Page 1 of 1
How would I trackdown when and where I picked up a trojan?
Posted: Wed Sep 14, 2005 6:15 am
by Fat Bones
Two trojans were found in my documents as soon as I booted up this morning.
I visited the big three credit reporting agencies yesterday before I logged off.
Damn, I knew they were pissed, but I didn't they'd attack my PC...
My nephew finished downloading World of Warcraft between then and now, but like I said, the problems are reported in my docs.
Is there a way to figure out exactly how I got these and where?
Posted: Wed Sep 14, 2005 1:34 pm
by Fat Bones
Nevermind, the kid opened it from AIM.
Lovely, it keeps changing the page to some short script...time to make some coffee and go bug huntin'.
Posted: Wed Sep 14, 2005 3:33 pm
by PSUFAN
Suggestion - have your kid use an IM program that funnels accounts into one program, like Miranda, Trillian, or the new Google IM thing. It might help you avoid some scripts that are written specifically for a particular program.
Posted: Wed Sep 14, 2005 6:16 pm
by Fat Bones
Thanks for that psufan.
I wonder if this part of the problem, because the more I messed with the computer, the worse it got.
I lost my connectivity...that sucked. I won't
...err, can't complete a restore.
c://me:heavy/freakin/sigh_thissux.
W97M.Sting
Re: How would I trackdown when and where I picked up a troja
Posted: Wed Sep 14, 2005 6:27 pm
by frodo_biguns
Fat Bones wrote:Two trojans were found in my documents as soon as I booted up this morning.
I visited the big three credit reporting agencies yesterday before I logged off.
Damn, I knew they were pissed, but I didn't they'd attack my PC...
My nephew finished downloading World of Warcraft between then and now, but like I said, the problems are reported in my docs.
Is there a way to figure out exactly how I got these and where?
Did you keep the file name of the infected files? You can also look for information on some Anti-virus programs like AVG(http:///www.grissoft.com.) Once you track the location of the infected file it's just back tracking from there. If it's something from an email or program install. What OS are you running?
Posted: Wed Sep 14, 2005 6:45 pm
by Fat Bones
XP Home.
No, he's sure he opened the file he recieved in AIM, and it started then.
This one is identified with these associations:
ATTRIB C:\WINDOWS\COMMAND\ÿ.ÿ -H -R
DEL C:\WINDOWS\COMMAND\ÿ.ÿ
ATTRIB C:\WINDOWS\COMMAND\System1.dt_ -H -R
DEL C:\WINDOWS\COMMAND\System1.dt_
ATTRIB C:\WINDOWS\COMMAND\ÿ.bat -H -R
DEL C:\WINDOWS\COMMAND\ÿ.bat
ATTRIB C:\WINDOWS\COMMAND\ÿÿ.ÿÿ -H -R
DEL C:\WINDOWS\COMMAND\ÿÿ.ÿÿ
DEL C:\WINDOWS\COMMAND\System2.dt_
DEL C:\WINDOWS\COMMAND\zz.bat
DEL C:\WINDOWS\COMMAND\az.bat
DEL C:\WINDOWS\COMMAND\xz.bat
Posted: Thu Sep 22, 2005 4:39 pm
by Fat Bones
Alright, just wanted to pass racks out to authors of these virii'.
They are a complete bitch to remove. They have corrupted spybot and AVG, and I have been fucking with this problem for days. I've lost and regained connectivity, had page file faults to the point of complete system halt, and currently my CPU is constantly running above 68% regardless of my actions or inactions.
Bravo.
Now that I've properly shown my respect, I'd like to put a slug in the author's skull.
Posted: Mon Sep 26, 2005 11:10 pm
by DiT
open your spyware/antivirus programs,open your Task Manager,kill the explorer.exe process.
your desktop will disappear,use Alt-Tab to pull your programs to your screen and run them.
most of the time good trojans will atatch themselves to the explorer.exe thus denying access to remove them because explorer.exe is running.
when your done,pull the task manager back up and hit File>New Task (Run),type explorer.exe and ok and your desktop will come back.
if that doesn't work try repeating the same steps in safe mode.
Posted: Wed Sep 28, 2005 12:55 pm
by Fat Bones
Thanks Dave, I've incorporated disabling explorer in this ongoing endeavor.
So far, I've removed:
IRCFlood.cd.dr
IRCFlood.cv
palsp.exe
cult.exe
via McAfee
msdirectx.exe
via AVG
W32/IRCbot.worm
xz.bat
cx.bat
xy.bat
via Norton AV
racle.exe - deleted
with more to follow, fo' sho.
Posted: Thu Sep 29, 2005 4:34 am
by ElTaco
Also, create a regular user for your son. That should in general stop him from being able to install stuff. you could even give him guest access if he keeps fucking up your PC. Then just set up the programs he can use and viola, you are set to go.
Posted: Thu Nov 03, 2005 2:08 am
by Red
ElTaco wrote:Also, create a regular user for your son. That should in general stop him from being able to install stuff. you could even give him guest access if he keeps fucking up your PC. Then just set up the programs he can use and viola, you are set to go.
What he said.
Create one for yourself, too. 99% of the time you don't need administrative priveleges, and when you do, it just takes a second to switch over to the proper account.
Posted: Wed Dec 07, 2005 12:55 am
by peter dragon
god bless trillian i love it.
Posted: Wed Dec 07, 2005 1:09 am
by Mister Bushice
And stop using microsoft products as much as possible, whereever possible.
I suggest Firefox 1. 5 for the browser. Ever since I started using it with zonealarm pro and avast antivirus, I seriously have no more problems with spyware or invading bugs.
Posted: Wed Dec 07, 2005 4:16 pm
by Sky
I downloaded zone alarms free version but have not yet installed it. What do you guys think about their products and are there any complications with setting it up? Sry about changing topics.
Posted: Wed Dec 07, 2005 7:25 pm
by Mister Bushice
I've never had problems with it. It installs easily, and once you get used to it and adjust the settings so they suit your own usage, it is really invisible.
Posted: Wed Dec 07, 2005 7:34 pm
by Sky
Sweet, thanks.
Posted: Thu Dec 08, 2005 6:40 pm
by SG's Son
Did you try restoring from a previous day? ... .... ....
Hope this helps.
Posted: Sat Dec 10, 2005 9:37 am
by Joe in PB