Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Help: Persistant trojan horse!

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Help: Persistant trojan horse!

    aiight, ive had it upto HERE with this trojan. a friend of mine is havin a very persistant trojan. norton keeps on giving alerts that it found socks[1].exe and its a trojan, after deleting it, it comes back. and before u state the obvious, yes i know there is something thats generating the trojan again and again. and that is my dellima, i cant find the dropper.

    anyone here got some suggestions? ive been lookin around the web, and all i get are definitions of the trojan and ppl havin same unsolved problem.

    attached here is the screenshot of da norton alert.

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    s0nIc,

    Question...is this trojan the same as this...

    http://vic.zonelabs.com/tmpl/body/CA....jsp?VId=38456
    Zone Labs Virus Information Center

    a Mitglieder.J virus member?

    I tried to find your solution...but I think we might have to look under something else.

    Eg

  3. #3
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    If in Win ME, 2k or XP, disable system restore, then scan and remove in safe mode. Viruses and trojans LOVE those restore folders as they allow them to achieve an "immortality" of sorts.

    Hope this helped.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  4. #4

    Unhappy From Symantec

    Hi there s0nIc!

    This threat is quite old. It could already infected the system hard and down to the registry.

    Check this complete information and instruction from Symantec - Backdoor.Trojan http://securityresponse.symantec.com...or.trojan.html

    Since the OS is Win XP, you can find more technical information about the situation here - Common loading points of threats in Windows 2000/XP http://service1.symantec.com/SUPPORT...01060517115206

    WARNING: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to make a backup of the Windows registry for instructions.
    Hope it could help.

    -GONE
    an\"to*nym (noun) [Greek: a word used in substitution for another]
    A word of opposite meaning ; a counter-term ; used as a correlative of synonym
    - Dr. Gung-ho

  5. #5
    Banned
    Join Date
    Jul 2004
    Posts
    119
    the best way to get rid of trojans that are not sneaky is to remove the registry keys and check the win.ini. there is a tutorial by somone one here about the sneak trojans written by nihil i believe which can go deeper in depth. but knowing EVERYTHING that is suppose to start with windows on your computer is the main strategy to defend against trojans/spyware/malware. knowing your computer is the same as knowing your woman. if her snatch is sloppy you know shes been with another man earlier right?

  6. #6
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    lol u have an odd way of puttin it. but yeah i really dont know da computer myself coz its not mine, am just helpin out. but i did ask her to check her startup folder. im thinkin she could send me her hijack this log. i asked her to check her Program Files folder for any odd new folders coz i know thats where they usually multiply. check her windows temp folder aswell. alas no sign of the dropper. so my only hope right now is for her to send me the HijackThis log. and try ur suggestions.

    am thinkin the culprit is a .dll or a .bat.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Did you try what allenb suggested? (system restore off, boot to safe mode, rescan)
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Junior Member
    Join Date
    Apr 2005
    Posts
    2
    Turn off syste restore, clean the trojan, Use Crap Cleaner ( from www.ccleaner.com )and clean your system and then reboot................ This should so the trick........................
    If this does not work, use Hijack this t create a log file and give it to an expert or just post it here........

  9. #9
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    s0nIc, don't feel bad. I'm going through the identical situation you are. My brother's computer is infected with a trojan that posesses the same characteristics as yours does. This thing is a real s.o.b. I only had limited time (a couple hours) to work on this computer and here's what I tried to no availnormal mode scans were ineffective)
    -disabled system restore
    -booted into safe mode
    -ran Norton 2005, The Cleaner, and Spybot
    -both Norton and The Cleaner found the trojan (generically named "Trojan Horse") and claimed to clean it.
    -rebooted normally and Norton warnings went nuts. I was getting warnings just about every 20 seconds about a potentially infected ****.exe. The .exe files kept changing. I counted about 10 different .exe's that Norton warned me about being infected. In addition to that, M$ AntiSpyware kept giving me warnings about something trying to change IE Internet Settings to minimal security.
    I didn't get a chance to delve into the win.ini file nor the registry. I also haven't had a chance to run HiJackThis yet either. I do remember a malicious .exe running when I checked it via TCActive. It was LF00!.exe, I checked it out and found one website with that .exe listed under W32/Downloader.
    source
    I haven't had any time to work on it since but I'm hoping someone knows where this s.o.b of a trojan is residing and why the hell both Norton and The Cleaner can't get to it, even in safe mode with system restore disabled.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  10. #10
    Banned
    Join Date
    Jul 2004
    Posts
    119
    i remember years ago when trojans were becoming even more popular back in the mid 90's they used win.ini mainly because a lot of people still used windows 3.1/and 95 respectively. they were sneaky with the "run=" and "load=" lines in the win.ini file. what they would do is this:

    run= (lots of spaces) "c:\blah\trojan.exe" or
    load= " " "

    im not sure if they fixed that since 98+ but the average person wouldnt notice it even with notepad maximized when editing, the only real way to notice was using the scrollbar to scroll
    all the way over and also hitting end on such lines.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •