Author Topic: Big Problem (Read 11903 times)

DoomLord9 · « **on:** March 05, 2004, 04:33:40 AM »

i ran avast, and it found win32:trojan-gen in my kernal32.exe file, and all attempts to repair have been a no-go(just got the virus-scanner, hadn't had a chance to make the VRDB yet), and no way in hell am i deleting or moving that file(did that with my last comp, can you say "reformat time"?). how can i get it to go away when it's on that kind of file?

whocares · « **Reply #1 on:** March 05, 2004, 08:08:05 AM »

Hi,

please post the full path and exact name of the infected file
What Win do you have ?
also use Onlinescanners from Trend, RAV and KAV on the file to get a more specific name.

Use the Boardsearch with:
win32:trojan-gen
for further details: lots of topics on that one

RejZoR · « **Reply #2 on:** March 05, 2004, 05:13:15 PM »

kernal32.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

avast! cannot repair it because this file is not part of the system,in fact its a trojan.

DoomLord9 · « **Reply #3 on:** March 05, 2004, 06:55:58 PM »

Quote from: RejZoR on March 05, 2004, 05:13:15 PM

kernal32.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

avast! cannot repair it because this file is not part of the system,in fact its a trojan.

i talked to the IT specialist at work and came to the same conclusion myself, so i attempted to just delete it which wouldn't be possible if it was what i thought it was, and it's gone now so thanks. that was particularly annoying though, i hate it when virus writers are smart like that

RejZoR · « **Reply #4 on:** March 05, 2004, 07:17:57 PM »

You'll need to start thinking like they

DoomLord9 · « **Reply #5 on:** March 05, 2004, 07:25:57 PM »

i have actually wondered why they haven't been doing that for while now. it just seems to basic to name it a file that people don't want to touch(especially those that know at least somewhat of what they're doing). oh well, it's one of the few that i've gotten, so i guess i'll start watching for em now

RejZoR · « **Reply #6 on:** March 05, 2004, 07:43:40 PM »

The most commonly trick is to use system like names,so users wont touch the files or even get suspicious about them.

Just name the stuff into something like this and it will practically mask itself between system files:

-iexplorer.exe (originally its iexplore.exe)
-kernall.exe (kernell.exe)
-dlIhost.exe (dllhost.exe -> do you see the second upper letter "i" (I) instead of "L" ?) (with some other fonts it looks like letter "L")

Or simply files with exactly the same filename,but just on wrong location.

Example:
explorer.exe which is located inside System32 folder. This application has nothing to do with this system folder and its there as virus/trojan. Real explorer.exe is located in root of Windows folder.

phil2 · « **Reply #7 on:** March 06, 2004, 04:32:51 AM »

Have similar problem
have Win32:DyfucDldr-D [trj]
I have put this in Chest..is this correct thing do as it won't let me delete it!
Have read thru forum but with my limited computer knowledge I don't understand most of the advice!!!

Appreciate help guys...in simple( DUH!) type words.
Phil

CoJo · « **Reply #8 on:** March 07, 2004, 02:25:41 PM »

Quote from: philsharp on March 06, 2004, 04:32:51 AM

Have similar problem
have Win32:DyfucDldr-D [trj]
I have put this in Chest..is this correct thing do as it won't let me delete it!
Have read thru forum but with my limited computer knowledge I don't understand most of the advice!!!
Appreciate help guys...in simple( DUH!) type words.
Phil

Phil...don't worry about asking for "simple" words/directions! I also needed that and many, many people on this forum came to my aid...and got right down to "kndergarten" level if I needed it.
we all start somewhere...

good luck!

cojo

phil2 · « **Reply #9 on:** March 08, 2004, 03:03:42 AM »

Cojo...thanks for your support.
I need it!!!

CoJo · « **Reply #10 on:** March 08, 2004, 01:38:39 PM »

Quote from: philsharp on March 08, 2004, 03:03:42 AM

Cojo...thanks for your support.
I need it!!!

Phil, I hope I didn't sound like a smart***...I really just wanted you to know that folks here are very knowledgeable and enjoy helping others. You won't find a better suport forum--Avast! is the best product and has the smartest users

and I speak from experience!

welcome and ask any question you need answered...except how to understand women and the meaning of life

cojo

phil2 · « **Reply #11 on:** March 09, 2004, 12:28:50 AM »

Lady White Dove (aka CoJo)......I definitely did NOT think you were being a smart***

I really appreciate you being there for me.
Cheers! phil

Author Topic: Big Problem (Read 11903 times)

DoomLord9

Big Problem

whocares

Re:Big Problem

RejZoR

Re:Big Problem

DoomLord9

Re:Big Problem

RejZoR

Re:Big Problem

DoomLord9

Re:Big Problem

RejZoR

Re:Big Problem

phil2

Re:Big Problem

CoJo

Re:Big Problem

phil2

Re:Big Problem

CoJo

Re:Big Problem

phil2

Re:Big Problem