There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Sinowell and/or torpig trojan

Reply  
Thread Tools
albert lionheart's Avatar
Computer Specs
Member with 43 posts.
  
Join Date: Oct 2008
Location: Middle England
Experience: inveterate IT fiddler
06-Nov-2008, 02:47 PM #1
Sinowell and/or torpig trojan
Anyone else come across this one?
I have a client with it on the system and at this stage it only shows itself as a change to a bank login page (asks for full pin and password - otherwise a perfect copy of the original). I am told that the virus changes it's signatures through access to a server and has been known to kill itself.
Kaspersky will stop it getting onto a system but is unable to remove it once present. The only other AV package supposed to be able to stop it is F-Secure.
It also attaches itself to the MBR and again I am told that this cannot be cleared, even with a low level format so the recommendation is to replace the hard drive. This last came from the NatWest Bank who seem very worried but do not have any other solution.
It has been around for about 18 months but is so good at hiding itself that there is no real idea of how many infected machines there are out there. Propagation by email attachments and websites.
I was able to remove it from this system once using Hijackthis but the client revisited the website (a family history site we think) and promptly reinfected the machine.
I have been instructed to replace the hard drive so that is what I will do.

Anybody have anything to add to that lot?
Register for free to hide this ad!
mrss's Avatar
Registered User with 722 posts.
  
Join Date: Jun 2007
06-Nov-2008, 03:46 PM #2
albert lionheart's Avatar
Computer Specs
Member with 43 posts.
  
Join Date: Oct 2008
Location: Middle England
Experience: inveterate IT fiddler
06-Nov-2008, 04:19 PM #3
Thanks Mrss - that is very interesting and gives a nice balanced report on the thing.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:52 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.