Author Topic: Trojans  (Read 3484 times)

0 Members and 1 Guest are viewing this topic.

OckieFur

  • Guest
Trojans
« on: June 14, 2004, 02:30:07 PM »
Me Again
I keep getting trojans being created - or found - in the Temp file of = C:\Documents and Settings\Eric\Local Settings\Temp\ltnydki - as well as ltnydki.dll. Avast can't seem to delete these (& others with different names that I can't remember right now). I managed to delete them through DOS before bootup - but they keep coming back with different names. What's happening to cause them to come back?
TIA
Eric    :-\

whocares

  • Guest
Re:Trojans
« Reply #1 on: June 14, 2004, 03:02:45 PM »
Hi,

what WIN do you have ? Are all ServicePacks and Windowsupdates applied ?
have ou managed to repair/reinstqll avast ? so that the resident protection is working again ?
-> test with harmless testfile EICAR.COM from www.eicar.com


What were the exact names avast gives the trojans ?

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP INCLUDING a REBOOT!! ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here:
http//hjt.klaffke.de/en
& read this first: http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean ;)
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above


« Last Edit: June 14, 2004, 03:03:46 PM by whocares »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Trojans
« Reply #2 on: June 15, 2004, 03:55:39 PM »
Whocares, for you not having to post all the 'general procedure' for virus/trojans removal, can't you ask to Alwil a place (maybe a 'sticky' thread in the virus forum) to have them all?

I'd love to quote you when I need but the 'standard' procedures are posted in a lot of threads...  :-\
The best things in life are free.

whocares

  • Guest
Re:Trojans
« Reply #3 on: June 15, 2004, 04:50:25 PM »
1) for you not having to post all the 'general procedure' for virus/trojans removal,

2) can't you ask to Alwil a place (maybe a 'sticky' thread in the virus forum) to have them all?

3) I'd love to quote you when I need but the 'standard' procedures are posted in a lot of threads...  :-\

Hi Technical,

@1) Copy&paste is a wonderful thing.. I got this stuff on my HD  ;D ;D
But I DO sometimes adjust the General advice.. ;)

@2) Maybe when I reach the magic mark of 1000 Postings..  ;D ;)
Or you as MOD try to alert them to the need of FAQs related to malware removal

@3) you sure can quote me.. why not make a bookmark ? you can even edit the URL so that it shows directly to an individual posting, not just the whole topic..
Or do you mean I'm uselessly filling up the board space ?

 ;)
« Last Edit: June 15, 2004, 04:51:12 PM by whocares »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Trojans
« Reply #4 on: June 16, 2004, 12:55:35 AM »
Or do you mean I'm uselessly filling up the board space ?

Of course not  ;)

Just that for the other users, read long posts is not an easy thing, specially now that avast forums have grown a lot  ;D
On other hand, having a general thread for this would be useful in my opinion.
The best things in life are free.