Trojan Help

Discussion in 'Dell' started by Mike, Jun 25, 2005.

  1. Mike

    Mike Guest

    Greetings! Last weekend I visited a web site that installed a Trojan
    on my system. I am not really sure how seeing how I run Norton's AV
    and Firewall but after visiting that site I started getting notices
    from Start Up Monitor that certain .DLL's were trying to register
    themselves during startup. I then ran Spy Bot Search and Destroy,
    Ad-aware, and Webroot's Spy Sweeper finding several ad-ware types that
    Norton's (updated) has missed and a Trojan that I then deleted. I
    also found that some files were trying to access the Internet without
    permission. It seems my Norton's Firewall and AV have been
    compromised. I have since stopped using IE and have only been using
    Firefox for browsing but I am still getting alerts that my computer is
    trying to access the Internet without my permission. I assume I have
    a Trojan again. Question is how do I get rid of it? I can delete
    traces of it by finding files that it creates but how do I find the
    actual file that is causing my problems? I have run Hijackthis and
    found a few items that I delete, but after a reboot most show up
    again. I have run Norton's many times in Safe Mode. Any ideas?
    Thanks.

    I am running WinXP SP2 on a Dimension 8400. I have Norton's Internet
    Security, Zone Alarm, and Spy Sweeper running on startup. I also
    downloaded Port Explorer which allows me to see when my computer tries
    to dial home. Any information would be appreciated!

    Mike
     
    Mike, Jun 25, 2005
    #1
    1. Advertisements

  2. I'd also try McAfee, AVG, and/or other antivirus programs, and I've
    found Microsoft's AntiSpyware can find (and protect against) problems
    that other products can't.

    There are no easy answers, nor is any one product perfect...
     
    William P. N. Smith, Jun 25, 2005
    #2
    1. Advertisements

  3. Mike

    Colin Wilson Guest

    Greetings! Last weekend I visited a web site that installed a Trojan
    I`ve got some hints and tips, as well as links to free anti-spyware apps
    on my site - http://www.coreutilities.co.uk

    By the sounds of it, you have something running in your startup, and I
    would suggest two things initially:

    Sysclean from Trend - which should pretty much nail most things

    HijackThis - you need to use this with a little more care, as removing
    the wrong things can prevent your system from booting. It will allow you
    to see / remove anything that runs on startup by any method (incl. via
    registry entry)

    To help you parse the logfile, visit http://www.hijackthis.de - its not
    100% accurate at times, but it does a good job at filtering out the
    majority of legitimate entries you can bypass safely.

    Nortons is a load of shit (allegedly, but at least in my experience), and
    misses a lot of viruses. It used to be good up until about 1999-2000 but
    seems to have gone downhill rapidly since.
     
    Colin Wilson, Jun 25, 2005
    #3
  4. Mike

    Mistoffolees Guest

    Take a very hard look at the entire contents of the computer,
    especially any helper files that might have been downloaded
    and installed, especially from ISP's to facilitate access to
    the Internet. Worst case example of this is, IMHO, AOL, but
    many other ISP's are degrading to a similar state. Minimize
    access to a minimal state, such as original versions of web
    browsers, set up connections via the Control Panel and not
    through the assistance of ISP-provided cdroms, etc. Most of
    the time, what's left after running several anti-virus scans,
    anti-trojan scans, adware/malware/spyware shredding, etc.,
    are these "bots", helper or not, trying to re-establish their
    contact.
     
    Mistoffolees, Jun 25, 2005
    #4
  5. Mike

    Quaoar Guest

    Mike wrote:

    [snippage]

    You have learned the hard way. Buy a NAT router with integrated
    firewall, even if yours is the only computer on the network. This will
    take care of almost all subversive attacks.

    *After* you do this, reinstall the OS.

    Q
     
    Quaoar, Jun 26, 2005
    #5
  6. Mike

    Colin Wilson Guest

    You have learned the hard way. Buy a NAT router with integrated
    I disagree. A firewall will block incoming port attacks, but will do
    nothing to prevent malware included as part of a software package, or a
    hack introduced by use of internet exploder.

    If you reinstall the OS, you`ll likely have an even more unsecured system
    until you manage to download all the patches again.
     
    Colin Wilson, Jun 26, 2005
    #6
  7. Mike

    Kevin Guest

    Disable System Restore, run all your malware software, updating them as
    required, and when the system is finally clean, enable System Restore. When
    you disable SR you will lose all the restore points and everything in them.
    These pieces of uninvited software can, and often do, hide a copy of
    themselves in System Restore. You can run scanners until you are blue in
    the face, but if you don't eliminate the potential hiding place of System
    Restore, it won't do you any good.
     
    Kevin, Jun 26, 2005
    #7
  8. Mike

    S.Lewis Guest



    Good advice. And for funsies, do all of that in safe mode.

    Most trojans I come across are no more than annoyance to remove and system
    restore should always be included.

    Sadly, all the (good) advice of programs and methods of locking any given
    system down will only work to the degree the end user allows it. If someone
    in a household is 'click happy', indiscrete with downloads and/or file
    transfers they will likely have a dirty system again in a matter of weeks.

    The real-time protection that (Giant) MS anti-spyware provides is some small
    help in at least warning the user of normally invisible 'invasions'.


    Stew
     
    S.Lewis, Jun 26, 2005
    #8
  9. Mike

    guess Guest

    The only trouble I have with Trojans, is trying to find one big enough!!

    ;\)
     
    guess, Jun 26, 2005
    #9
  10. guess,
    Well Trojan makes some rather large yachts but that's a different
    group. :)
    Paul
     
    Paul Schilter, Jun 27, 2005
    #10
  11. Mike

    Jeff B Guest

    I just had a bad run in with a trojan on a system running WindowsXP SP1 and
    Norton Internet Security 2005. It seemed to be so inundated
    that I decided to format and reload WindowsXP from scratch. I booted to the
    Windows CD, removed the partitions and did a Quick Format. Once loaded I
    started to redownload/install the Windows Updates. By the time I finished
    with the updates (except SP2) it was again inundated. Then I took another
    approach which seems to have worked. First I pulled the DSL cable out. Then
    ran Windows98 FDISK to remove partitions. The I booted to the Windows CD and
    did a FULL Format of the drive. I loaded WindowsXP and needed drivers. I
    then Loaded Norton Internet Security and had it running but not updated.
    Then and only then did I plug in the DSL. The first thing I did was update
    Norton-which took several reboots. I then ran a Full system Scan with
    Norton. Then and only then did I install the Windows updates. Once all the
    updates were in (except SP2) I installed and Ran AdAware, Spybot, Spyware
    blaster and HiJack this. Then I installed SP2 from a CD and its needed
    updates.

    The system seems clean and Ok with no trojans, viruses or popups.
     
    Jeff B, Jun 27, 2005
    #11
  12. This is another argument for a hardware firewall (NAT router), even if
    have only one computer. IIRC, the average lifespan of an unprotected
    computer hanging out on the Internet is about 20 minutes...

    While there may be some value for power users (and those who can parse
    the queries) in a software firewall that'll warn you about outgoing
    connections, a hardware firewall is a minimum requirement, IMHO.
     
    William P. N. Smith, Jun 27, 2005
    #12
  13. Mike

    Ben Myers Guest

    So, to have a complete analogy, a hardware firewall is a kind of a Trojan that
    one uses to cut down the risk of disease and infections from unprotected
    internet access. But a Trojan to protect against Trojans? I never heard of
    such a thing.

    Seriously, yes, a hardware router with network address translation (NAT) is a
    good thing... Ben Myers
     
    Ben Myers, Jun 27, 2005
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.