MAJOR problem

[\dev\hdc]

well, i have downloaded a game called mario.exe which is a trojan
making that mistake two major problems appeared

1) my sisters pc got trojaned

2) an old dumped terminal owned by HellenicAirForce got trojaned too (theres a firewall running, but this doesnt mean that i dont have to clean thing up)

i did a Norton Anti-Virus scan but it didnt find anything suspicious, i cant install a firewall in my sisters pc cause shes yelling at me that "she doesnt want this crap that use her valuable RAM" (shes a grafist) heh, what do we need sisters anyway?)

i have erased mario.exe ofcourse but when i am doing a netstat ports 137, 138 (netbios ports) and 1030 are wide open
i tried some sub7 cleaners but are outdated or ...dead

thanks!

[cross]

Hey, few questions:

What OS are you running?
Do you still have the mario.exe file or know where you got it from? It can be scanned to find out what it is, then from that you can find out what it does, and how to undo it. Tell your sis to BUY MORE RAM, geez, firewalls dont eat up THAT much resources....

[sumdumguy]

first off.. welcome to AO

are you sure you have the latest definition files for norton ?
(it's an old worm)

mcafee say this is W32/Foxma.worm (a floppy worm)
http://vil.nai.com/vil/content/v_99614.htm

and norton's says it's also called: WORM_FOXMA.A, Win32.HLLW.Foxma, W32/HLLW.Foxmango, PE_HLLW.FOXM.A, Win32.Foxmagno, W32/Foxmagno
http://securityresponse.symantec.com...w32.foxma.html

[prodikal]

download the cleaner from www.moosoft.com its good for a 30 day trial its worth the money when the trial is up to this will scan and remove all traces of trojans from you're system
EDIT:After reading sumdumguys post it does look's like a worm i didnt do much reading in to this downloading and running the cleaner wouldnt be a bad idea any way

[sumdumguy]

heh.. prodikool (hehe ) ... "suedubguys" shoulda mentioned (like you did) to try out and continue to use(and keep updated) a worm scanning tool like "the cleaner" ..

[prodikal]

heh.. prodikool (hehe ) ... "suedubguys" shoulda mentioned (like you did) to try out and continue to use(and keep updated) a worm scanning tool like "the cleaner" ..

he he he lmao i didnt even notice my dodgy spelling :P and he has unasigned ports open (1030)which is assigned to the service BBN IAD which i dont have a clue what that is so running the cleaner wouldnt be a bad idea any way thats why i suggested it

[\dev\hdc]

thanks for the info, i ll try the cleaner

i do have the latest virus definitions btw

something else, someone told me that it can be solved from dos, boot from dos and scan the drive for trojans from dos. i ll need a rescue disk though, does anyone know how to do the scan via dos?
thanks

[sumdumguy]

lol@prodikal..

\dev\hdc .. why dont you try the manual removal methods that I gave you in those two links.
well.. try the cleaner first.. but always go back and check the registry keys for it after.

I'm surprised that norton didn't pick it up.. what version engine are you running?
as for av scanning in dos.. I like to use f-prot
http://www.f-prot.com/products/fpdos.html

[instronics]

Hi there....

i have erased mario.exe ofcourse but when i am doing a netstat ports 137, 138 (netbios ports) and 1030 are wide open
i tried some sub7 cleaners but are outdated or ...dead

uhm.......those are not trojan ports

or am i missing something here.

By the provided information i presume your on windows.

Maybe try getting a programm called adaware, and scan your computer with that tool. (as prodikal has mentioned from moosoft).

[xmaddness]

And goto www.agnitum.com and get their outpost firewall to close those netbios ports.