postgresSQL TROJAN alert

    • qcjunior
      Joined: 07.09.2008 Posts: 144
      I have to stop using elephant/postgrtesSQL.
      My computer is new ,up to date,a very capable computer with high speed connection.
      I was disconnected from party for the second time in 3 weeks,not unusual for some.(never happened before, on any site)
      After the first time I contacted party,just to have them tell me that I wasn't disconnected at all, and everything is ok. (wtf?)
      after the second time I logged out and started a scan using live onecare av scanner.When the scan got to postgres it started reading like a chinese menu!
      Windows installer c5564 every where, in the postgres file.
      Microsoft has confirmed to me that installer c5564 is a trojan of chinese origin, its not their product !

      Watch your scans for windows installer c5564, it comes with lots of chinese writing X(
  • 3 replies
    • LioPio
      Joined: 13.01.2008 Posts: 78
      Having trojans on a system always sucks, but i think it's unfair to put the blame for being infected to PS elephant/postgres.
      Since pokerstrategy has a economic intrest (they recieve part of the rake you pay when playing poker) in having a reliable image, i believe it would be in the intrest of PS to avoid the distributing virususes via their systems at all cost.

      If we believe that PS is not the distributer of the trojan, then it comes the question how did your system got infected:
      You stated that you have a brand new fast computer, which is good for you, but that doesn't tell anything about the way you secure your system against virusses and other unwanted software. Do you have a good up to date "on access" virus scanner, are you always logged in as a administrative user and do you download or recieve software from less legitemate sources(funny programs or cracks)?

      It would also intresting to see what the location of the infected postgres file is.
      Some malware camouflage themselves as postgres.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.

      I wish you the best in removing this trojan and keep an eye on the forum if more people report beïng infected with this trojan!
    • qcjunior
      Joined: 07.09.2008 Posts: 144
      glad to see at least some one reading this post.
      LoiPoi I am not blaming anyone from PS, in fact no one at all.
      But if I was I would have to start with myself .

      I first created a ticket, and then was told to post , perhaps to warn other members

      yes I have been all over your other comments, how, where,when, long ago and I am hot on the trail now.
      thk u
    • qcjunior
      Joined: 07.09.2008 Posts: 144
      After 2 days of tech help from Microsoft the virus/trojan is still in my computer.
      The good news is it no longer shows its ugly face in postgres or any poker software.
      When it was originally discovered it showed its self mostly when onecare scanned through postgres and my party file.I have been able to clean my computer down to one general location.
      (\\(chineese writing)c5564)

      It also showed up in ..
      app000554\(chineese writing)custom sequence
      adobe digital media reader

      Unfortunately it is something I most likely let through my firewall along time ago.