<font size=4>Taiwanese Trojan Author Arrested</font>

By Keith Regan
E-Commerce Times
05/28/04 9:06 AM PT

The Peep code reportedly was disguised as a game program and has been developed into two different Trojans. The first is a sniffer program that records keystrokes on a computer and transmits them back to the program's distributor. A second, more powerful version enables hackers to take control of a compromised computer remotely.

Police in Taiwan have arrested Wang An-ping, a 30-year-old man who reportedly admitted to authoring Trojan code later used to steal and destroy information on government-owned computers.
Wang reportedly told police that he developed the software as a commercial venture but eventually posted the code for free on the Web, including to some Chinese-language hacking sites.

The arrest marks the second major capture of the week in the information security enforcement arena.
Also in custody is a Canadian teenager who is accused of helping to distribute the Randex worm, which attacks unprotected machines running Microsoft Windows. Police tracked the 16-year-old, who is charged with mischief and fraudulent use of a computer, through a series of "bots" used to relay the malicious code.

Some 20 variations on the Randex worm have been identified since last summer. The most recent, labeled Randex.OL by Symantec, was spotted in March of this year.

Peeping Code

The Taiwan arrest represents a break in what has been seen as a serious case of hacking by authorities after Chinese hackers used the Peep code to break into government computers, steal protected data and then destroy that information.
The Peep code reportedly was disguised as a game program and has been developed into two different Trojans. The first is a sniffer program that records keystrokes made on a computer, including such information as bank account numbers and passwords, and transmits them back to the program's distributor.

A second, more powerful version enables hackers to take control of a compromised computer remotely, including running applications, downloading files and altering the registry files.

More on this Story (http://www.ecommercetimes.com/story/34090.html)

I have a Trojan horse virus in my computer. It's supposed to be quarantined, but a box still keeps popping up warning me to run my anitvirus to get rid of it. Trouble is the antivirus doesn't get rid of it, it just keeps quarantining it. /ubbthreads/images/graemlins/crazy.gif

My neighbor told me she had one too, that hijacked her browser. The computer guys couldn't get it out and they ended up wiping the memory and starting over.

every try spybot or adaware? and dont quarantine it, KILL it, if you can find out what KIND of trojan it is, go to the website your AV has and look for a tool that will remove it.

There might be a certain tool you can download and use to be able to root it out and remove it.

(better than registry diving for it)

I have Ad-Aware 6.0. That hasn't done anything about it. The anti-virus keeps catching it and sticking it in a vault of some kind.

What's register diving?

I thought maybe I could do a search in explore for it, then delete it, but I don't know if that will hurt anything, or even get it all. These things seem to have tenacles. /ubbthreads/images/graemlins/crazy.gif

What are you doing when the box pops up? Whatever you're clicking is probably the virus/worm. Each time you do it, your virus scanner catches it and quarantines it. Your virus scanner should also tell you what virus/worm it is, and that can help you get rid of it.

[ QUOTE ]
Rhino said:
What are you doing when the box pops up?

[/ QUOTE ]

I click "ok" to get rid of it. It comes up four times in a row though. One for each time it was quarantined, I believe.


[ QUOTE ]
Your virus scanner should also tell you what virus/worm it is, and that can help you get rid of it.

[/ QUOTE ]

It does say what it is. I'll copy it down next time it pops up, and post it.

Btw, the anti-virus on this computer is one of those freebie ones. I'm beginning to wonder if they put that virus in there so you'll need the pay version to get rid of it. /ubbthreads/images/graemlins/serious.gif

Here's what it says -

[ QUOTE ]
Virus

Trojan horse Downloader.Winshow.V

is found in file

c:\System Volume Information\_restore{F8924A64-57FE-4A8B-A1FA-A78COF7D9FE6}RP221\A0012988.dll

To remove this virus, please run AVG for Windows.

[/ QUOTE ]

Accept that when I run AVG for Windows it just quarantines it again.

[ QUOTE ]
Chris said:
I click "ok" to get rid of it. It comes up four times in a row though. One for each time it was quarantined, I believe.

[/ QUOTE ]
I meant what are you doing that makes it pop up, not what you do after, but no matter.

You have winshow, which is a trojan/adware. Some versions of it are protected by Windows, hence your problem. Try the removal process at the link below (make sure the browser is off):
http://www.pestpatrol.com/PestInfo/w/winshow.asp

[ QUOTE ]
Rhino said:
I meant what are you doing that makes it pop up, not what you do after, but no matter.

[/ QUOTE ]

It popped up every time I opened my browser, and when I would leave it open but not use it for a while. It also popped up when I connected to the internet, even if my browser was closed still.

I copied all the info at that page. I'll let Chap do it. I'm afraid I'll screw it up.

Chap uninstalled that freebie antivirus program over the weekend, because he got me Norton AV and installed, updated, and ran it, but it didn't come up with that trojan horse virus. I haven't seen a sign of it though, but I know that doesn't mean it's gone. I'll let you know what Chap finds with that pest patrol info.

Thanks Rhino. I really appreciate your help. /ubbthreads/images/graemlins/thankyou.gif

No problem. You should also download Spybot and AdAware. They are designed to more efficiently root out these adware bugs, as they are not always technically considered viruses/worms/trojans and many antivirus programs may not notify you of their presence.