Re: Netdetect.exe with backdoor? (ICQ)

[jonh () APAK CO UK (Jon Hadley)]

Hi,

AVP just gave me a post lunch break heart attack and reported the same
Trojan infection for my older build of ICQ (again only downloaded from
trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes the
connection monitoring activities of Ndetect as Trojan activity.

A quick search of various virus sites suggests that AVP is mistaking Ndetect
for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to notify the
originator that the victim is online.

> -----Original Message-----
> From: WolF Knox [SMTP:wolfbh () BIGFOOT COM]
> Sent: Saturday, January 15, 2000 5:55 PM
> To:   VULN-DEV () SECURITYFOCUS COM
> Subject:      Netdetect.exe with backdoor? (ICQ)
> Importance:   High
>
> Hello everyone...
>
>       I was doing a rotine virus scan with AVP...
> and he told me that Netdetect.exe was infected with the
> trojan Backdoor.IP_Protect .
>
> Well, i don't use to download programs like ICQ from any unsecure site.
> Just mirabilis.com, tucows.com, cnet.com, etc...
>
> What is that trojan? Anybody have a clue?
>
> P.S: I Use ICQ Version 99b  Beta 3.19 Build #2569
>
> thanx,
>       Wolf Knox.
> --
>     ....         UIN: 33778118            ....
>     .  .    EMail: wolfbh () bigfoot com     .  .
>     .  .     NICK:  Wolf Knox             .  .
> .....  .....   "From ashes we rise,   .....  .....
> .....  .....    to ashes we shall     .....  .....
>     ....              Fall."              ....
>       []-----------Ex-Inferis----------[]
>       [] S e c u r i t y   s p h e r e []
>       []     www.exinferis.cjb.net     []
>       []-----------Ex-Inferis----------[]
> ________________________________________________________________
> GET PAID U$1,00/Hour for doing absolutely ANYTHING on your
> computer, as long as you are using your mouse!!!
>    http://www.getpaid4.com/cgi-bin/joinnow.cgi?wolfknox
>                     you already do it, why not GetPaid4 it?