| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80885 | 2007-07-08 05:26:00 | MIRC?IRCFlood - Help!!! | EFFIGY (12530) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 566980 | 2007-07-08 22:41:00 | Found this Googling sup.bat lists.sans.org getting out of my depth here but may help someone with more knowledge |
EFFIGY (12530) | ||
| 566981 | 2007-07-08 23:05:00 | Ok, well the next thing to try is. Get Stinger (download.nai.com) Download this and run it. See if it picks anything up. If this doesnt work then: Turn system restore off (if u have XP). Then boot into safe mode. Find these files (if they exist) and delete them in safe mode. aliases.ini away.txt fullinfo.bat fullinfo.lnk fullinfo2.bat fullinfo2.lnk fullname.txt hidewndw.exe ident.txt ipconf.bat ipconf.lnk memorat.txt mirc.ini netinfo.bat netinfo.lnk nicks.txt postcards.jpg procese.bat procese.lnk procese.txt remote.ini script.ini servers.ini servers2.ini setup.lnk sup.bat sup.reg sup2.bat sup2.lnk users.ini winspector.exe winspector.lnk It looks like it puts these in the registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Winspector_s <System>\drivers\shellz\sup2.lnk <-- This needs to be deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Winspector <System>\drivers\shellz\winspector.lnk <-- The bolded text needs to be deleted. Registry entries are created under: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\mIRC\ HKCU\Software\Microsoft\Microsoft Agent\ |
Speedy Gonzales (78) | ||
| 566982 | 2007-07-08 23:15:00 | Yay! I've found a file in Firefox\Profiles\default.m5v\Cache\1025B224d01 does't have the <script.ini> <sup.bat> <sup.reg> but according to the scan path its there. I'm in safe mode. should I delete it? |
EFFIGY (12530) | ||
| 566983 | 2007-07-08 23:16:00 | BTW Deep scan still running, dont dare do anything 'til it's finished | EFFIGY (12530) | ||
| 566984 | 2007-07-08 23:22:00 | Get ccleaner (www.filehippo.com) This is a direct link to ccleaner. This will delete whats in the cache and temp files etc. You'll have to close all browser/s, before u click on run ccleaner. Untick the toolbar opption, you dont need it. |
Speedy Gonzales (78) | ||
| 566985 | 2007-07-08 23:34:00 | If Trojan remover is still installed. open My computer, click on local disk (C: ) right mouse and select scan with trojan remover as well. |
Speedy Gonzales (78) | ||
| 566986 | 2007-07-09 04:29:00 | EFFIGY Run a CMD window and type in netstat -a this will show what/who is connected to your computer. IF it is an IRC trojan on your PC others can control your PC to flodd others and do other various things without your knowledge. Netstat might show up one or more sites connected. |
Bantu (52) | ||
| 566987 | 2007-07-09 07:23:00 | EFFIGY Run a CMD window and type in netstat -a this will show what/who is connected to your computer. IF it is an IRC trojan on your PC others can control your PC to flodd others and do other various things without your knowledge. Netstat might show up one or more sites connected. Hey thanks, Maxnet have sent me notice that Im approaching datacap, not somethin that usually happens, but I have don a few downloads too.. worth a check. Trojan Remover in its 3rd hour of scanning - is that normal? |
EFFIGY (12530) | ||
| 566988 | 2007-07-09 07:27:00 | EFFIGY Run a CMD window and type in netstat -a this will show what/who is connected to your computer. IF it is an IRC trojan on your PC others can control your PC to flodd others and do other various things without your knowledge. Netstat might show up one or more sites connected. Not showing anyone @ the moment.. but I'm hoping I've fixed it ...awaiting scan results |
EFFIGY (12530) | ||
| 566989 | 2007-07-09 07:28:00 | Trojan Remover in its 3rd hour of scanning - is that normal? 3rd hour? No it isnt normal! And did u do a scan in normal windows or in safe mode? Your hdd is either 1/2 dead, or it needs to be defragged,or your system is like 1 mhz! |
Speedy Gonzales (78) | ||
| 1 2 3 4 | |||||