-
July 22nd, 2003, 08:23 PM
#1
Junior Member
Slave.exe trojan
i just checked up the processes running on my system and found that Slave.exe was up and active..
when i did a search on google it appears to be some kind of a trojan..
any advices how to disable that from the client side.. I am on a network and have win xp installed in the system.
--i couldnt delete the registry key/ doesnt allow me to do that--
-
July 22nd, 2003, 08:28 PM
#2
It sounds like you have the Backdoor.RA trojan. First of all, you will need to stop the slave.exe process. You can just go in the task manager, right click on the slave.exe item and select "End Process" or "End Task". Then you should be able to delete the registry key assuming you have admin privs on the machine. Then scan your machine with viruses either with a good app like Norton or an online scanner. If you need more help, just PM me.
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
July 22nd, 2003, 08:29 PM
#3
http://www.bitdefender.com/index.php
has some stuff... most any antivirus will be able to handle that as well... is not kaspersky antivirus free? http://www.kaspersky.com/
yeah, I\'m gonna need that by friday...
-
July 22nd, 2003, 08:34 PM
#4
Junior Member
i dont have the adim previliges :-(
is there anyway i can do that without the previliges
-
July 22nd, 2003, 08:40 PM
#5
If you don't have admin privs, ask someone who does to take care of it. If you are at your job, ask your IS guys to take care of it. Thats their job, not yours. In fact, they might get pissed if you crashed your machine trying to repair a trojan. If that's gonna take too long, just kill slave.exe every time you reboot until they can fix it.
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
July 22nd, 2003, 08:42 PM
#6
well slave.exe is Remote Anywhere...software's server for controlling ur PC remotely....if u r on school/college/workplace network...it may be quite possible that ur administrator has installed it...check out with ur admin...else if it is ur personal PC...and it is without ut knowledge...who installed it..get rid it as soon as possible...
it is located in your windows or /windows/system directory....it is a hidden file...the icon is that of red ring........kill it from processes and then delete the file...or edit ur registry to do so.....check out in tutorials section u will find a tute related to autostart locations in windows registry...
Ch33rs
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
July 22nd, 2003, 10:41 PM
#7
Junior Member
thanks for your advices--
i just got hold of a sys admin and deleted the files and the registry values..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|