August 16th, 2003, 08:53 PM
Trojan in Startup Folder
If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?
August 16th, 2003, 08:58 PM
most likely... depends on WHAT trojan he put in there... do you know which one it was?
August 16th, 2003, 09:17 PM
If it works...yes
Please update your AV product and do a full scan, heuristics on, scan ALL files etc.
Get Ad-aware from Lavasoft and run that.
Get SpyBot Search & Destroy and run that.
You should also be running a firewall, Zone Alarm is a reasonable free one.
Hope this helps...good luck
August 16th, 2003, 09:20 PM
I got it... i downloaded trojan killer(or something with a name like that) and had it kill it. Also, i run norton internet security firewall(thats ok right) and i have Norton Antivirus. I think i'm doing fine lol.
August 16th, 2003, 09:26 PM
out of curiousity... what trojan did ur "friend" put in the startup, did you notice?
August 16th, 2003, 09:35 PM
I think it was sub7(because it was listening on port 27374) can't be sure though.
August 16th, 2003, 09:46 PM
ya, could be.... but ur AV didn't pick up on it?!?!???!
August 16th, 2003, 09:51 PM
Norton ANtivirus won't tell you a virus is there unless you are looking at the folder(i don't know why) but i portscanned myself and saw 27374 open so i freaked out and looked for where i could have got it form and i saw "server.exe"(he could have been a little more creative than that couldn't he) in my startup folder so then i scanned with AV and got it. I know it was a stupid question to post here but i really wanted to know if thats where ig ot it from or it there were more than one on my computer at once.
August 16th, 2003, 11:11 PM
well u could use a firewall to block access to those ports.....search for posts on personal firewalls here on AO...and also u can run msconfig to remove unwanted softwares at startup....remove anything unwanted from ur startup folder......
and use this tool called winstartup to see and remove unwanted software that starts from regsitry
hope would help u and others too
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
August 17th, 2003, 02:49 AM
hmm U mean you haven't done a full scann with NAV?
Besides.. this also means that NAV was turned off while your friend installend the Trojan
It also means NAV was off whe YOU restarted the machine..
Or You or your friend changed the setting in NAV to prevent the Activescan
Run the removal tools in safemode.. also there are tuts on the removal of Sub7..try one of these links:
I do recommend the third link..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr