Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

jann dam virus


  • Please log in to reply
6 replies to this topic

#1 Lance Boyle

Lance Boyle

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 September 2013 - 04:10 PM

Is anyone familiar with a virus known as jann dam or janndam?  We have a vendor that will not allow us to use their web interface because they have identified the above mentioned virus on a client.  We have another user who uses the same web interface and has experienced no problems.  We have run scans using Webroot, ESET, Malwarebytes, and MS mailicious software removal tool.  Initially several threats were detected and removed.  Now the system scans clean but the vendor still detects a potential threat called janndam.



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:11 PM

Posted 16 September 2013 - 04:44 PM

Hi,

are you sure about the spelling? Could it be the French word "Gendarme" (pronounced like jann dam)

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Lance Boyle

Lance Boyle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 September 2013 - 04:56 PM

Thanks for the feedback.  According to the vendor it is jann dam.  They spelled out the name.  I briefly looked into "Gendarme" just to see if there is any confusion.  Since the vendor is a bank it would seem "Gendarme" might be a candidate for the culprit.  What I found online for Gendarme seemed to be tied to banking issues.  Still, they were pretty specific that it was jann dam.



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:11 PM

Posted 16 September 2013 - 05:09 PM

Hi,

it's a bit odd. I did a quick search for the name "janndam" and the only hits I get are from someone that got a voice call, where it is not unlikely that the word gendarme is spelled phonetically.

If you think the pc is clean, then it's usually a good idea to disable addons, they can cause false positive.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Lance Boyle

Lance Boyle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 September 2013 - 05:29 PM

Thanks again.  I will disable the addons and see what we get. If this clears up the issue then we can enable addons individually and maybe isolate the problem that way.



#6 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:11 PM

Posted 16 September 2013 - 07:41 PM

Weeelll... Somebody uses *.dam extension to indicate a file is detected but damaged - McAfee  I think, but maybe Symantec.  IF this is the case, this probably would be the file name as seen in a quarantine, not the malware name.  Most AV don't even bother to mention these things if the file won't run.  I can't imagine what the bank is getting, unless a corrupt form response of some kind, and a false positive on top of that.

 

Lance, if not the add-ons, maybe try dumping all the bank's cookies.



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:11 PM

Posted 17 September 2013 - 06:12 AM

Hi,

 

it might help if you ask for more specific signatures from your vendor, it may help you identify where the problem is coming from.

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users