If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?
Printable View
If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?
most likely... depends on WHAT trojan he put in there... do you know which one it was?
If it works...yes
Please update your AV product and do a full scan, heuristics on, scan ALL files etc.
Get Ad-aware from Lavasoft and run that.
Get SpyBot Search & Destroy and run that.
You should also be running a firewall, Zone Alarm is a reasonable free one.
Hope this helps...good luck
I got it... i downloaded trojan killer(or something with a name like that) and had it kill it. Also, i run norton internet security firewall(thats ok right) and i have Norton Antivirus. I think i'm doing fine lol.
out of curiousity... what trojan did ur "friend" put in the startup, did you notice?
I think it was sub7(because it was listening on port 27374) can't be sure though.
ya, could be.... but ur AV didn't pick up on it?!?!???!
Norton ANtivirus won't tell you a virus is there unless you are looking at the folder(i don't know why) but i portscanned myself and saw 27374 open so i freaked out and looked for where i could have got it form and i saw "server.exe"(he could have been a little more creative than that couldn't he) in my startup folder so then i scanned with AV and got it. I know it was a stupid question to post here but i really wanted to know if thats where ig ot it from or it there were more than one on my computer at once.
well u could use a firewall to block access to those ports.....search for posts on personal firewalls here on AO...and also u can run msconfig to remove unwanted softwares at startup....remove anything unwanted from ur startup folder......
and use this tool called winstartup to see and remove unwanted software that starts from regsitry
http://www.rjlsoftware.com/software/.../default.shtml
hope would help u and others too
hmm U mean you haven't done a full scann with NAV?
Besides.. this also means that NAV was turned off while your friend installend the Trojan
It also means NAV was off whe YOU restarted the machine..
Or You or your friend changed the setting in NAV to prevent the Activescan
Run the removal tools in safemode.. also there are tuts on the removal of Sub7..try one of these links:
http://www.hackguard.net/sub7adv3.htm
http://www.geocities.com/Pentagon/Qu...new/sub7guide/
http://www.google.com/search?sourcei...emoval+of+sub7
I do recommend the third link..
Cheers
I think that NullDevice and Und3ertak3r have given you good advice. Your problem is slightly different from the usual trojan scenario in that it was installed by someone with PHYSICAL ACCESS to your machine.
As Und3ertak3r suggests, they would probably have had to turn things off to do this.
I think that it would be wise to check ALL your AV and firewall settings to make sure that they are both properly activated. If you don't, you may be leaving yourself vulnerable to an external attack.............there is nothing like dealing with a known problem for lulling people into a false sense of security?
Cheers
EDIT: Just had a thought.............if this guy has had access to your box with full rights, who knows what else might be there...........maybe you only found what he wanted you to?.................depends how good/bad he is :(
Check out this Tutorial I wrote. If the AV software still cant find the trojan, and there is one running, the tutorial should show you how to find it.
Grinler
sorry i couldn't respond to these posts(out of town) but i already tried everything and my computer is secure, thanks for all your help!
glad the problem is sorted but for anyone else in the same kind of situation I thought I would expand upon what nihil said
Alot of people will plant a server somewhere easy like your start-up folder with it set on the default port to lul you into a falso sense of security basically what they are counting on is you finding that one server and thinking thats it and removing it while they have several others planted in more obscure places on your pc.......there are a hundred and one ways of getting a prog to run and start-up so it is always a good idea even if you think you have found the cause of infection to do a full AV scan - also make sure you change all passwords etc as they may have already been captured.Quote:
there is nothing like dealing with a known problem for lulling people into a false sense of security?
Before doing the scan check your AVP settings to make sure they have not been altered - it is very simple to set an AVP to ignore certain files or folders or to not run background checks - these should be done on a regular basis - You may d/l something which tests clean which could contain a very recent virus not yet detected by your program - but hopefully when you update it would be able to pick up on it.....but if your AVP is not set to do routine background scans of all files then you may never know.......schedule them for certain times when your computer will be on but you want be using it.
basically common sense stuff
Anyways am out
v_Ln
thanks, hope the helps out people in similar situations... now lets think... why did he want access to my PC... hmmm... lol nvm