Trojan in Startup Folder
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Trojan in Startup Folder

  1. #1

    Trojan in Startup Folder

    If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    207
    most likely... depends on WHAT trojan he put in there... do you know which one it was?

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    If it works...yes

    Please update your AV product and do a full scan, heuristics on, scan ALL files etc.

    Get Ad-aware from Lavasoft and run that.

    Get SpyBot Search & Destroy and run that.

    You should also be running a firewall, Zone Alarm is a reasonable free one.

    Hope this helps...good luck

  4. #4
    I got it... i downloaded trojan killer(or something with a name like that) and had it kill it. Also, i run norton internet security firewall(thats ok right) and i have Norton Antivirus. I think i'm doing fine lol.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    207
    out of curiousity... what trojan did ur "friend" put in the startup, did you notice?

  6. #6
    I think it was sub7(because it was listening on port 27374) can't be sure though.

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    207
    ya, could be.... but ur AV didn't pick up on it?!?!???!

  8. #8
    Norton ANtivirus won't tell you a virus is there unless you are looking at the folder(i don't know why) but i portscanned myself and saw 27374 open so i freaked out and looked for where i could have got it form and i saw "server.exe"(he could have been a little more creative than that couldn't he) in my startup folder so then i scanned with AV and got it. I know it was a stupid question to post here but i really wanted to know if thats where ig ot it from or it there were more than one on my computer at once.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    472
    well u could use a firewall to block access to those ports.....search for posts on personal firewalls here on AO...and also u can run msconfig to remove unwanted softwares at startup....remove anything unwanted from ur startup folder......
    and use this tool called winstartup to see and remove unwanted software that starts from regsitry
    http://www.rjlsoftware.com/software/.../default.shtml

    hope would help u and others too
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  10. #10
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    hmm U mean you haven't done a full scann with NAV?
    Besides.. this also means that NAV was turned off while your friend installend the Trojan
    It also means NAV was off whe YOU restarted the machine..
    Or You or your friend changed the setting in NAV to prevent the Activescan

    Run the removal tools in safemode.. also there are tuts on the removal of Sub7..try one of these links:
    http://www.hackguard.net/sub7adv3.htm
    http://www.geocities.com/Pentagon/Qu...new/sub7guide/
    http://www.google.com/search?sourcei...emoval+of+sub7

    I do recommend the third link..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •