Trojan Generic24 Information
This is a new virus in the wild. Trojan Horse Generic24.cgol is new; so new it has not yet been given a common name. Generic 24.cgol has already been seen in several versions. Trend Micro Threat Library and AVG Library have as yet no information on this version
Generic 24 is extremely dangerous.
At the time of writing this article (20 Sept 2011), and the one for Graphicline, no known anti-virus application is able to detect the initial infection by Generic24.cgol
It is only discovered by heuristic scanning algorithms, after it has infected the user’s PC. Neither AVG was unable able to fully remove the virus; some components needed to be removed manually.
On article on PC1News identifies the virus as an internet re-direct virus, spreading fake AV software with a single click. However I consider this information unreliable, contending there is more to the virus than just this. It definitely downloads other malware, including MsSQL database blockers, and password blockers. I have not seen any other references to this version spreading FakeAV.
The virus, generic24.cgol infected my Firefox browser, installed itself in the program folder, as well as in the Documents/Application settings folders. (and Windows registry)
Sources for this Trojan
The generic24 trojan may infect your PC from an e-mail containing a link to a website from where the trojan will download, or by clicking on a link to a website.
It is possible generic24 may be sent deliberately by malicious persons via e-mail, and may contain an e-mail worm. There is too little definitive information available at present to do anything but advise extreme caution.
For removal information please refer to graphicline.co.za (removing-trojan-generic24cgol).
IMPORTANT – CHANGE ALL ONLINE PASSWORDS
Generic 24 Trojans are typically hacking related.
The trojan, or at least this version poses an active security risk. It may download other malware automatically, including malware files masquerading as Dc#.exe (# = various numbers) as well as a Linux/Unix database blocking virus.
Generic24.cgol may include a keystroke logger, and it definitely tries to actively prevent password changes.
One significant result of the infection was my website graphicline.co.za becoming corrupted. As a normal procedure after any keystroke logger or spyware problem, I change any recently used passwords. When I changed the passwords for my website login, I was still unaware the anti-virus scans had not fully removed the infection, and after logging out of the site, was unable to log back in again. (More on this) Eventually after several failed log-in attempts, the entire CMS website crashed…
NOTE: graphicline.co.za has been completely re-stored (database, CMS, and all active files) from a known clean backup stored remotely, lost content replaced manually, and is safe to visit.