| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 47542 | 2004-07-29 10:28:00 | Backdoor.agent.B | j.w.knowles (3251) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 256516 | 2004-07-29 10:28:00 | Norton auto protect picks up, but a scan doen't find anything, bacdoor.trojan, in file hlpnghk.dll. also as shown here ctlnfm.dll. niether can be found. XP firewall is on, ad-aware finds a scanner, but it comes right back, spy-sweeper does the same, I have followed the instructions from symantec ie latest updates & signatures, removed entry from registry, I don't quite undertand how auto-protect picks it up but a scan doesn't. | j.w.knowles (3251) | ||
| 256517 | 2004-07-29 10:37:00 | When you receive the antivirus notification does the word "restore" appear any where in the path, if so turn off your system restore, reboot and turn back on. Antivirus programs can detect the virus in the restore area but cant clean them from there. Also it would be a good idea to scan your system with spybot or adaware just to be safe. I presume your antivirus program is up to date. |
beama (111) | ||
| 256518 | 2004-07-30 10:42:00 | Restore is not on the path, it has been disabled, ad-aware and spy-sweeper have both been used, both detect malware both remove it but it's back next sweep, Norton is right up to date, so as you can see I am a little puzzled. | j.w.knowles (3251) | ||
| 256519 | 2004-07-30 10:51:00 | i've come across one recently......dll's with random letters as a name. can you delete the files ? (you will need to make sure the files are not hidden). have you run liveupdate or just the auto update ?? |
tweak'e (174) | ||
| 256520 | 2004-07-30 23:00:00 | Search and download these apps, Stinger. A2 (pronounced A squared) and vcleaner, They are all trogen or backdoor cleaners. download, install and run each in turn one of them may work on that backdoor virus. NOTE These programs are not system monitoring software as in a virus checker, but just run once cleaners that can be reused. A2 is updatable though if I remember correctly. Are you following those removal instruction in safe mode and if using NT or above try and find the name of task for that backdoor and end task on it. Because if it is active, no matter if you delete the related files(if allowed to, you may get a error message to the effect "file locked" or "insufficient permissions to preform this task" basically means the file is in use) it will replicate itself on next bootup |
beama (111) | ||
| 256521 | 2004-07-31 08:04:00 | tweak'e, this looks exactly as you suggest, I have full update, and no I can't remove the files because even a text search can't find them. I am going to run Beama's suggested resolutions, I will post result, thanks | j.w.knowles (3251) | ||
| 256522 | 2004-07-31 08:36:00 | Thanks Guys, Stinger appears to have dealt to the problem, trojan was imbedded in Windows Explorer.exe | j.w.knowles (3251) | ||
| 1 | |||||