Trojan Horse
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Trojan Horse

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    137

    Trojan Horse

    im using AVG as my anitivirus
    and it detected a TROJAN but it seems not it couldnt delete it or MOVE TO VAULT or HEAL it.

    and here are the following detected TROJANs
    Trojan Horse Downloader.Agent.2.V
    Trojan Horse Downlaoder.Agent.2.S
    Trojan Horse Downloader.Agent.2.U
    Trojan Horse Dropper.Delf.3.L
    Trojan Horse Cliker.AJ
    Trojan Horse Downloader.Rameh.E
    Trojan Horse.1stbar.3.BN
    Trojan Horse Downloader.VB.4.B
    Trojan Horse Dropper.Exebundle.Ah
    Trojan Horse.Keenval.N

    I also tried the online scan MICRO TREND
    it didn't detect any of this trojans

    POST PLS.

  2. #2
    Banned
    Join Date
    Aug 2004
    Posts
    30
    I think its most likley in the drive:/System Volume Information folder, which is not accessable, i had the same problem..

    boot to safe mode...open a folder, go to tools->options and enable viewing Protected SYstem Files....Right-click the System Volume Information folder in the root folder, and then click Sharing and Security...clikthe Security tab.
    then click add, and then type the name of the user to who you wanna to give access to the folder(your username is usually good enough, and click find or search when u enter ur username, it will add the correct location of the username) . Click OK, and then click OK.
    And now you're able to access the folder, you can see which files AVG found and remove them manually or let AVG remove them....if this doesnt help, post again !

    Im assuming your running XP from your profile info !

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    As Wav has suggested is one way of doing it.

    My self, I am lazy and would rather let a good tool do all the hard work. And for a good tool, I would suggest either SwatIt (Freeware) @ http://swatit.org/ or The Cleaner (which has a 30 free trial) @ http://www.moosoft.com/
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Actually, the simple fix would be to turn off system restore and run AVG again in safe mode logged in as the administrator.

    Wav (Memory, Nemory, Encrypt_This, Sysadmin1984) you need to take the vacation that the mods told you to take. I realize that you're trying to help with this post, but the community as a whole is pretty well fed up with you....take a hint and take a hike.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  5. #5
    Junior Member
    Join Date
    Aug 2004
    Posts
    3
    If they are in the Restore volume, follow the suggestion from allenb1963. He is right on the mark.

    If not......
    Sometimes AVG, or other AV scanners, can't remove viruses even if they don't reside in the Restore volume. They are a running process with system attributes. Trying to delete them manually will often times fail in the Windows GUI. Here is something I found that works well.

    Get the free tool called Process Explorer from Systernals.
    Process Explorer
    It comes in 3 flavors: NT, 9X/ME, and 64 bit. Get the one that matches your system.

    This tool will give you more info on the running processes on your computer. Make note of the suspicious processes and their locations. Also note other processes below it in the process tree, if they exist. You will need to eradicate all of them to rid yourself of the infection. Also note any known needed system files that are below the offending file in it's process tree. Chances are the legit file is corrupted and will need to be reinstalled from a clean source, such as your install CD. If you aren't sure if it is a needed file of not, ask Google. He is your friend.

    Then, uncheck the boxes for all instances of these files in MSCONFIG in the Startup tab.

    Then, start REGEDIT and delete ALL entries for these files in ALL the registry Run keys in:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

    and in

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion

    Next, with list in hand, boot to a command prompt. Boot with a floopy or restart to "command prompt only" in 9x or ME. Boot with your CD in XP and go to Recovery Console. Navigate to the unruly files' directories. Change the file attributes with:

    ATTRIB filename -R -A -S -H
    This clears the files protected attributes.

    then

    DEL filename
    This deletes the file.

    Bye bye virus files.

    Best of luck. Hope this helps you.

  6. #6
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Symantec's Virus Encyclopaedia (http://www.symantec.com/avcenter/vinfodb.html) has a wide range of viruses, and explains how to remove them. If you can't find it there, try AVG's own Virus list at: http://www.grisoft.com/virbase/virba...earch&type=web . If not, you can just search in google.com for removal instructions, and it's done! No more viruses!

    EDIT

    As some1 above said, make sure to take off System Restore first!
    TAZForum <---- click

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    As some1 above said, make sure to take off System Restore first!
    Yes we say this not because our health improves by doing so.. but because it Works just because many help forums seem tto get off with drivel and never advise to disable system restore OR Clear the PreFetch Folder (win xp) when removing Malware.. The clearence rate is very low.. re-infection is high, why? because the restore files were not cleared correctly/completly/at all..
    Be sure to check the Registry entries for these buggers as well.. Do a manual search of the Registry on the file names identified.. some Av's and Cleaners may miss some reg entries.. Some of this crap relies on reinfection by placing key's in the reg.. cool huh..

    Hey Guys.. Had a machine that had been laced with Adware trojans, CWS and friends.. the customer had only signed on with an ISP 3 days earlier. the machine had become slow and some sites wouldn't come up when on the net. A "friend" advised that the hdd was full and to clean the HDD.. Well that they did.. they got rid of ALL the un-needed files.. the TMP, the CAB.. and what the F are these DLL's yep deleted..
    trouble is they didn't remove any of the CWS, and misc downloader trojans, and porn dialers..
    they musta deleted a lot.. the 10g Hdd (with win 98se) had 94% free space.. Good advice huh?

    hey Wav.. have a play with BartPe.. very handy.. very..(very dangerous if you don't know what you are doing too)

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Senior Member
    Join Date
    Jun 2004
    Posts
    137
    I decided to run AVG at safemode and logged as a administrator
    but my problem is i couldnot enter safemode.
    after pressing F8 at choose safemode with networking and then logged as administrator but when configures its personal settings it suddenly restarts.
    I tried many times guys to enter safemode but im not luckly enough to enter it.
    could anyone help in this problem. its giving a hardtime entering at safemode.
    POST PLS.

  9. #9
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Did you try regular safe mode (without networking)? You have no need for networking to do the task you are wanting to do. If all else fails, log on as a normal user and turn off your system resore and run AVG. Go download AdAware and Spybot and run both of them. Those 3 programs should be able to clean your system out.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  10. #10
    Senior Member
    Join Date
    Jun 2004
    Posts
    137
    thanks guys

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides