Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

> Win32/ldpinch
jay_rock
post Nov 18 2006, 02:34 PM
Post #1


Member
**

Group: Members
Posts: 18
Joined: 18-November 06
Member No.: 96,391



Hello im new here kinda found this site whilst browsing for help with this infection.
Win32/Ldpinch windows defender is reporting this
QUOTE
Category:
Password Stealer

Description:
This program has potentially unwanted behaviour.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
D:\WINDOWS\Installer\UpdateService.exe

View more information about this item online


But norton / spybot/ adaware and super anti spyware are reporting that i'm clean apart from some tracking cookies here and there.
What I'm wondering is if it is a false negative ..
Any help will be great fully received.
Go to the top of the page
 
+Quote Post
 
Start new topic
Replies (1 - 5)
buddy215
post Nov 18 2006, 02:44 PM
Post #2


Forum Addict
******

Group: Members
Posts: 3,917
Joined: 14-April 06
Member No.: 64,042



Discovered: November 3, 2003
Updated: November 4, 2003 03:26:39 PM PST
Also Known As: Trojan.PSW.Ldpinch.s [Kaspersky], PWSteal.Ldpinch
Type: Trojan Horse
Infection Length: 17,408 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Infostealer.Ldpinch is executed, it does the following:

1. Copies itself to %Windir%.

Note: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
2. Adds the value:

"putil"="%Windir%\<filename>"

to the registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the Trojan runs when you start Windows.

3. Records the following information to a log file and then sends the information to the hacker at a hardcoded email address:
* User keystrokes
* System information
* User email accounts
* Passwords from the following programs:
o ICQ99b-2003a/Lite/ICQ2003Pro
o Miranda-icq
o Trillian ICQ&AIM
o &RQ
Go to the top of the page
 
+Quote Post
jay_rock
post Nov 18 2006, 03:00 PM
Post #3


Member
**

Group: Members
Posts: 18
Joined: 18-November 06
Member No.: 96,391



Yeah allready seen that on the Symantec Site none of the reg keys are present on my pc
Go to the top of the page
 
+Quote Post
Grinler
post Nov 22 2006, 01:27 PM
Post #4


Bleep Bleep!
******

Group: Admin
Posts: 31,601
Joined: 24-January 04
From: USA
Member No.: 3



Submit this file:

D:\WINDOWS\Installer\UpdateService.exe

to http://www.virustotal.com/vt/ and http://virusscan.jotti.org/

That should tell you right off if this is bad or a false positive. My guess is that it is bad.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post
jay_rock
post Nov 24 2006, 03:10 PM
Post #5


Member
**

Group: Members
Posts: 18
Joined: 18-November 06
Member No.: 96,391



AntiVir 7.2.0.46 11.24.2006 TR/PSW.LdPinch.awz
Authentium 4.93.8 11.23.2006 no virus found
Avast 4.7.892.0 11.23.2006 Win32:Trojan-gen. {UPX!}
AVG 386 11.24.2006 PSW.Ldpinch.CAT
BitDefender 7.2 11.24.2006 DeepScan:Generic.Dialer.DCAAAA09
CAT-QuickHeal 8.00 11.24.2006 no virus found
ClamAV devel-20060426 11.24.2006 no virus found
DrWeb 4.33 11.24.2006 no virus found
eSafe 7.0.14.0 11.24.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.66 11.23.2006 Win32/Ldpinch.7bl!Trojan
eTrust-Vet 30.3.3211 11.24.2006 Win32/Yurist.K
Ewido 4.0 11.24.2006 Trojan.LdPinch.awz
Fortinet 2.82.0.0 11.24.2006 W32/LdPinch.AWZ!tr.pws
F-Prot 3.16f 11.23.2006 no virus found
F-Prot4 4.2.1.29 11.23.2006 no virus found
Ikarus 0.2.65.0 11.24.2006 no virus found
Kaspersky 4.0.2.24 11.24.2006 Trojan-PSW.Win32.LdPinch.awz
McAfee 4904 11.24.2006 no virus found
Microsoft 1.1804 11.24.2006 Win32/Ldpinch
NOD32v2 1881 11.24.2006 no virus found
Norman 5.80.02 11.24.2006 W32/LdPinch.EUB
Panda 9.0.0.4 11.24.2006 Trj/Ldpinch.SU
Prevx1 V2 11.24.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 Trojan/PSW.LdPinch.awz
UNA 1.83 11.24.2006 Trojan.PSW.Win32.LdPinch.76F0
VBA32 3.11.1 11.24.2006 Trojan-PSW.Win32.LdPinch.awz
VirusBuster 4.3.15:9 11.24.2006 Trojan.PWS.LdPinch.ZN

Thanks for those briliant sites
what should i do ?for now defender has it quarantined
Go to the top of the page
 
+Quote Post
Grinler
post Nov 26 2006, 09:17 AM
Post #6


Bleep Bleep!
******

Group: Admin
Posts: 31,601
Joined: 24-January 04
From: USA
Member No.: 3



I would get rid of the file as we know it bad by clearing your quarantine so they are no longer on your computer. I would also suggest you scan your computer with the kaspersky online virus scanner:

http://usa.kaspersky.com/services/free-virus-scanner.php

If it still finds more malware, then do the steps here:

http://www.bleepingcomputer.com/forums/topic34773.html

last but not least, this malware is a keylogger and information stealer. I advise you change all your passwords for sites, your computer, etc.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 22nd November 2009 - 12:03 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.