Eurobet and Trojanhorse.exe

[___1___]

Zoo,

I had something happen to me this morning that completely freaked me out...

It's 5am and I'm playing 4 tables at Eurobet with nothing else open aside from Pokertracker. All the sudden a Dos screen comes up with text running. The only thing I made out was trojanhorse.exe. I closed it immediatly and Microsoft Spyware prompted me that someone was trying to put a keylogging device on my computer. I blocked the keylogger, ran spyware, and deleted the keylogging device.

Strange thing is, my computer runs spyware every hour and the only applications I had open during that hour were Eurobet and PT.

Any clue what's going on?

___1___

[bort411]

You can get these things without doing anything but being connected to the internet. If you're on a network, it could have come from there.

[stigmata]

Sounds like someone haxored you.

Are you on a network? Does it have a firewall? Do you have a personal firewall? Are you up to date with all the MS security patches?

I would seriously getting to the bottom of the problem *quick* and making sure you don't have too much money hanging around in your poker accounts.

Scary.

[Synergistic Explosions]

Just to make you feel better. I got the Mugly_B virus while playing Empire. It really does scare you when your antivirus announces these things.

Avast always starts by saying DO NOT PANIC!

Now if that doesn't make you panic, nothing will!

But really, sounds like your safeguards caught it and removed it, so you should be OK.

[ripped]

you got hacked. you must not be running all the lastest MS patches or you are not firewalled or your firewall is not running properly. Trust me on this 1. I used to hack and thast exactly what happens on the target machine. Do a search for Servudaemon. Whats was happening was when that DOS window popped up someone had accessed your machine and a "rootkit" was being installed. Rootkits then connect to a IRC channel and now all your base belongs to them.

[Synergistic Explosions]

Is he safe now after catching it and deleting it?

[ripped]

I am not sure how much of the rootkit got installed but he is probably ok. as long as he closed the DOS window before it finished the rootkit never got fully installed. What happens is it creates a bunch of hidden folders usually located in the system32 folders that you would never know are there. The problem is different rootkits are made by different people so they are located in different places.

The reason hackers do this is to steal bandwidth. They use your machine to share illegal files on an IRC client.

I am 95% sure that if you caught it in time them you should be ok. go to trend micro and do a free sytem scan right away.

[___1___]

Ripped (or anyone),

I did the scan with trend micro and it came up with 4 infected files (two of which are apparently spyware):

TROJ PERLOG.D
TROJ PKEYLOG.A
TSPY BANCOS.AED
BKDR CCT.B

I can't, nor can any progam I've used, delete the "TROJ" files. Should I just search the internet for solutions or call a professional?

Thanks for the help,

___1___

[bobdibble]

If I were you, I would be ultra paranoid. Personally, I wouldn't trust using that machine until I reformatted and reinstalled.

If you have other machines at home, I suggest disconnecting all machines from your network and running virus/trojan scaners. Then reformat/reinstall machines with a positive hit, enable windows firewall, put the machine back on the network, run windowsupdate until no more patches are applied, and then move on to the next machine.

Disconnecting all your machines from your local net (local hub/switch/wirless etc, not just the internet) is important because you don't want a comprimised machine infecting a machine that you are reinstalling.

[krimson]

Solution: Reformat... I seriously would not try to clean this up, just reformat and be safe.

If your not familiar with what is involved in reformatting then see a professional. A virus is one thing, but keyloggers on a poker players computer is a disaster waiting to happen.