Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio blue screen boot bsod connection crash dell desktop driver dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Sinowell and/or torpig trojan

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
albert lionheart's Avatar
Computer Specs
Member with 37 posts.
  
Join Date: Oct 2008
Location: Middle England
Experience: inveterate IT fiddler
06-Nov-2008, 01:47 PM #1
Sinowell and/or torpig trojan
Anyone else come across this one?
I have a client with it on the system and at this stage it only shows itself as a change to a bank login page (asks for full pin and password - otherwise a perfect copy of the original). I am told that the virus changes it's signatures through access to a server and has been known to kill itself.
Kaspersky will stop it getting onto a system but is unable to remove it once present. The only other AV package supposed to be able to stop it is F-Secure.
It also attaches itself to the MBR and again I am told that this cannot be cleared, even with a low level format so the recommendation is to replace the hard drive. This last came from the NatWest Bank who seem very worried but do not have any other solution.
It has been around for about 18 months but is so good at hiding itself that there is no real idea of how many infected machines there are out there. Propagation by email attachments and websites.
I was able to remove it from this system once using Hijackthis but the client revisited the website (a family history site we think) and promptly reinfected the machine.
I have been instructed to replace the hard drive so that is what I will do.

Anybody have anything to add to that lot?
Register for free to hide this ad!
mrss's Avatar
Registered User with 722 posts.
  
Join Date: Jun 2007
06-Nov-2008, 02:46 PM #2
albert lionheart's Avatar
Computer Specs
Member with 37 posts.
  
Join Date: Oct 2008
Location: Middle England
Experience: inveterate IT fiddler
06-Nov-2008, 03:19 PM #3
Thanks Mrss - that is very interesting and gives a nice balanced report on the thing.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 03:30 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.