MAJOR problem
Results 1 to 10 of 10

Thread: MAJOR problem

  1. #1
    Junior Member
    Join Date
    Dec 2002
    Posts
    10

    MAJOR problem

    well, i have downloaded a game called mario.exe which is a trojan
    making that mistake two major problems appeared

    1) my sisters pc got trojaned

    2) an old dumped terminal owned by HellenicAirForce got trojaned too (theres a firewall running, but this doesnt mean that i dont have to clean thing up)

    i did a Norton Anti-Virus scan but it didnt find anything suspicious, i cant install a firewall in my sisters pc cause shes yelling at me that "she doesnt want this crap that use her valuable RAM" (shes a grafist) heh, what do we need sisters anyway?)

    i have erased mario.exe ofcourse but when i am doing a netstat ports 137, 138 (netbios ports) and 1030 are wide open
    i tried some sub7 cleaners but are outdated or ...dead

    thanks!
    n/a

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    Hey, few questions:

    What OS are you running?
    Do you still have the mario.exe file or know where you got it from? It can be scanned to find out what it is, then from that you can find out what it does, and how to undo it. Tell your sis to BUY MORE RAM, geez, firewalls dont eat up THAT much resources....
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    first off.. welcome to AO

    are you sure you have the latest definition files for norton ?
    (it's an old worm)

    mcafee say this is W32/Foxma.worm (a floppy worm)
    http://vil.nai.com/vil/content/v_99614.htm

    and norton's says it's also called: WORM_FOXMA.A, Win32.HLLW.Foxma, W32/HLLW.Foxmango, PE_HLLW.FOXM.A, Win32.Foxmagno, W32/Foxmagno
    http://securityresponse.symantec.com...w32.foxma.html

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    download the cleaner from www.moosoft.com its good for a 30 day trial its worth the money when the trial is up to this will scan and remove all traces of trojans from you're system
    EDIT:After reading sumdumguys post it does look's like a worm i didnt do much reading in to this downloading and running the cleaner wouldnt be a bad idea any way
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    heh.. prodikool (hehe ) ... "suedubguys" shoulda mentioned (like you did) to try out and continue to use(and keep updated) a worm scanning tool like "the cleaner" ..

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    heh.. prodikool (hehe ) ... "suedubguys" shoulda mentioned (like you did) to try out and continue to use(and keep updated) a worm scanning tool like "the cleaner" ..
    he he he lmao i didnt even notice my dodgy spelling :P and he has unasigned ports open (1030)which is assigned to the service BBN IAD which i dont have a clue what that is so running the cleaner wouldnt be a bad idea any way thats why i suggested it
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  7. #7
    Junior Member
    Join Date
    Dec 2002
    Posts
    10
    thanks for the info, i ll try the cleaner

    i do have the latest virus definitions btw

    something else, someone told me that it can be solved from dos, boot from dos and scan the drive for trojans from dos. i ll need a rescue disk though, does anyone know how to do the scan via dos?
    thanks
    n/a

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    lol@prodikal..

    \dev\hdc .. why dont you try the manual removal methods that I gave you in those two links.
    well.. try the cleaner first.. but always go back and check the registry keys for it after.

    I'm surprised that norton didn't pick it up.. what version engine are you running?
    as for av scanning in dos.. I like to use f-prot
    http://www.f-prot.com/products/fpdos.html

  9. #9
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hi there....

    i have erased mario.exe ofcourse but when i am doing a netstat ports 137, 138 (netbios ports) and 1030 are wide open
    i tried some sub7 cleaners but are outdated or ...dead
    uhm.......those are not trojan ports

    or am i missing something here.

    By the provided information i presume your on windows.

    Maybe try getting a programm called adaware, and scan your computer with that tool. (as prodikal has mentioned from moosoft).
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  10. #10
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    And goto www.agnitum.com and get their outpost firewall to close those netbios ports.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •