Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > trojan horse?

Reply
Thread Tools

trojan horse?

 
 
Ben Yarnold
Guest
Posts: n/a
 
      04-03-2005
i have done a virus scan as normal and found out that i have a trojan horse
backdoor small.28.ao. it has been 'healed' by my av AVG but don't know how
it got there. i have been using kerio firewall is this prog alrite? is there
a better freeware program around? it has almost expired can i get a crack
for it? i am using latest spybot ad aware AVG and kerio. but these things
are expiring!!! ne suggestions on another program or maintaining my current
setup welcome.


 
Reply With Quote
 
 
 
 
Savage111owner
Guest
Posts: n/a
 
      04-03-2005

"Ben Yarnold" <(E-Mail Removed)> wrote in message
news:RhI3e.21966$(E-Mail Removed)...
> a better freeware program around? it has almost expired can i get a crack
> for it? i am using latest spybot ad aware AVG and kerio. but these things
> are expiring!!! ne suggestions on another program or maintaining my

current
> setup welcome.
>

All the products you mentioned above are free, with free updates. How can
any of them be expiring? BTW, Sygate Personal Firewall works well for me,
and it's free too!
Savage


 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      04-03-2005
From: "Ben Yarnold" <(E-Mail Removed)>

| i have done a virus scan as normal and found out that i have a trojan horse
| backdoor small.28.ao. it has been 'healed' by my av AVG but don't know how
| it got there. i have been using kerio firewall is this prog alrite? is there
| a better freeware program around? it has almost expired can i get a crack
| for it? i am using latest spybot ad aware AVG and kerio. but these things
| are expiring!!! ne suggestions on another program or maintaining my current
| setup welcome.
|

We are assuming it is an infector at the root of the problem...

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in "Procedure 1"
at the following URL, SYSCLEAN_FE automates the download and
execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm

Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close

Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }

When you get to the Sysclean Front End menu, hit 'e' or '3' to exit.

2) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
3) Update Adaware with the latest definitions then exit the software.
4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
platform and clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean and Ad-aware SE
If you are using WinME or WinXP, re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Michael Pelletier
Guest
Posts: n/a
 
      04-03-2005
Ben Yarnold wrote:

> i have done a virus scan as normal and found out that i have a trojan
> horse backdoor small.28.ao. it has been 'healed' by my av AVG but don't
> know how it got there. i have been using kerio firewall is this prog
> alrite? is there a better freeware program around? it has almost expired
> can i get a crack for it? i am using latest spybot ad aware AVG and kerio.
> but these things are expiring!!! ne suggestions on another program or
> maintaining my current setup welcome.


The best security you can get is proper system administration. Do you
download crap from the Internet? Does your account have administrator
privileges? See where I am going here?

Michael

--

"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald
 
Reply With Quote
 
Ben Yarnold
Guest
Posts: n/a
 
      04-05-2005
i have done a scan with the sysclean in normal windows bcoz i couldn't
restart in safemode. im running xp sp2 i was pressing f8 while starting
didn't work... the scan found nothing on the system..??? i already have ad
aware and do regular scans. i don't dl crap of the net i don't know how i
got it. when i did my first scan with AVG antivirus said that the file
hijackthis.exe was infected. that file was from a trusted source for fixing
malware and the like. mayb a false negative? why do i have 2 turn sytem
restore off? it said that the restore points would b deleted so i opted not
2. the scan with sysclean said that access was denied to alot of files with
diffent extensions. since then i have created a admin user then changed my
user 2 limited. and was planning 2 use the admin user 4 office type stuff
and my limited 4 everything else. was this the rite thing 2 do? thanx for
help but still need it....plz!!
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:s5J3e.1459$1r6.1121@trnddc02...
> From: "Ben Yarnold" <(E-Mail Removed)>
>
> | i have done a virus scan as normal and found out that i have a trojan
> horse
> | backdoor small.28.ao. it has been 'healed' by my av AVG but don't know
> how
> | it got there. i have been using kerio firewall is this prog alrite? is
> there
> | a better freeware program around? it has almost expired can i get a
> crack
> | for it? i am using latest spybot ad aware AVG and kerio. but these
> things
> | are expiring!!! ne suggestions on another program or maintaining my
> current
> | setup welcome.
> |
>
> We are assuming it is an infector at the root of the problem...
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
>
> start --> settings --> control panel --> internet options --> delete files
>
> 1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in
> "Procedure 1"
> at the following URL, SYSCLEAN_FE automates the download and
> execution process of the Trend Sysclean Package.
> http://www.ik-cs.com/got-a-virus.htm
>
> Direct URL:
> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>
> Execute; SYSCLEAN_FE.EXE
> Choose; Unzip
> Choose; Close
>
> Execute; c:\sysclean\SYSCLEAN_FE.BAT
> { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
>
> When you get to the Sysclean Front End menu, hit 'e' or '3' to
> exit.
>
> 2) Download and install Ad-aware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
> 3) Update Adaware with the latest definitions then exit the software.
> 4) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
> 5) Reboot your PC into Safe Mode and shutdown as many applications as
> possible
> 6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full
> Scan of your
> platform and clean/delete any infectors found
> 7) Restart your PC and perform a "final" Full Scan of your platform
> using both Trend
> Sysclean and Ad-aware SE
> If you are using WinME or WinXP, re-enable System Restore and
> re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~
> 600MB),
> 9) Reboot your PC.
> 10) If you are using WinME or WinXP, create a new Restore point
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>



