Trojan horse MusicSearch

Has anyone else heard of this ?
It was picked up by AVG this morning and healed.
The path was C:\Windows\Download Program Files\Downlo~EXE

Nothing was affected that I am aware of..any Ideas where this thing came from, I have winMX and Kazza Lite, but haven't used them for about a month...just curious...Rhett

 

AVG seems to be the only AV picking that up from what I can see. But if it was an .exe in the Downloaded Programs directory, it certainly didn't belong. Shouldn't be anything but ActiveX (ocx) objects there.

 

Thanks Rollin, as I said , never executed, so appears to have done no damage, hard to find any info on it though... Rhett

 

No problem

You're right about the paucity of hits, what I found were all AVG users.

 

I think it's probably just AVG's name for the Mp3Search version of Lop:

http://www.spywareinfo.com/articles/lop/

http://www.doxdesk.com/parasite/lop.html

 

Yesterday I (or rather, SpyBot) also found this in "C:\Documents and Settings\Owner\Application Data\" (have XP). There were 13 files including application, but near as I (and Norton) could tell, nothing much'd been changed. Haven't had any problems with browsing or the like.

Like you, I also wonder how it came to be on my PC.

 

They usually get there because your security settings are too lax.

Here are three recommendations:

1) Go to IE > Tools > Windows Update > Product Updates, and install ALL Critical Updates listed.

2) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first three options ("Download signed and unsigned ActiveX controls", and 'Initialize and Script ActiveX controls not marked as safe") to prompt.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.