-
February 24th, 2006, 01:04 AM
#1
Junior Member
Trojan.Mailskinner
Can someone please help out? Warning received about trojan.mailskinner or trojan.skintrim.E.
Type trojan threat: high. Author Electronics Group.
Trojan.mailskinner is a trojan which allows remote access to the users box. Upon installation it will try to silently update itself and download additional malicious files.
How on earth did i catch that disease and how do i get rid of it?
Than you for helping out,
Ollie48
-
February 24th, 2006, 01:49 AM
#2
Member
How did you get infected? Many posibilitys:
Malicious web sites,
Peer to Peer,
Software you downloaded that came with it,
How to remove it. First if you run Win ME or XP disable system Restore.
http://vil.mcafeesecurity.com/vil/content/v_137368.htm
Here you see what hapened when it was installed, Get yourself
HijackThis
http://www.spywareinfo.com/~merijn/downloads.html
Startup Manager
http://www.mlin.net/StartupCPL.shtml
ItyBity Process manager.
http://www.spywareinfo.com/~merijn/downloads.html
Ewido trial version
http://www.ewido.net/en/
And you should already have an antivirus. ( Run a complete system scan)
Spybot
http://www.safer-networking.org/
Adaware
http://www.lavasoftusa.com/software/adaware/
Reboot to safe mode and remove the files noted in the first link I gave.
Use startup control Panel to remove the noted startup enterys
Scan with ewido, adaware and spybot.
Hope this info helps.
Basicaly you need to scan and remove any malware, then manualy check your startup list and task manager for any malware.
-
February 24th, 2006, 01:55 AM
#3
Hi
When you get a chance read this:How did I get infected
Then go to Trend Micro Housecall and follow their prompts.
As it is a trojan go and download Stinger and follow the prompts for removal..
Luck...
Edit: Run your scans and try to clean before you turnoff/disable System Restore, it is a get out of trouble free pass, if you mess up anything with the Highjack this scan, it's not a problem going back to a previous restore point even if it means bringing back the bad guys, as you want to ensure your windows settings are restored to what they were before you messed around with them...All about System Restore and Some more info
Note: do your scans in Safe Mode
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
February 24th, 2006, 02:01 AM
#4
Junior Member
Thank you, both of you.
-
February 24th, 2006, 02:24 AM
#5
I like Swatit
it's slow but it does a good job
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
February 24th, 2006, 05:43 PM
#6
I think the trojan is installed as part of the actual Mailskinner program, so you could try removing that if it's showing in Add/Remove Programs.
If the trojan still remains, try scanning in safe mode. Also what AV software are you using at the moment? May be worth trying Antivir (free) or NOD32 (free 30-day trial).
-
February 24th, 2006, 09:26 PM
#7
Member
I will also vouche for NOD32 sugested by @tt!tud3, it is indeed a very good antivirus in my opinion. I will be purchaseing it after my 30 days expires.
This is my second 30 day trial, since I just recently formated. NOD32 does not eat up my system memory and slow things to a hault like Norton and Panda did. Many commercial antivirus products have become bloated and start hoging your system memory.
In either case, make sure you not only have a antivirus but make sure it is up to date. Many people I have fixed computers for had out dated versions of Norton Antivirus and did not even realize they needed to buy a new subscription. Thus it had old virus signatures and was doing nothing. One of these people I discovered had over 100 viruses, no joke.
MyBox:
Asus P5VDC-MX
Celeron 2.8GHz
512MB DDR 400
WD 250GB SATA
DVD-ROM, CD-RW
Thermaltake 430W PSU
Netgear WGT624 Router
-
February 25th, 2006, 01:47 AM
#8
@tt!tud3 that cant possibly be the culprit...it says "no spyware" right on the page! (=!)
oeskinner.dll is a browser healper object. if there's no removal tool for this you could probably get it out using hijackthis
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 25th, 2006, 02:05 PM
#9
Hi Tedob1,
apologies, I saw a rather misleading thread which suggested it contained some nasties. Looks like you're right though, I just scanned the installer with NOD32 and it appears to be clean. Still not gonna risk running it though
None of which explains how the trojan got there. Without knowing more about your AV software, web browser, sites visited, etc. then it's very hard to say, but it could've exploited a vulnerability in IE if you're using that.
-
February 25th, 2006, 04:03 PM
#10
Hi,
Get the hosts file when you are done, http://www.mvps.org/winhelp2002/hosts.htm
It will help prevent going to places that might give you an infection.
Jonny Flond
Sarcasm is a way of life
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|