Help - Ive Got a Trojan....! any PC XP experts out there..?

Welcome to Old Skool Anthems
The Old Skool Resource. Since 1998.
Join now
K

Konspiracy

Active member
Sep 9, 2002
4,466
2
38
51
Was Manchestoh, Now Yorkshire
My laptop seems to have contracted a rather nasty trojan from god knows where (Its not a porn site...honest...;))

I use a real time scanner from ETrust Antivirus and as of yet it hasnt identified the name calling it an unknown. It pops up every 10 minutes and gets zapped by the heuristic engine on the Virus checker.

By the looks of it, it is dropping a .exe file (always a random numerical name value) into the system32 folder in Windows every 10 minutes. There must be an entry in the Registry somewhere running a process but I havent the foggiest where it might be. Ive checked the current control sets on the local machine and the user but I cant find anything.

Anyone had anything similar, Ive a feeling this is a new malicious git written by some right spotty gimp that has just started doing the rounds:cry: :cry:
 
E

Elev8/Levit8

New member
May 8, 2006
1,579
0
0
Nasty lil buggers these... get rid, don't leave it on there...
Sometimes you can zap the beggars by booting into safemode & running full system scans with an anti-spyware prog... Ad-Aware's not bad, but I prefer one called Ewido security suite (i think there's a free 30-dayer on the website). This isn't guaranteed to get rid of them though.

There is a formula you can follow to remove these but you've really gotta know what yer looking for.
The method I would use for getting rid is quite painful... register at an anti-spyware forum (there are plenty on the tinty) and talk to some of the geeks on there. They'll probably direct you to download 2 or 3 dos utilities which do specific cleanups & produce logs, run em, post yer logs on the board & they'll walk you through getting em cleaned up completely. Be warned it can take multiple runs & a few days... if you've only got one, hopefully it won't be that bad...

They use random number generators for filenames so you can't quarantine em, & there'll be a set of registry keys which get changed each time you log on giving the locations of the nasty files which are only valid for one windows session (ie they change each time you reboot). As well as the exe, there's normally at least one DLL which controls them & is hooked by Windows services manager, so there's an open handle on the file as soon as windows starts so you can't delete it even if you find it (hence safemode). Because it's a moving target, and buried quite deep in the registry & OS my advice would be seek help. There are messageboards out there full of peeps who specifically deal with handling these & helping peeps remove them. If I can find a URL to the board I've used in the past, I'll post it. Good luck fella. Welcome to a total pain in the arse. Hopefully you'll be lucky & it won't be this bad, but I've had experience with these things & they ain't fun.
 
E

Elev8/Levit8

New member
May 8, 2006
1,579
0
0
This utility seems to remove more than most...
Run it (FULL scan) and if yer nasty comes back, try it in Safe Mode
Ewido Anti Spy/Malware

Here's a geek forum. Register & bung a new thread on here if you can't shift it & someone here will help you. This is the longwinded but guaranteed approach...
Anti-Spyware forum
 
K

Konspiracy

Active member
Sep 9, 2002
4,466
2
38
51
Was Manchestoh, Now Yorkshire
Cheers for your help

After clearing about 30 or so new Trojans Ive found with a combination of proggys I still cant clear this fecker that pops up every 10 minutes

Elev8, what you are describing is exactly what is happening, the fecker is regenerating itself on each reboot and none of the progs Ive tried can find it:cry: :cry:

Im gonna give it a few more gos then give up and just rebuild it, anyone got an XP boot disk lol:cry:
 
E

Elev8/Levit8

New member
May 8, 2006
1,579
0
0
did you do the forum/log posting thing?
they WILL be able to get rid of it for you to save a rebuild... just takes time is all...
all the spyware cleaning apps essentially work the same way and i've never found one that shifts these fuckers painlessly.
best way forward depends on how much of an arse-ache it is for you to rebuild...
Get yerself a snide copy of ghost mate & stash an image away once you've put all yer apps back... saves loads of time in the long run... you can rebuild whenever you feel like it in a matter of minutes. Rebuilding regularly is ultimately the only way to keep windows running fast...

If you were serious about needing a bootdisk... Go Here

Sorry if I'm stating the obvious, but you should also run Summat like this

Soz you couldn't shift it mate... PM me if i can help with the Ghost thing...
 
M

MizzDeedz

New member
May 6, 2006
1,761
0
0
the trojan is most probobly hiding in a restore point. when you have run all your anti spyware and anti virus/trojan cleaning and deleted off the crap you need to the TURN OFF system restore and run them again. When the system is fully clean you need then TURN ON system restore.

Virus's and Trojans are notorious for hiding in a restore point and regenerating when the owner thinks the pc is cleaned.

Hope this helps.
 
S

Str33tb0y

New member
Sep 14, 2005
2,066
1
0
49
MizzDeedz said:
the trojan is most probobly hiding in a restore point. when you have run all your anti spyware and anti virus/trojan cleaning and deleted off the crap you need to the TURN OFF system restore and run them again. When the system is fully clean you need then TURN ON system restore.

Virus's and Trojans are notorious for hiding in a restore point and regenerating when the owner thinks the pc is cleaned.

Hope this helps.
Click to expand...


yep sound advice that :thumbsup: its another reason why I leave System restore turned OFF!


ive got a multitude of hard disks so i can back everything up to a seperate drive, Plus I have a seperate drive just for windows makes rebuilding a piece of piss! :)
 
K

Konspiracy

Active member
Sep 9, 2002
4,466
2
38
51
Was Manchestoh, Now Yorkshire
Finally got rid of the fecker:D

Turning off System Restore was one of the first things I tried:)

I was leaving joining a forum or rebuilding as a last resort and downloaded a binload of programs such as ewido (which crashed my system), Panda, Spyware Doctor, even tried a few more anti virus scanners such as Avast (which made it run like a dog). I tried running all of them in Safe Mode as well as after XP had loaded.

None of the above fixed it

I then loaded Counterspy Spyware removal and it found 3 further items, an rpcc spammer disguised as another .exe file (a shitty little prog that sends spam emails from your computer), a keylogger that sends info from chat based progs, and the last of which was the main culprit, a backdoor trojan that was properly embedded in the registry, set to replicate itself on every reboot and generate files at regular intervals

Id like to tell you the name of it but after I deleted it from Quarantine I cant find the log:D :$

If anyone has anything like this download Counterspy:thumbsup:
 
M

MizzDeedz

New member
May 6, 2006
1,761
0
0
K

Konspiracy

Active member
Sep 9, 2002
4,466
2
38
51
Was Manchestoh, Now Yorkshire
MizzDeedz said:
here are some links to anti virus and antispyware sites > i can recommend them all and especially spyware blaster - which is a good program to install.
remember once you have installed them to run the updates first and then scan the PC.


spybot search and destroy
The home of Spybot-S&D!

ewido
AVG Free Advisor: ewido anti-spyware Free

ad aware se personal
Ad-Aware SE Personal - Software - Lavasoft

spyware blaster
SpywareBlaster

avg anti virus
AVG Free Advisor: AVG Anti-Virus Free
Click to expand...

I tried all of these but it didnt fix the trojan I had:S

Spyware blaster seems to be good as a preventative measure rather than a cure:thumbsup:
 
E

Elev8/Levit8

New member
May 8, 2006
1,579
0
0
Good to know fella, cheers for the thread update... I'd not heard of counterspy.
Great that there are now things which can get rid of these replicating fuckers in one scan...

:thumbsup:
 


Top Bottom