PDA

View Full Version : NetSpy Trojan



somebody
22-01-2004, 05:03 PM
I have a problem. Both my computers (running WinXP Home, with NAV 2003 and updated definitions) appear to be infected by the Netspy trojan. Norton Firewall's alert tracker tells me that it's blocking a trojan attack from port 3923, from localhost. I looked into the logs, and found that it was from the process "explorer.exe".

Therefore I **think** that both PCs are infected, as they were disconnected from the internet at the time, however on a home network. One is showing strange symptoms when using windows Explorer, My computer etc. is very slow response to right-clicking, and also very slow loading of pages.

I have decided that I will reformat the computer which is showing the slow symptoms, and leave this one (the other one which I think is infected, but showing no signs of problems at this stage) for a couple of days and see what happens. I have done a full system backup of important data, in case anything happens.

Is anybody able to offer me advice on this? I'm confused cos a manual scan of explorer.exe does not pick anything up.

dumdum
22-01-2004, 05:26 PM
Hello Somebody.....

If you go to ...www.sysinfo.org/startuplist.....and enter it in tne search ,you will find 3or4 variations of this virus,and remedies for each.

Best of luck
DD.

Pheonix
22-01-2004, 06:17 PM
Here is a FIX (http://www.kephyr.com/spywarescanner/library/netspy/index.phtml) for it, if you indeed do have it.
Also a trip to an online virus scanner (http://www.pandasoftware.com/activescan/)

somebody
23-01-2004, 08:52 AM
Thanks guys. Based on your website link Phoenix, it appears that NetSpy is a program which has to be downloaded and installed - however, as I am the primary user of this PC, I would seriously doubt it, as no other users have the knowledge to install such software. I don't know whether this is a good thing or a bad thing, but I have not managed to find any trace of the trojan's suspect files on my PC. I am now wondering whether the IP was spoofed by the trojan, to make me think that my computer is infected?

At this stage I think reformatting would also be a good chance to get rid of all the annoying files clogging up the system which have been left by uninstalled trialware.

kiwibeat
23-01-2004, 10:08 AM
I just use fix-it and reg cleaner to clear out all the debris left from uninstalled programs if things get too bad i just do a restore using a image backup created by drive image 2002 have all these on cd if needed

dchip
23-01-2004, 11:58 AM
Not sure if these will help with your Trojan, but they are great resources to add to your arsenal.

More features than the "windows task manager"
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Identify processes running in the background without having to wade through pages of tech-kafubble.(unless you enjoy reading that stuff of course...lol)
http://www.liutilities.com/products/wintaskspro/processlibrary/

somebody
23-01-2004, 12:26 PM
Thanks guys - i've formatted the computer, reinstalled windows, and all is working properly now.