Results 1 to 6 of 6

Thread: "You'd Think A Computer Filled With Trojans Would Be Safe!"

  1. "You'd Think A Computer Filled With Trojans Would Be Safe!"

    I post once again in behalf of a friend's computer and its problems...
    I tried all the stuff that works for me already, and nothing's worked. AVG replaced Norton (which never found any of these, oddly enough), but MSConfig still won't start and the viruses still exist.
    Here's AVG's log:
    Results of Complete Test, date and time 4/14/2004 22:12:45 :

    Testing C serial 1C75-180A
    C_RESTORE\TEMP\A0685066.CPY Trojan horse Downloader.Small.4.BQ
    C_RESTORE\TEMP\A0656115.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0656152.CPY Trojan horse Downloader.Small.4.BQ
    C_RESTORE\TEMP\A0685399.CPY Trojan horse Downloader.Small.4.BQ
    C_RESTORE\TEMP\A0685400.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685401.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685402.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685403.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685404.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685405.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685406.CPY Trojan horse BackDoor.VB.11.AM
    C_RESTORE\TEMP\A0685407.CPY Trojan horse BackDoor.VB.11.AM
    C_RESTORE\TEMP\A0685408.CPY Trojan horse BackDoor.VB.11.AM
    C_RESTORE\TEMP\A0685409.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685410.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685411.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685412.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685413.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685414.CPY Trojan horse BackDoor.VB.11.BC
    C_RESTORE\TEMP\A0685415.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685416.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685417.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685418.CPY Trojan horse Downloader.Keenval.B
    C_RESTORE\TEMP\A0685419.CPY Trojan horse Downloader.Keenval.C
    C_RESTORE\TEMP\A0685420.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685421.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685422.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685423.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685424.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685425.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685426.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685427.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685428.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685429.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685430.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685431.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685432.CPY Trojan horse Downloader.VB.EC
    C_RESTORE\TEMP\A0685433.CPY Trojan horse Dropper.Small.4.AG
    CRECYCLED\NPROTECT\NPROTECT.LOG Cannot open; not checked!

    Test finished, duration 00:13:37.5 s
    18616 objects tested, 38 found infected

    ...but, even when the computer's opened in Safe Mode, those files can't be deleted. I have a feeling that those aren't the true location of the virii. Actually... just found a bunch of garbage "3sbn6by8.exe"-type files in her Windows directory... I'll try again...
    BUT... is there a better way to detect this shit than to wait 15 minutes for MSConfig to start?
    ...has anyone heard much of these programs?

  2. Try F-secure:

    All you need to do to download the trial is the standard bs of name,email, country.

    You probably have a virus that protects itself from Norton and other mainstream antivirus software. So this one may help.

  3. BTW - turn off the system restore, Lhadhatt told me this.

    Right click the 'My Computer' icon, go to properties, system restore tab - turn off.

    System restore recopies viruses.
    Commentaries and Opinions on Metal

  4. Whenever I find a file I can't delete I rename it to deleteme.exe, .dll, or whatever. The theory I use is that if the program using it can't find it on reboot it hopefully won't run it and I can delete it on the next go-round. It's worked every time so far, but I haven't really had to do it too often so your I may just be lucky.


  5. Quote Originally Posted by station82o
    BTW - turn off the system restore, Lhadhatt told me this.

    Right click the 'My Computer' icon, go to properties, system restore tab - turn off.

    System restore recopies viruses.
    Just did. Should it stay off?
    She's running Windows ME, if that influences anything.
    Where are the startup things located in the registry? (The Startup tab in MSConfig) I checked where I thought they were, but only noticed some of the files that were on that list. I'm SUSPECTING that the reason MSConfig takes bloody forever to start is that there's tons of friggin' items in the startup tab, so I want to get rid of the virus ones. BUT... it takes forever and 33 days to start...

  6. system restore is best kept off - especially during times of Viruses.
    Commentaries and Opinions on Metal


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  • logo