Can anyone help? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Can anyone help?

  1. #11
    Junior Member
    Join Date
    Jan 2004
    Posts
    5
    Ok, rebooted into safe mode & decided to try & manually delete the amee file & it worked.

    Must have been some kind of trojan?

    Thanks for all your help with this folks, much appreciated

  2. #12
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    COMPLETELY uninstall norton and all it's affiliates, and delete all the files left over from it, then reinstall norton from scratch. It sounds like Norton probably got corrupted, hence you might still be infected.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  3. #13
    Junior Member
    Join Date
    Jul 2004
    Posts
    15
    graemejaxx, normally I would recommend that you backup any data that you need, wipe the hard drive, and do a complete re-install. That is pretty much a "best practice" kind of thing to do after an attack, theory being that the attacker may have installed or done something that at this time you can not detect. However, I understand that this may not be an option for everyone, including your self...

    So, assuming that you are on a home network I would recommend that you run a sniffer such as tcpdump or ethereal this should give you a good idea of what is being broadcast from or sent to your box. Next, I would recommend that you take a visit to http://www.rootkit.com. Download the windows rootkit detection utility, and let it run. I say this, because I recall hearing about a rootkit that infected Norton's various utilities. I hope this helped a little.

    P.S. Just because you deleted a file, and no longer see a process when you "Ctrl-Alt-Del" does not mean you dont have a hidden process still running at kernel level.

    -Shell_Coder

  4. #14
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    is he running 2 personal FW or am i wrong?
    NIS and Kerio?
    if i am correct, is there any kind of potential conflict, besides performance?
    l
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #15
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Hmm, probably is making some sort of conflict... maybe thats how he got the trojan/spyware/WTF ever it is...
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  6. #16
    Banned
    Join Date
    Jul 2004
    Posts
    297
    of course all i could find of a file named amee.exe is search bars so it could be spyware related. If all else fails try running an updated copy of spybot search and destroy.

    (edit) and just out of curiosity, Do you remeber what folder it was in? The directory that it was in could be a real clue as to what it was(/edit)

  7. #17
    Junior Member
    Join Date
    Jan 2004
    Posts
    5
    Hi, it was in Application Data.

    Norton actually picked up the 'amee' prob prior to me installing Kerio and i don't appear to have had any conflicts from the two.

    I've actually compeltely uninstalled Norton now anyway as my sub was up.

    I'll try the rootkit program and see if that throws anything up.

    Will keep you guys updated.

    Regards
    G

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides