Trojan Slanret Removal help
Results 1 to 8 of 8

Thread: Trojan Slanret Removal help

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    149

    Trojan Slanret Removal help

    Hello all, my brother has this trojan on his box, and cant seem to get rid of it.

    I am only slightly more advanced than him in computer knowledge, and it is also difficult for me to assist him in the removal.

    I searched here for related posts and found this one which explains about it being some sort of root kit thinga ma jiggy.

    I also went to symantec
    But it's not as straight forward as i would like to explain to my brother how to remove it.

    Can anyone here help me to understand the best way to remove it, he has xp home, norton a/v.

    Any help would be greatly appreciated, cheers
    TidaL.....

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    I'll try to make it simpler than Symantec puts it:
    1) Turn off System Restore: http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
    2) Update Norton AV and do a full system scan from Safe Mode. (To get to safe-mode, tap F8 as the computer is booting up, then choose Safe Mode. 90% of the time, the key to press is F8. If your computer is different, try the different F keys until you find the right one.) I would recommend removing anything it finds.
    3) Open up the Registry Editor, (Start -> Run -> "regedit" -> OK) and delete this key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ierk8243 BACKUP YOUR REGISTRY FIRST! http://service1.symantec.com/SUPPORT...d/199762382617

    If you have any further questions or want me to elaborate on certain steps, reply and I'll answer as quicky as possible!

    - Xieriox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I dunno... Can your brother read the Symantec link... It's fairly straightforward:-

    Additional information:

    If the Trojan was successfully installed on the computer, an unauthorized user may have remotely accessed your system. For this reason, it is impossible to guarantee the integrity of an infected system. The remote user could have made changes to the system, including but not limited to the following:

    * Stealing or changing passwords or password files.
    * Installing remote connectivity host software, also known as backdoors.
    * Installing keystroke logging software.
    * Configuring firewall rules.
    * Stealing credit card numbers, banking information, personal data, and so on.
    * Deleting or modifying files.
    * Sending inappropriate or even incriminating material from a customer's email account.
    * Modifying access rights on user accounts or files.
    * Deleting information from log files to hide such activities.


    To be certain that your organization is secure and to ensure that your systems are safe, re-install the operating system, restore the files from a backup made before the infection occurred, and change all the passwords that may have been on the infected computers, or that were accessible from it. For more information regarding security in your organization, contact your system administrator.
    Seems pretty clear to me.... If he got lucky and was not yet further exploited then the Symantec removal instructions will work fine.... But since you volunteered the information you did regarding your brother I have a question:-

    How would he ever recognize if he had been further exploited after he "cleaned" the box?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    149
    Thanks for the speedt replies, yes my brother has a bad habbit of not taking serious the threats online, and doesnt take the time to protect his box.

    He is 350km away, so i havn't got access to his comp, all i can do is warn him of what will happen, and to maybe stop online banking,

    The best solution may well be to re-possess all those computers that are the speaders of such things, and to ban these users from even owning a game boy?????

    I will try to get up to his place soon, and could attempt to fix it properly, have him change all passwords from proberbly " my msn nic " to a more secure one "bash2511&tuxedo54%@<>?<>?<>?"

    Thanks again.....

    TidaL.....

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you charge an hourly rate of say $25/hour including travel time to protect him from this little "evil", I'm pretty sure that he'd begin to take these "little threats" more seriously.... That's some serious drive time.... then a backup, format and reinstall is a couple to three hours work plus materials.... Then you get to drive home.... Of course, he has to provide food, a bed and alcohol while you are there.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    If you charge an hourly rate of say $25/hour
    I'll do it for free

    but the travel expenses REALLY mount up
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7
    Senior Member
    Join Date
    Jul 2004
    Posts
    149
    I like the idea of $25 an hour, better i make that u.s. dollars as well, i phoned him with
    some depressing info on how so many people are getting their bank accounts cleaned out, and that an Australian I.T Proffessor wouldn't bank online, and this has convinced him to stop online banking, change his credit card details, and open another account for all his money to go into, one that won't be used online.

    I will be up at his house soon, so i will more than likely re-install, as long as he has still got all his cd's, there shouldn't be a problem.

    Would the rate increase if i had to re-install rather than just clean, could i charge say $50 an hour


    Anyways, thanks for the responses,

    cheers TidaL.....

  8. #8
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Fox, I don't pay travel expenses, but I'll put you up for a couple days (room and board) while you're fixing mine, or at least while we're getting drunk and cookin bbq.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •