-
May 9th, 2003, 11:18 PM
#1
Banned
How do i erase a Ring zero Trojan from my pc
I keep getting an intrusion on my firewall that the ip 63.198.17.106 keeps trying to enter through port 80 and a few otha ports, and it mension Ring Zero Trojan in the warning message, maybe theres a trojan in my system or his trying to get throught the port that Ring Zero Trojan uses to open, HOW would i go by to check and/or erase this trojan from my system, would appreaciate the help! Thanks!
-
May 9th, 2003, 11:27 PM
#2
Member
what's ur OS?
if windows
trace it through the registry then remove the string
-
May 9th, 2003, 11:54 PM
#3
Two questions
1) Can a trojan enter through port 80?
2) I've tried searching for Rising Zero Trojan, and nothing comes up, are you sure this is the name of the trojan.
To get rid of the trojan, goto www.moosoft.com and download the trial version of The Cleaner, run a scan and then delete the trojan.
It is impossible to make anything foolproof because fools are so ingenious. - Murphy
-
May 10th, 2003, 12:51 AM
#4
you still don't acctualy know if you have a trojan.....some one tried to port you on port 80, port 80 is the HTTP port, but also some trojans use it....so far...theres no proof that you have the trojan, furthermore, the firewall is intercepting all the data any how...
ok...heres what you do..
goto Run in the start menu, type in cmd(xp/2k)/Command(9x/ME(?)) ( ok..that was "CMD" if your on a XP or 2k System, "Command" for any thing else.)
A DOS like window will pop up
type in Netstat -an
It will produce a list of IP's and ports...look for the port 80, if you find it and it says "LISTENING" next to it, then you need to look more into this trojan, if not...then ou don't have a trojan on port 80 (Dosn't mean you don't have a trojan though)
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
May 10th, 2003, 11:10 AM
#5
Well if you had used google you would have found this link among many other
http://www.f-secure.com/v-descs/ringzero.shtml
and as said previously.. just because some one scanned the port isnt to say you have the trojan.. your concern level may increase if it was an outbound attempt..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
May 10th, 2003, 12:34 PM
#6
*Moved from Antionline: How do I?*
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|