| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 51737 | 2004-11-28 22:21:00 | Had a Trojan-Its gone-but still probs | Curly (487) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 297526 | 2004-11-28 22:21:00 | Win2000pro, 1 gig, 260odd ram, 40gigHDD, dialup etc AVG told me I have a trojan horse IRC/Backdoor.sdbot.55.U, in winnt/sys32/winole.exe. Ran AVG and it healed it. But now whenever I go online the computer starts receiving data from God knows where. It's now up 330000 bytes received and around 89000 bytes sent. If I switch off and back on again, the data count carries on from where it left off and that applies even after an overnight switchoff. I have run,( several times), AVG, AdAware, Spybot, TrojanHunter, Hijackthis and CCleaner. All updated to the latest version. I do not have either MS Automatic updates or anything scheduled to run at all. I can close every program and have only the desktop showing, but the download, if thats what it is, continues. Could it be that someone has taken over my computer and the activity I see is him/her preparing to send spam or something? but surely not on dialup!! I suppose I could let it finish, but meantime it has priority over the modem and I cannot do anything :-( Assistance with this bugger appreciated. |
Curly (487) | ||
| 297527 | 2004-11-28 22:40:00 | First thing you need to do is put your firewall into Learn mode and block the access | Greg S (201) | ||
| 297528 | 2004-11-28 22:41:00 | If 2k has msconfig, I think it has, go to start/run and type msconfig then go to the startup tab. Notice any strange filenames there?? Post back what appears in startup tab. | Spacemannz (808) | ||
| 297529 | 2004-11-29 01:04:00 | Nah Spacemannz, 2000 does not have msconfig, typed it into RUN but said it could not find it, or words to that effect. Good point though, anyone know how to check startup files in 2K? |
Curly (487) | ||
| 297530 | 2004-11-29 01:08:00 | Hi Greg S, forgot to say, I am using Agnitum Outpost v1.0. Don't have time right now, but will investigate the "Learn Mode" tonight. Thanks for the suggestion. |
Curly (487) | ||
| 297531 | 2004-11-29 01:09:00 | You can just grab msconfig off the net and chuck it in ya windows folder,works a charm....which begs the question?...why the hell did they leave it out? Anyhow,Use spybot to examine your startup items,whack it into advanced mode,then select tools>startup. By clicking the tiny arrow on the right of the screen a desription box will apear,with info about any highlighted entries. |
metla (154) | ||
| 297532 | 2004-11-29 01:09:00 | Try regedit then go here HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and here HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run also look under runonce under both of the above. see whats under run and any strange names |
Spacemannz (808) | ||
| 297533 | 2004-11-30 05:44:00 | Well Metla, win2k now runs msconfig and after disabling 4 items on the basis they "did not look right", my mysterious download has stopped. When I get some time, I will enable them one at a time to see what happens. Tried your suggestion re Spybot and that worked just as well too. You seem to have a reputation of being a bit hard nosed at times :-) but man, you sure do know your stuff and thats all that really matters. Thanks mate. |
Curly (487) | ||
| 297534 | 2004-11-30 06:36:00 | awww....shucks.... | metla (154) | ||
| 297535 | 2004-11-30 08:03:00 | >>You seem to have a reputation of being a bit hard nosed at times but >>man, you sure do know your stuff and thats all that really matters. Under that brittle surface there is a good lad;) |
Thomas (1820) | ||
| 1 2 | |||||