32 cookies and four trojans

Norton Security | Norton Internet Security
1

I built a new PC, expecting to make it a dual-boot with both boots being W-7 (don't ask).  I finished the first partition and loaded Norton AV and Malwarebytes on it.  Then I finished the second partition except for antivirus.  Up until then I had not accessed the Internet except to download Microsoft updates.  Using the Norton/Malwarebytes partition, I looked at a few common news sites, e.g. BBC News and CBS News.  I am fairly certain that the only new site I accessed was sogdianamusic.ru.  Then I ran a full scan with Norton, which turned up 32 cookies.  I had never seen so many cookies with any antivirus product before.  I allowed Norton to remove the cookies.  This worried me, so I ran a full scan with Malwarebytes, which turned up four trojans -- and the trojans were on both partitions, two on each.  I thought this was strange given that I had not used the Internet on the second partition at all except for Microsoft updates.  I allowed Malwarebytes to handle the four trojans.

 

Then it got worse.  I booted into the second partition and tried to load F-Secure.  Immediately I was notified that my Internet connection was down.  Obviously there was yet another trojan, whether one which Malwarebytes did not completely remove or a more cleverly-hidden one.  The trojan was not going to allow me to install F-Secure.  I booted into the first partition and the Internet connection was fine.

 

It was time to terminate trojans.  I shut the system down, removed the drive, and, using another PC and a USB 3.0 external enclosure, used Western Digital's Data Lifeguard to write zeros to each and every bit.  Then I reinstalled both OS, Norton, Malwarebytes, and F-Secure.  Just in case something was lurking in the firmware, I immediately ran anti-virus scans, which showed no problems at all.

 

I am not sure if I was stung by zero-day malware or trojans which both Norton and Malwarebytes were not aware of.

 

The lessons here are:

 - sogdianamusic.ru is dangerous

 - Norton completely missed all of the trojans, both during access and scan

 - Malwarebytes only partially cleaned up the trojans

 

P.S. If this had been a customer PC, I would have tried Norton's Power Eraser.  But since the PC wasn't even finished, I just started over.

2

Hi baroque-quest,

 

If you surfed to any internet websites at all, it is certainly possible to pick up multiple tracking cookies from all of the third-party sites which may have content present on the sites you visited.  Also, tracking cookies are not a threat to the PC's security, so finding and removing them does not indicate an issue that you need to be concerned with.

 

As to the trojans, they didn't happen to be Zbot, did they?  Malwarebytes' just corrected a false positve for Zbot in two InstallShield file locations.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Trojan-Zbot/m-p/837794/highlight/true#M222367

3

I forgot to write down the name of the trojan.  However, I disagree that this was a false positive.  I have another system configured the same way and I immediately ran anti-virus scans on it with no trojans found; if it was a false positive, the second system would have registered trojans.  And I think you forgot about the trojan which would not allow me to install F-Secure on the second partition; the Internet connection was fine until I tried to install it.

4

Loss of internet connectivity is not an indicator of a Trojan - it can happen due to many other factors, and on a freshly installed system, malware is very unlikely to be the cause.  Was the second computer you scanned also running WIndows 7, and did you use the same Malwarebytes' definition set as on the original machine?

5

The other PC with the same configuration (all W-7, p1: Norton/ Malwarebytes, p2: F-Secure) was running fine with Internet connectivity.  Both have Malwarebytes PRO, so they are updating themselves regularly.

 

As to trojan's not causing Internet loss, I will not argue that trojans cause that, but I have read in a few sources that some malware can cause that.  If F-Secure's website had problems, that would be understandable, but my PC suddenly lost Internet connectivity and not just to F-Secure's website.

6
baroque-quest wrote:

The other PC with the same configuration (all W-7, p1: Norton/ Malwarebytes, p2: F-Secure) was running fine with Internet connectivity.  Both have Malwarebytes PRO, so they are updating themselves regularly.

 

As to trojan's not causing Internet loss, I will not argue that trojans cause that, but I have read in a few sources that some malware can cause that.  If F-Secure's website had problems, that would be understandable, but my PC suddenly lost Internet connectivity and not just to F-Secure's website.

I do hope you are not running F-Secure, Norton and Malwarebytes Anti-Malware all together...  You should not have more than one real-time security program protecting your system as two or more will clash, slow your system and make it unstable.  You will also be less secure.

 

You mention you have the Pro version of MBAM so you should disable the protection component.

 

 

7

Krusty13 wrote:

I do hope you are not running F-Secure, Norton and Malwarebytes Anti-Malware all together...  You should not have more than one real-time security program protecting your system as two or more will clash, slow your system and make it unstable.  You will also be less secure.

 

You mention you have the Pro version of MBAM so you should disable the protection component

 

Norton Internet Security and Malwarebytes Pro can run alongside each other fine, just add the proper exclusions to both.

8

Krusty13 wrote: "I do hope you are not running F-Secure, Norton and Malwarebytes Anti-Malware all together"

 

As I explained rather thoroughly in the original post, the PC is a dual-boot:

 - partition/boot 1: Norton and Malwarebytes

 - partition/boot 2: F-Secure

 

And Malwarebytes specifically states that it can be run alongside AVs like Norton.

9
baroque-quest wrote:

Krusty13 wrote: "I do hope you are not running F-Secure, Norton and Malwarebytes Anti-Malware all together"

 

As I explained rather thoroughly in the original post, the PC is a dual-boot:

 - partition/boot 1: Norton and Malwarebytes

 - partition/boot 2: F-Secure

 

And Malwarebytes specifically states that it can be run alongside AVs like Norton.

OK,

 

Yep, I missed that it was a dual-boot, but I'll stick with Quads about MBAM.  :smileywink:

 

http://community.norton.com/t5/Norton-360/AVG-detects-JS-Phish-in-norton-360/m-p/837240/highlight/true#M81249

 

Dave