated: November 4, 2003 03:26:39 PM PST Also Known As: Trojan.PSW.Ldpinch.s [Kaspersky], PWSteal.Ldpinch Type: Trojan Horse Infection Length: 17,408 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When Infostealer.Ldpinch is executed, it does the following: 1. Copies itself to %Windir%. Note: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. 2. Adds the value: "putil"="%Windir%\<filename>" to the registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the Trojan runs when you start Windows. 3. Records the following information to a log file and then sends the information to the hacker at a hardcoded email address: * User keystrokes * System information * User email accounts * Passwords from the following programs: o ICQ99b-2003a/Lite/ICQ2003Pro o Miranda-icq o Trillian ICQ&AIM o &RQ |
|
|
|
|
Nov 18 2006, 03:00 PM
Post
#3
|
|
|
Member Group: Members Posts: 18 Joined: 18-November 06 Member No.: 96,391 |
Yeah allready seen that on the Symantec Site none of the reg keys are present on my pc
|
|
|
|
|
Nov 22 2006, 01:27 PM
Post
#4
|
|
 Bleep Bleep! Group: Admin Posts: 31,601 Joined: 24-January 04 From: USA Member No.: 3 |
Submit this file:
D:\WINDOWS\Installer\UpdateService.exe to http://www.virustotal.com/vt/ and http://virusscan.jotti.org/ That should tell you right off if this is bad or a false positive. My guess is that it is bad. -------------------- |
|
|
|
|
Nov 24 2006, 03:10 PM
Post
#5
|
|
|
Member Group: Members Posts: 18 Joined: 18-November 06 Member No.: 96,391 |
AntiVir 7.2.0.46 11.24.2006 TR/PSW.LdPinch.awz
Authentium 4.93.8 11.23.2006 no virus found Avast 4.7.892.0 11.23.2006 Win32:Trojan-gen. {UPX!} AVG 386 11.24.2006 PSW.Ldpinch.CAT BitDefender 7.2 11.24.2006 DeepScan:Generic.Dialer.DCAAAA09 CAT-QuickHeal 8.00 11.24.2006 no virus found ClamAV devel-20060426 11.24.2006 no virus found DrWeb 4.33 11.24.2006 no virus found eSafe 7.0.14.0 11.24.2006 suspicious Trojan/Worm eTrust-InoculateIT 23.73.66 11.23.2006 Win32/Ldpinch.7bl!Trojan eTrust-Vet 30.3.3211 11.24.2006 Win32/Yurist.K Ewido 4.0 11.24.2006 Trojan.LdPinch.awz Fortinet 2.82.0.0 11.24.2006 W32/LdPinch.AWZ!tr.pws F-Prot 3.16f 11.23.2006 no virus found F-Prot4 4.2.1.29 11.23.2006 no virus found Ikarus 0.2.65.0 11.24.2006 no virus found Kaspersky 4.0.2.24 11.24.2006 Trojan-PSW.Win32.LdPinch.awz McAfee 4904 11.24.2006 no virus found Microsoft 1.1804 11.24.2006 Win32/Ldpinch NOD32v2 1881 11.24.2006 no virus found Norman 5.80.02 11.24.2006 W32/LdPinch.EUB Panda 9.0.0.4 11.24.2006 Trj/Ldpinch.SU Prevx1 V2 11.24.2006 no virus found Sophos 4.11.0 11.16.2006 no virus found TheHacker 6.0.3.123 11.23.2006 Trojan/PSW.LdPinch.awz UNA 1.83 11.24.2006 Trojan.PSW.Win32.LdPinch.76F0 VBA32 3.11.1 11.24.2006 Trojan-PSW.Win32.LdPinch.awz VirusBuster 4.3.15:9 11.24.2006 Trojan.PWS.LdPinch.ZN Thanks for those briliant sites what should i do ?for now defender has it quarantined |
|
|
|
|
Nov 26 2006, 09:17 AM
Post
#6
|
|
|
Bleep Bleep! Group: Admin Posts: 31,601 Joined: 24-January 04 From: USA Member No.: 3 |
I would get rid of the file as we know it bad by clearing your quarantine so they are no longer on your computer. I would also suggest you scan your computer with the kaspersky online virus scanner:
http://usa.kaspersky.com/services/free-virus-scanner.php If it still finds more malware, then do the steps here: http://www.bleepingcomputer.com/forums/topic34773.html last but not least, this malware is a keylogger and information stealer. I advise you change all your passwords for sites, your computer, etc. -------------------- |
|
|
|
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2009 - 12:03 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.