Author Topic: caught a trojan  (Read 7995 times)

0 Members and 1 Guest are viewing this topic.

JL

  • Guest
caught a trojan
« on: May 27, 2004, 09:02:51 PM »
I have the free version. it found a trojan. I can't get rid of it with avast, can anyone give me a good link or suggestion? I've been out of this stuff awhile no clue what is good or isn't anymore. Any help is greatly appreciated, thank you. It isn't listed anywhere I have found so far.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:caught a trojan
« Reply #1 on: May 27, 2004, 09:49:59 PM »
Do you know the name of the trojan?
Do you know the name of the infected file (if any)?
Which operational system are you using?

We need a little bit more information about your system...
Wellcome to forums.
The best things in life are free.

JL

  • Guest
Re:caught a trojan
« Reply #2 on: May 31, 2004, 03:02:25 AM »
lol......Sorry I was frustrated at the trojan when I wrote the first post.
 I found the answer in your forums this weekend, knew I would if I spent the time, thx for the welcome. And just so ya know it was that Trogan-gen {VC} . it did infect some win32 common task files and a few others i don't remeber off hand . I tried what I read and it seems to have worked. Anything special about this trojan?
 my specs:
AMD 64 FX-51
ASUS SK8V mobo
2- 512mb DDR pc3200
2- Seagate 80gig 8mb cache
Geforce fx5950 256mb
 XP pro
« Last Edit: May 31, 2004, 03:06:44 AM by JL »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:caught a trojan
« Reply #3 on: May 31, 2004, 03:20:23 AM »
JL, I asked for technical support in your thread. As you are online now, why don't you search the board about Trogan-gen {VC}

Did you already run the avast Virus Cleaner? (http://www.avast.com/i_idt_171.html)

Did you make a througout scan? Or a scanning at boot time?
The best things in life are free.

JL

  • Guest
Re:caught a trojan
« Reply #4 on: May 31, 2004, 08:43:40 PM »
Did all of the above... still no probs so far. the deep scan did find the old files that I had moved and renamed at first.... they were part of a java program.... I completely removed it and reinstalled... removed everything I could find connected to that program also....lol
Scared the crap outta me.. thought my new system was gonna get fried....lol
Thx for the help man.
btw, could you suggest a descent firewall that won't muck up my resources?
I tried zone alarms trial.... didn't really like the program.

whocares

  • Guest
Re:caught a trojan
« Reply #5 on: May 31, 2004, 09:04:17 PM »
Hi,
Kerio, Sygate and Outpost are often recommended here, but

a) A firewall only really helps you, if you know how it works & how to configure it
b) it has it's limitations, e.g. a FW won't probably help you against most variants of Trojan-GEN, as most of these enter your system via an unsecure IE

FWs help against SOME network worms/attacks, and MIGHT alert you to the presence of a trojan on your system only AFTER the trojan has been installed/activated..





 ;)
« Last Edit: May 31, 2004, 09:13:45 PM by whocares »

JL

  • Guest
Re:caught a trojan
« Reply #6 on: June 01, 2004, 06:40:22 PM »
Well I guess I was wrong.. problems have resurfaced.

Usually late evening my connection goes to complete $%@#. So much so I can't even load a web page. Just started this again last night. So I ran avast. No trojan found this time but the files it couldn't scan from before it still cannot scan. It won't let me move, repair, rename, nuthin. And I did completely (folders and all) remove these things manually when this all started. How can I check that the trojan is gone?

these are the bunk files:
-under doucuments and settings/owner
    - 5D4C1699d01
    - newstuff.swf
    - home.swf
    - cartoons2.swf
    - cartoons.swf
the above files are new to my problem and I cannot locate them using explorer or anything else I've tried.

Files under C/Program Files/Java
  -java.nio.charset.spi.CharsetProvider
  -j2re1.4.1_02/lib/../MANIFEST.MF (listed 3 times)
  -/.../javax.sound.sampled.spi.AudioFileReader
  -Program Files/Java Web Start/../MANIFEST.MF

All files in this post are listed as Unable to scan in results column
Looks like this   Unable to scan:T...
I cannot find out what the T.. is
 
Any suggestions, while my conection is working?...lol
I'm gonna try another boot time scan and see what happens. Hopefully I'll make it back today.
And thank you again.
     

whocares

  • Guest
Re:caught a trojan
« Reply #7 on: June 01, 2004, 09:18:54 PM »
Hi,

all this doesn't really look suspicious..
can you do a scan in SafeMode (F8-Boot) ?

