View Full Version : NetSpy Trojan

22-01-2004, 05:03 PM
I have a problem. Both my computers (running WinXP Home, with NAV 2003 and updated definitions) appear to be infected by the Netspy trojan. Norton Firewall's alert tracker tells me that it's blocking a trojan attack from port 3923, from localhost. I looked into the logs, and found that it was from the process "explorer.exe".

Therefore I **think** that both PCs are infected, as they were disconnected from the internet at the time, however on a home network. One is showing strange symptoms when using windows Explorer, My computer etc. is very slow response to right-clicking, and also very slow loading of pages.

I have decided that I will reformat the computer which is showing the slow symptoms, and leave this one (the other one which I think is infected, but showing no signs of problems at this stage) for a couple of days and see what happens. I have done a full system backup of important data, in case anything happens.

Is anybody able to offer me advice on this? I'm confused cos a manual scan of explorer.exe does not pick anything up.

22-01-2004, 05:26 PM
Hello Somebody.....

If you go to ...www.sysinfo.org/startuplist.....and enter it in tne search ,you will find 3or4 variations of this virus,and remedies for each.

Best of luck

22-01-2004, 06:17 PM
Here is a FIX (http://www.kephyr.com/spywarescanner/library/netspy/index.phtml) for it, if you indeed do have it.
Also a trip to an online virus scanner (http://www.pandasoftware.com/activescan/)

23-01-2004, 08:52 AM
Thanks guys. Based on your website link Phoenix, it appears that NetSpy is a program which has to be downloaded and installed - however, as I am the primary user of this PC, I would seriously doubt it, as no other users have the knowledge to install such software. I don't know whether this is a good thing or a bad thing, but I have not managed to find any trace of the trojan's suspect files on my PC. I am now wondering whether the IP was spoofed by the trojan, to make me think that my computer is infected?

At this stage I think reformatting would also be a good chance to get rid of all the annoying files clogging up the system which have been left by uninstalled trialware.

23-01-2004, 10:08 AM
I just use fix-it and reg cleaner to clear out all the debris left from uninstalled programs if things get too bad i just do a restore using a image backup created by drive image 2002 have all these on cd if needed

23-01-2004, 11:58 AM
Not sure if these will help with your Trojan, but they are great resources to add to your arsenal.

More features than the "windows task manager"

Identify processes running in the background without having to wade through pages of tech-kafubble.(unless you enjoy reading that stuff of course...lol)

23-01-2004, 12:26 PM
Thanks guys - i've formatted the computer, reinstalled windows, and all is working properly now.