Posted on 10/22/2007 8:55:41 AM PDT by BulletBobCo
Yesterday morning, Spy Sweeper detected a trojan called "ldpinch" on my computer. It was quarantined and I deleted it. It showed up again today so I called Webroot, which makes Spy Sweeper. I was on hold for over an hour. Customer service told me that it is a false positive, that it probably came from Windows updates for Windows Messenger. They should have new definitions to correct this false positive in the next 24 hours. Customer service said that they have been swamped with calls on this issue and that is why there is such a long wait. So now I have to apologize to the kids because I thought they were the ones that downloaded this bugger.
This needs to be in Breaking News...
When I read what the real ldpinch can do, I got a bit excited.
Other versions: .bik, .rn, .ur, .zm
Aliases Trojan-PSW.Win32.LdPinch.a (Kaspersky Lab) is also known as: Trojan.PSW.LdPinch.a (Kaspersky Lab), PWS-Dimon (McAfee), PWSteal.Trojan (Symantec), Trojan.PWS.LDPinch (Doctor Web), PWS:Win32/LdPinch.A (RAV), PSW.Ldpinch.E (Grisoft), Trojan.PWS.LdPinch.A (SOFTWIN), Trojan Horse (Panda), NewHeur_PE (Eset) Description added Sep 10 2003 Behavior PSW Trojan
Technical Details
This family of Trojans steals user passwords.
When launching, the Trojan writes the following value to the system registry.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] putil = %windir%\%file name% This ensures that the Trojan will be run every time the system is started.
It then copies itself to the Windows folder, and launches itself from there, deleting the original file.
The Trojan harvests information about the system (operating system, configuration etc.) and passwords for a range of services and applications, including RAS, POP3, IMAP, ICQ, FTP etc.
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email, using an SMTP server with an IP address which is coded in the Trojan's body.
All I know is from this link
ldpinch?
New York Times virus?
That reminds me - it’s time to run Spybot and Ad-Aware.
SpySweeper is available, free, to users of ATT.net.
I have not downloaded it yet. What’s your opinion of it?
TIA.
It's freeware, and seems to be a nice additional tool.
Bump for later
I have had Spy Sweeper for about 4 years and I’m pleased with it. They did have a couple of versions that did not work well early on but I have had no problems lately. They are located in the Peoples Republic of Boulder, Colorado.
Thanks.
It will find and fix problems (FOR GOOD) that most other anti-spyware's can't or don't.
Make sure you download the latest definition updates before scanning your machine.
Good luck.
“ldpinch” as in “I’d pinch”?
Sounds like something one might acquire from a fetish porn site.
BTTT
agreed. hands down it’s the best out there.
Thanks for posting this. I have had a ton of problems lately with adware, and am illiterate when it comes to computing. So, I asked for, and received, freeper help, followed it, and think it’s straightened out.
I never used to read the techie threads on FR, but now check them out!!!
Grammy, pinging you on this one.
Hey LucyJo,
I remembered your past freepmail (don’t remember if I ever answered it, it’s crazy hectic here right now). Be sure to read post #13.
I find the spyware part works pretty well. I do have a problem when I upgraded to the virus package...my email quit working. I had to re-set up my email on another machine.
If you need something to worry about, worry about “Storm.”
Ever heard of a false alarm? Do you not believe them?
Incidentally I use a free program Ad-Aware 2007 that works just fine.
When Microsoft bought Gator, they reclassified Gator’s horrible spyware.
Such “false positives” are sometimes classified as such by corporate mergers.
Doesn’t mean that the software is “nice”.
Thanks much! :-)
Grammy, pinging you on this one.
If you’re that paranoid, buy a Mac.
jdm,I downloaded and ran SuperAntiSpyware, but it didn’t remove the Adware_BHOT_Mirar that is on my computer.
I got TrendMicro with this computer, and I finally got frustrated with their team trying to help me remove this and another one called Virtumundo, or some such, so a young man we know removed it, but overlooked this one.
If any of you are familiar with this, I’d appreciate your suggestions for getting rid of it.
Thanks,
LJ
I really feel left out these days. I, first of all, had to even find a good program to run on my Macintosh, to look for viruses and trojans and other malware. After finding one, I had to wait for four or five years before even finding one “hit” finding one — which turned out to be a Windows virus. Such disappointment!
