PDA

View Full Version : Trojan wont go away.



music_man
21-04-2005, 10:48 PM
Hi

I am running windows xp pro and I somehow got this trojan: Trojan horse collected.5.L.

It leaves msdirectx.sys in my documents and settings each time I boot up (I delete it each time). Avg won't update and msconfig and regedit wont start either. I think I saw (when I could) systeminfos.exe in startup in msconfig and in task manager (which also doesn't go) running services.exe.

It now won't launch test center for AVG Free so maybe it is getting worse. I think I had another virus but I can't check what the name of it was.

Kerio pops up asking for something to connect to my computer..

Sigh, time for a macintosh.

Any help please?

Thanks

pctek
21-04-2005, 11:04 PM
You've run all your spyware removers?
How about Hijackthis?

music_man
22-04-2005, 12:12 AM
I downloaded it. But, would you believe, it didn't open!? :O. Sigh. I had a look at Kerio and systeminfos is connecting to some place; so that doesn't look too good.

linw
22-04-2005, 12:44 AM
This is a very nasty worm by all accounts. Have you tried googling for it? This reference may help. http://discussions.virtualdr.com/printthread.php?t=186281

You may have more luck trying to delete its files in safe mode.

Best of luck.

zqwerty
22-04-2005, 12:45 AM
Try Stinger, it may help:

http://vil.nai.com/vil/stinger/

zqwerty
22-04-2005, 12:57 AM
Maybe one of these will help:

http://www.ramsinks.com/software.asp#virus

drcspy
22-04-2005, 07:26 AM
YOU could also get a little prog called 'move on boot' and 'restrict app' the first deletes files before they get up an running during the boot process and the second is very useful cause you use it to stop files from running......

plod
22-04-2005, 09:43 AM
music man i think you found your own solution to your problem "sigh time for mac".

music_man
22-04-2005, 11:33 AM
Hi

Hijack this won't open. Thanks for your replies. It looks like quite a long task to delete this trojan. I don't fancy having someone browsing my computer with me... I suppose I should do an online scan on my dialup though I don't like to think how long it will take.

These companies must make a fortune by having the internet so insecure for windows users.

KiwiTT_NZ
22-04-2005, 12:04 PM
These companies must make a fortune by having the internet so insecure for windows users.

I'll re-phrase that.

"These companies must make a fortune by having Windows so insecure for internet users"

Remember the internet is just like streets and motorways, some houses you visit are of questionable nature, like the internet some web sites are also. You wouldn't leave your house unlocked and not alarmed these days, don't leave your "windows" open and insecure.

pheonix
22-04-2005, 04:00 PM
Try starting in safemode and running Antivirus scan and hijackthis. Also, if you have a little knowledge to be dangerous :D , then utilse this startup analyser from A2 (http://www.hijackfree.com/en/)

music_man
22-04-2005, 06:54 PM
Well I fixed it I think. For other people this is how I did it.

I ran the computer through safe mode and logged in as Adminstrator. I then went into the Windows folder and into system32. I found systeminfos (not systeminfo) and deleted it.

I then went to Documents and Settings for Administrator and deleted msdirectx.sys.

I rebooted and AVG and the other things worked.

I also deleted any systeminfos things in Kerio.