| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 51643 | 2004-11-26 03:24:00 | Damned TROJAN! | Kansas (6448) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 296556 | 2004-11-28 08:48:00 | Hmm ok thats no good :( ! I'll send an email to the author and ask does it do anything at all, if u dont register it. If the trojan/whatever is in its database. |
Spacemannz (808) | ||
| 296557 | 2004-11-28 08:50:00 | Would appreciate more detailed instructions if you don't mind :) Not completely up to play in this technological world :_| |
Kansas (6448) | ||
| 296558 | 2004-11-28 09:05:00 | > There is an exe that respawns it,Norton fails to > delete the .exe. > > You need to shut down the service/remove it from > startup,clean up the files manually and then do a > system scan. > > Luckily when it respawns (which it will probally do > as soon as you start tracking it) it randomly renames > itself. > > Good luck. Would appreciate more detailed instructions if you don't mind Not completely up to play in this technological world ?:| |
Kansas (6448) | ||
| 296559 | 2004-11-28 09:14:00 | Try start/run and type msconfig. Go to startup tab, what exe files are under the startup tab? Any unusual file names? |
Spacemannz (808) | ||
| 296560 | 2004-11-28 09:29:00 | These things can be defeated but they're blimmin difficult. It's probably what is called a dropper, they usually have two components, a virus like bit that carries a trojan or worm which it deposits in your system (all the usual backdoor bits). As others have said, these critters not only replicates but leave replications with random file names so that your antivirus doesn't identify it immediately, the copies may lie dormant in your windows folder (often in Temp or Documents & Settings) while others are madly infecting files. I've seen one get up to 1300 odd infections withing 4 or 5 minutes before I shut down and booted back to safe mode. I got it in the end but the damage done by the invader and me getting rid of it meant a format and reload of the OS anyway. At least it gave me breathing space to save some data. Hence the advice above, data is more important than your OS, save the safe data, reload the OS. BTW, if your on a network, get off it, you could be spreading the critter or reinfecting yourself from the network. If you want to try to kill it, search for dropper virus/worm. |
Murray P (44) | ||
| 296561 | 2004-11-28 09:42:00 | I am going to hazard a guess here and make the assumption you are a novice PC user. As such (and please do not be offended by my assumptions) you sound like you really need help from a professional to sort this as the particular "nasty" can be very tricky. It may be there is a simple fix to this particular infection that has come out since I struggled with it so it might be fixable easily by someone whose job is to "fix" PCs now. What I am talking about doing is relatively straightforward with enough knowledge and experience but I am assuming from your request you do not have sufficient experience yet to attempt a clean reinstall of the operating system. You really should give it another couple of days here to see if one of the members has successfully dealt with this variant as well and can explain simply what to do. However failing that it would be best for yourself I would say to take it to a professional and have them reinstall a clean version of windows. What you also need to do is ask that person to install the following BEFORE you take the PC online again. They are Zonealarm free edition, Adaware, Spybot search and destroy, an antivirus of choice (good free one AVG antivirus), BHODemon and every security update for your particular version of Windows. Then you can take it online safely for longer than 5 minutes. :D |
John Grieve (367) | ||
| 296562 | 2004-11-28 10:01:00 | Googling I found this: www.simplysup.com and this: www.soft32.com Maybe worth a try. |
zqwerty (97) | ||
| 296563 | 2004-11-28 10:03:00 | Also some advice from another forum: www.bullguard.com |
zqwerty (97) | ||
| 296564 | 2004-11-28 10:06:00 | This looks a good thing to try: home9.inet.tele.dk |
zqwerty (97) | ||
| 296565 | 2004-11-28 10:08:00 | This is the link to the scan: home9.inet.tele.dk |
zqwerty (97) | ||
| 1 2 3 | |||||