I can’t find a single virus to get excited about on the Macintosh. Something must be really wrong with that system... LOL!
Regards,
Star Traveler
bookmark
I don’t use them. But my son and many former coworkers do. And they catch every damn thing that comes along because they don’t practice safe computing.
I personally don’t activate any instant messaging. I use Antivir (free) for virus checks and guard, Spybot Search & Destroy for other nasties, Adaware for unwanted crap, and the free version of Kerio Firewall. I try to scan my disk with all these at least every week or so. For added measure, our broadband router has a built-in hardware firewall.
It’s serially hugh!
The latest from Webroot
http://webroot.custhelp.com/cgi-bin/webroot.cfg/php/enduser/home.php
Message Board
10/22/2007- Webroot Antivirus/Spy Sweeper is falsely detecting a registry key associated with Windows Live Messenger as a trojan labeled ‘LDPinch’. The registry entry is quarantined by Webroot Antivirus/Spy Sweeper, however, there is no severe impact to a user’s system. The registry entry is simply restored after restarting the system.
Webroot has identified the erroneous detection and has removed the false positive from the lastest definition update. Webroot Antivius/Spy Sweeper will automatically update itself once the definition update is available.
Since everyone is throwing recommendations out there, I’ll get mine in. AVG makes a superb anti-spyware program. As Sr. Network Admin, I have successfully lobbied to have the paid version added to most of our Critical user/Execs PC’s. You can get the same program for free, the only difference being that you have to manually update and scan with the free version. I have been a big fan of AVG A/V suite for years, and their A/S offering is every bit on par.
http://free.grisoft.com/doc/29116/us/frt/0
I don’t use instant messaging either, I disabled mine, however the files are still in the registry and that is what was causing the problem.
Thanks girl. I will pass this on to my IT guy 8-)
(Mr G for those in the know). I know about enough to get into trouble, and nothing more.
By the way, how was the fishing last weekend?
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email...
This is why you need a good firewall that traps incoming as well as outgoing threats.
SAS, Spybot (with Tea Timer) and AVG Anti-virus and you’re good to go.
I’m in the know when it comes to who your IT guy is (LOL).
You’re in good hands too.
Don’t remember the last time we talked, but the trip to Dale Hollow Lake was not what we’d been accustomed to in the past.
Since Dale Hollow is downstream from the Cumberland Dam (which is undergoing dam repairs) on the Cumberland River, Dale Hollow had really low water levels. To keep enough oxygenated water below Cumberland Dam (for trout, mussels and other threatened species), they drained Dale Hollow. I saw places (normally deep underwater) that I’d fished for years without knowing what structure underwater I was targeting.
Anyway, the fishing was tough, but spent two days with wonderful people you and Mr.Grammy would love.
I still want we two gals to hit a trout stream before it gets too cold. We can do this.
We seem to be getting some make up rain tonight! More than an inch so far, and more tomorrow. Boy, do we need it!
We have been getting rain, steadily, from a downfall to a light one, for the past two days, and forecast into the end of the week (WE NEED IT).
I am so happy, I have my many flowers, veggie garden, and I have grieved the toll taken on them over the summer. I lost some rhodederoms, and others, that I cherished.
Grammy, soon things will settle down and we’ll go fishing, the water will be there for us to do so.
I have, and suspect you do, some equipment and clothing where we can fish in some wet and cold weather and still be comfortable.
We need to set a time, a place that is convenient to you and me. We are blessed to have many of these places halfway betwen you and I, and they are productive fishing holes.
I’d like a day on a stream with just you and I. The last time we fished, we had to bait hooks for others, etc. The next time it needs to be me and you on that stream, concentrating, and me kicking your butt (grin)
As if....
8-)
I am the admin for my teensy little network here. The Windows boxes have the paid version of AVG with firewall and spyware detection. File and print sharing with the Linux machines takes a little tweaking with the AVG firewall, but it's worth it. AVG updates every few days, and its footprint is not as mammoth as the Symantech offerings, which have been so bloated it's hard to say if perhaps getting a virus may be better. Tried most of the biggies: McAffee is given away free by ISP's and to Universitites, because that's what it's worth, at least in my experience.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.