PDA

View Full Version : Trogan Horse



merlin-nz
09-09-2004, 03:42 PM
Hi folks,
New problem for me a Trogen Horse <Downloader.Rameh.E>

Now this bugger is a problem cause I run AVG and it located it and Healed it, I then ran SpyBot S&D and it was still there and was advised to run AVG to remove which I did . AVG did not find it this time.
I then ran Ad-Aware and the same thing it was there and to run AVG to remove and it did not, sighing...... scatching bald head.

I the turned off system restore and did the same tests all over again and well I'm still scratching the head, bugger now no more hair to scratch.

I thought at this stage to go to bed and sleep on it 1:00am....
In the morning bugger me same again.

Oh I did also try Stinger but alis no....

I there a way of removing the bugger other then Remormatting the C Drive.

If I cant get rid I may as well go back to 98SE less problems.

Now I have never updated XP or put on SP 1 or 2 but if that is the reason for not being able to shift this blighter bugger me.

Compter Specs:

HP Pavilion 6700
Windows XP Pro
Mainboard : Trigem Computer, Inc.
Chipset : Intel 82810 810 Chipset Memory Controller Hub
Physical Memory : 256 MB SDRAM
Processor : Intel Celeron
Frequency : 598 MHz
Current Display : 800x600 pixels at 85 Hz in 16 777 216 colours
Modem : IC+ 56k External Data Fax Voice Modem
TWAIN Device : CanoScan LiDE 20/N670U/N676U



cheers merlin-nz ;-)

Pillar
09-09-2004, 03:55 PM
Are you talking about a Trojan horse?

Must be gone, I think. The idea of a trojan horse is to provide a backdoor into your system, so someone can remotely control/use your computer. Install a firewall and see if any weird programs are trying to connect out/in?

Pheonix
09-09-2004, 04:02 PM
Open AVG and empty the vault if it is in there.

Otherwise, download, update then run Pest patrol (http://www.pestpatrol.com/Products/PestPatrolHE/) The evaluation version detects but doesn't clean, but it will list the infected files and registry entries which you can then manually remove.

Murray P
09-09-2004, 04:19 PM
Are you running Spybot in Advanced mode? This will give you more options to deal with it. As per Pheonix, I suspect the virus vault is holding a signature of the trojan and that is what is being picked up.

Cheers Murray P

Alan Cottrell
09-09-2004, 04:23 PM
Hello Merlin,

Try the following,

Firstly, go to this site: http://www.blackviper.com/WinXP/servicecfg.htm and set your services to his recommended "safe" configuration (doing this will go a long way to preventing trojan downloaders getting on your PC in the first place) as well as giving you a faster more secure PC in general.

Secondly, go here http://www.ewido.net/en/?section=download and download the excellent ewido security suite this programme comes in both freeware and enhanced versions (the download automatically installs as the enhanced version but steps back to the freeware version if not registered after 14 days)

My recommendation would be to install ewido, make sure you update the definitions, make sure you choose to scan for everything, run an initial scan in normal mode, let the programme clean everything it finds then repeat the scan in safe mode just to make sure.

I presume as a regular frequenter of PressF1 you are already aware of Spybot and it's capabilities for cleaning general malicious coding from your system.

However a lot of people miss the "Advanced Mode" function, if you have not already enabled this, do so, then click on the "tools" button this will give you access to a number of advanced features, the first one to check through is the "system start up" module, firstly click on the double arrows on the right hand side (this will give you a description and recommendation of what to do with the entry clicked on)next click on every individual entry that shows up in the module (even ones that look familiar) and delete anything that Spybot says is malicious (if you are unsure about any entry you can just untick it, this will prevent it from running unless it is reticked (not so secure as deleting but safer if you are unsure) then reboot your PC.

If you need to do the Spybot configuration, this should be done before running the Ewido scan.

Hope this helps.

AC

merlin-nz
09-09-2004, 04:38 PM
Thanks all for the quik responses:

Pillar:
Hell mate never could speel and have clumsie fingers on the k/board.

Pheonix:
Bugger never thought about the Vault had a quik lookie and yeah it was there going to run SpyBot and Ad-aware again, will reply later to let u know if the blighter has gone.

Allan:
Will copy and paste your response and follow up on it later but thanks for the quik reply:



cheers merlin-nz ;-)