- Set WinExplorer to show all folders/files, even system/hidden ones..; also all extensions..
- Empty Temp-Int-Files via IE-Extras internetoptions - delte files & check OFFLINE files
- empty all TEMP-folders, via driveCleanup and manually
- empty your JAVA-Cache via COntrolPanel-JavaPlugin-Cache -> empty..


please post a hijackthis-Logfile:
http://hjt.klaffke.de/en &
http://www.tomcoyote.com/hjt

Trey Onlinescanner Trend & KAV (see below; pause avast Shield for this; use IE with activeX enabled

More Info: Google or board-search ;)

Oh yes..
expand the columns in the avast scan report/log by dragging the title bars with the mouse.. and tell WHY the stuff couln't be scanned..



« Last Edit: June 01, 2004, 09:19:59 PM by whocares »

JL

  • Guest
Re:caught a trojan
« Reply #8 on: June 02, 2004, 12:33:38 AM »
I downloaded CWshredder. It says system is clean but avast found the trojan again in a boot scan, it does not find it in  the virus scan via windows the file:
C:\System Volume Information\_restore{BFC44142-5B64-4643-A8D0-E36EFC7B2472}\RP151\A0018130.dll
 
is infected by Win32:Trojan-gen.{Other}

Repair: Error 42060

Move: executed

Since it hasn't been found any other way, would this be the only part of it left and should I keep or delete ?And does the "_restore " mean it's my restore point? And if so can I just create a new restore point and be rid of it? Or is it a wicked web of pain in the @#$ steps to get rid of this thing completely? lol, sorry I suffer from a lack of tech knowledge .

whocares

  • Guest
Re:caught a trojan
« Reply #9 on: June 02, 2004, 12:45:19 AM »
Please disable RESTORE including reboot:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

 ;)

Max M.Wachtel III

  • Guest
Re:caught a trojan
« Reply #10 on: June 02, 2004, 01:45:43 AM »
JL-
Just have to put my 2cents in. Here are some things to help you besides a firewall. Install,update and run the following:
Ad-Aware,Spybot search and destroy, Spyware Blaster, Spyware Guard.
Get a better browser and mail client-Try mozilla or firefox+thunderbird
Learn to practice "safe hex". http://www.claymania.com/safe-hex.html
And don't forget to update windows every month ::)
-max

neal62

  • Guest
Re:caught a trojan
« Reply #11 on: June 02, 2004, 10:18:58 AM »
Newbie,

All of the advice already given to you by the other members here is very good. I personally like the "Outpost 1.0" free version firewall. But, I do not run WinsXp. With Xp Pro or Home a good firewall is necessary, PLUS you need to check Wins Updates often to let it analyze your pc for needed security updates. If you keep the security updates current to protect your I.E. and open Ports then I believe you will be in fairly good shape. The other programs that have already been mentioned that are being used by others here are very good and do help protect. Have a good day.  :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:caught a trojan
« Reply #12 on: June 02, 2004, 09:15:38 PM »
btw, could you suggest a descent firewall that won't muck up my resources?
I tried zone alarms trial.... didn't really like the program.

Oh, sorry, I would suggest Zone Alarm  :-\
Works great for me...

Other suggestions would be: Sygate Personal Firewall, Outpost and Kerio.
Do you still have virus problems or whocares killed them all?  ;D
The best things in life are free.

JL

  • Guest
Re:caught a trojan
« Reply #13 on: June 02, 2004, 10:09:03 PM »
Well I think the problem has been solved and I thank all of you. The help has been greatly appreciated. Good bunch of people around here. Alot of great advice as most of you have stated. Wish the rest of cyber space was like this community. I'd definitly say whocares fixed my problems... lol
Let me know if there's any way I can help ya out sometime and thanks again.