 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      04-05-2005
From: "Ben Yarnold" <(E-Mail Removed)>

| i have done a scan with the sysclean in normal windows bcoz i couldn't
| restart in safemode. im running xp sp2 i was pressing f8 while starting
| didn't work... the scan found nothing on the system..??? i already have ad
| aware and do regular scans. i don't dl crap of the net i don't know how i
| got it. when i did my first scan with AVG antivirus said that the file
| hijackthis.exe was infected. that file was from a trusted source for fixing
| malware and the like. mayb a false negative? why do i have 2 turn sytem
| restore off? it said that the restore points would b deleted so i opted not
| 2. the scan with sysclean said that access was denied to alot of files with
| diffent extensions. since then i have created a admin user then changed my
| user 2 limited. and was planning 2 use the admin user 4 office type stuff
| and my limited 4 everything else. was this the rite thing 2 do? thanx for
| help but still need it....plz!!


That was painful to read ! bcoz u rite funny

Anyway assuming the version of Ad-aware you use is Ad-aware SE v1.05 and is up to date you
can also try SpyBot Search and Destroy and the following....

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/
http://housecall.antivirus.com

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/actives..._principal.htm

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

Kaspersky
http://www.kaspersky.com/service?cha...39400#betatest

Symantec
http://securityresponse.symantec.com/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
lee
Guest
Posts: n/a
 
      04-05-2005
Ben Yarnold wrote:
> i have done a scan with the sysclean in normal windows bcoz i couldn't
> restart in safemode. im running xp sp2 i was pressing f8 while starting
> didn't work...

Were you "tapping" the F8 key, or "pressing" it. Tapping will take you
into safe mode. Pressing will not.
 
Reply With Quote
 
Pete
Guest
Posts: n/a
 
      04-05-2005
On 2005-04-03, Ben Yarnold <(E-Mail Removed)> typed:
> i have done a virus scan as normal and found out that i have a trojan horse
> backdoor small.28.ao. it has been 'healed' by my av AVG but don't know how
> it got there. i have been using kerio firewall is this prog alrite? is there
> a better freeware program around? it has almost expired can i get a crack
> for it? i am using latest spybot ad aware AVG and kerio. but these things
> are expiring!!! ne suggestions on another program or maintaining my current
> setup welcome.
>


What version of 'kerio firewall' are you using ? I've used Kerio Personal
Firewall 2.1.5 for a few years now, and as far as I can tell, it's done what
is says 'on the tin'. From what I can infer from your post, the firewall had
nothing to do with your infestation. It cannot stop you downloading poo from
the Internet, that is a different matter altogether. Any firewall is useless
if you just click 'Yes' or 'Permit' to anything it alerts you to, without
reading the information it shows you. A good rule of thumb is to deny
anything that you're unsure of, and only allow programs when they're
obviously not working because they're being prevented from connecting out.
Internet Explorer springs to mind here. Hmm, hang on ...

By the way, if 'cracked' software is your bag, then you'll more than likely
end up with a whole load more poo on your system than you have already.


Pete.

--
Fortune says :

If you don't say anything, you won't be called on to repeat it.
-- Calvin Coolidge
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: "Win32:Trojan-gen. {VC}""Win32.trojan-gen.{UPX!}" jamesa01 Computer Support 2 02-27-2006 02:54 PM
"Win32:Trojan-gen. {VC}" "Win32:Trojan-gen. {UPX!}" D@Z Computer Support 5 01-30-2006 07:52 PM
New trojan spam tells you where to download trojan as "MS beta antispy" Joel Rubin Computer Support 2 03-07-2005 02:26 AM
Mozilla is a trojan Yankee Rebel Firefox 46 01-05-2005 10:23 PM
Unknown Trojan causing wireless connection to fail Headtheball Wireless Networking 1 10-03-2004 03:02 PM



Advertisments