Results 1 to 10 of 10

Thread: Trojan Virus destorying my OS!!!

  1. #1

    Unhappy Trojan Virus destorying my OS!!!

    Son of a B*tch!!!! I have Norton Anti-virus running with LiveUpdate on. I downloaded a file with a Trojan virus in it. Notice computer was doing odd things like MSGR services being logged in at multiple locations. My quicken accounts had been tried to access w/ password, but I use a Sony encrypted password vault(Thumbdrive) that is separate from my PC. They wreaked havoc with IE Explorer and scripts...it was doing all kinds of crazy stuff!! This I figure was the access point after the Trojan was installed. It started corrupting my files, but luckily I did my weekly routine check with Spyhunter as a backup to Norton. Spyhunter found the virus, but not before it had done signifcant amout of damage to my OS. Hadn't took precautions to do a System Rollback so I had to use System Restore CD and use disks I had made of data to get everything back up...took me 2 days!!!
    I was pissed!!! The my problem to is I didn't have ZoneAlarm configured right also.

    Now I run ZoneAlarmPro, Spyhunter, PopupBlocker, Stealther 2.7, and PGP to encrypt files. I have also stopped using IE which was the main problem...I use Windows XP and run the Mozilla WebBrowser...and will probably using hushmail for OutLook.

    Do you think I have taken enough precautions and if not, what other measure could I take? The system Rollback feature, how exactly does that work...my understanding is that it rolls your system back to a specific day and time with all data still in place right? Anyone familiar with this feature?
    The smallest threat is usually the most dangerous.
    The Chosen One

  2. #2
    What trojan did you have?? I havent heard of the systems that you discribed. I'm just curious.

  3. #3
    I managed to get it on a disck and give it to a friend to look at in database. He said it is a new one or something and that he was going to report it and also send it to Symantec (Norton), McAfee, and a few others so it will be in database next time. Spyhunter was what found it though...it described it. Gave it a threat level of "Severe"...also warn that it was writing new info to system and changing other programs too. But will post it when he gets back to me...

    He also showed me how to tweek my setting correctly and get a little more secure..
    The smallest threat is usually the most dangerous.
    The Chosen One

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    217
    Norton AV wasn't good enough to protect from viruses, or trojans, or worms, this is the first words came out from my lecturer mouth who teach me in Computer Security when i ask him about Norton AV. He said he believes in Mcafee AV, and until today im still using Mcafee AV and Mcafee firewall. I hope you know what i mean.

  5. #5
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    666
    Any AV is as good as it's Virus Database, and against a New Virus/Worm/Trojan it is a sitting duck.

    Though in Heuristics mode thay do provide some protection against possible Virues/ Trojans. Most of the AV i have seen are not that effective against Trojans especially.

    And of course we all have our faveurites. I like AVG ( For Some Ovious Reasons $$). And i do a Online Scan Every week through Housecall.

    Now I run ZoneAlarmPro, Spyhunter, PopupBlocker, Stealther 2.7, and PGP to encrypt files. I have also stopped using IE which was the main problem...I use Windows XP and run the Mozilla WebBrowser...and will probably using hushmail for OutLook.

    Do you think I have taken enough precautions and if not
    Seems Well Enough. But remember to prorerly configure your firewall, a improperly configured firewall as bad as having no firewall . If you are using Firefox i don't belive you need a PopupBlocker. it has a inbuilt popupblocker. Can i suggest a trojan remover like MooSoft The Cleanet would be a great Addition.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    217
    MooSoft The Cleaner is quite good remover because I can't compare it with another remover, but I'm still using it till now... Popblocker I'm using Google tollbar.

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    Originally posted here by The Chosen One
    I managed to get it on a disck and give it to a friend to look at in database. He said it is a new one or something and that he was going to report it and also send it to Symantec (Norton), McAfee, and a few others so it will be in database next time. Spyhunter was what found it though...it described it. Gave it a threat level of "Severe"...also warn that it was writing new info to system and changing other programs too. But will post it when he gets back to me...

    He also showed me how to tweek my setting correctly and get a little more secure..
    heh...you shoulda had this guy remove the trojan for you.

    1) I would see what processes are running. (ctrl+alt+delete) Kill anything that looks strange.
    2) Run Hijack this and post the logs here for people to examine. Tutorial from soda_popinsky
    3) download and run TDS-3 here This should locate and kill the trojan as well as the cleaner as suggested above. I just like TDS-3.
    4) use these 2 online scanners to rule out virii

    a)pandahttp://www.pandasoftware.com/actives..._principal.htm
    b) trend micro house call http://housecall.trendmicro.com/

    In the future be careful what you download. good luck




    NORML

    Signature image is too tall!

  8. #8
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    System "RollBAck" or Correctly System REstore,

    This is a handy and bloody dangeros tool that is a part of win XP and ME.

    It basicly Restores your registry and System Files to a previous state, the problem is it will also restore any Virus, trojan or Worm that may have been lurking in the system at the time as well. Oh and keep the Malware that may already be in the machine..

    It is great for problems involving the following:

    1/ Software installations that have gone bad
    2/ Driver updates or New HArdware installation that go wrong
    3/ System files that have become corrupt
    4/ Removing some (not all) recent WIn updates, that appeasr to cause problems

    What the Restore feature is not used for:

    1/ removing Virii
    2/ Removing Worms
    3/ Removing Trojans

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Undies is right,

    "System Restore" has to be deactivated to do a proper malware cleaning job...........all the AV providers' sites have instructions.

    Whilst you are at the TDS3 site (DiamondCS) please download their free tool "RegistryProt"......most malware tries to amend the registry so this is a "must have" IMHO

    So you are a "wannabe paranoid"

    http://www.winpatrol.com (Winpatrol)
    http://digilander.libero.it/zancart (Winsonar)

    Winsonar is interesting, it sort of "registers" normal Windows proggies, but scans for new background processes.............you are then prompted to allow or disallow them.

    When you are on the internet you can set it to kill any new background processes that try to start. It warns you, but you do have to switch it off when you are updating stuff deliberately

    Cheers

  10. #10
    Junior Member
    Join Date
    Mar 2003
    Posts
    10
    There are a couple of interesting comments about this attack, first the Trojan/Virus is "unknown" Trojan activity is usually pretty spercific, i.e. mouse pointer going nuts, CD draw opening, applications starting in the back ground.

    Also the fact NAV didn't detect (was the application updating correctly??).

    You mention that you were running ZAPro, I know from experience that if and when an application request's access to the "net" the first time with ZA, a popup appears to ask if you want to give it access, for those bizzare things to have happened and for them to be caused by a trojan would mean that you gave the trojan access and weren't paying close attention, even so after you realised the issue you can turn on the "Internet Lock" in ZA, that would have stopped the erratic behaviour.

    Finally I have just recently converted to LINUX, and I'm pleased to say the install and configuration went Sweet As !!!
    Lack Of Planning on your part Does NOT constitute an EMERGENCY on mine !!!!!!!!!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •