PDA

View Full Version : Just for reference sakes.. Trojan... which one?



Myth
29-09-2008, 04:45 AM
Had a computer passed onto me the other day, loaded with viruses. Female owner (mate) had gone away for a week, come back and computer was dead slow and throwing up all sorts of warnings (her and her partner had left a few cousins of her partner to look after house).

Anyway, using combofix and AntiVir, I was able to get rid of most of the problems. But one eluded me and kept throwing up errors that certain system files were infected (C:\Windows\System32\winlogon.exe, C:\Windows\explorer.exe being the main two, but there were others). Now I know these files are correct and ARE system files, so couldn't delete them.

In the end I rang owner and asked if she would prefer reformat. She agreed (before she bought it to me she had considered reformatting it herself).

Anyone know which virus/es it had? The errors being thrown up by AntiVir were of trojan TR/Patched aa.. one which has hardly any info. I was wondering if it is an alias of something else

Addition: The computer never had any AV on it originally. Managed to get AntiVir on it, but couldn't update. Trying to get any other AV on it caused it to terminally blue screen whenever trying to update

Speedy Gonzales
29-09-2008, 07:25 AM
Looks like that trojan does have a few names

Avast, Win32:Patched-CK [Trj]. AVG (GriSoft), Win32/PEPatch.AO. Avira, TR/ Patched.AA.54. BitDefender, Trojan.Patched.U. Dr.Web, Trojan.Starter.384

To name a few

When you formatted it (its not blue screening now is it), you did do a clean install didnt you?? Not just install Windows, over WIndows?

pctek
29-09-2008, 07:44 AM
Anyway, using combofix and AntiVir, I was able to get rid of most of the problems. But one eluded me a

In the end I rang owner and asked if she would prefer reformat.

You really should use several antispyware products to do this sort of thing. Formatting is cheating and an unnecessary hassle too.

Myth
29-09-2008, 05:08 PM
I realise formatting is kinda cheating. But there was not much information on the computer, all the owner wanted to keep was the My Docs folder (and that was only incase her kids pics weren't backed up as she said).

I tried more than one approach to this, and kept hitting a wall. Anything I installed and tried to update caused the machine to blue screen
I made a judgement call based on proposed time of repair, vs time to reinstall

And yes, it was a clean install, no more blue screens. I did consider a dirty install though

feersumendjinn
29-09-2008, 06:04 PM
I've had a computer to fix recently that amongst loads of other stuff (Antivirusxp2008/Spyware Shredder etc; Control Panel/Regedit/HDD/Desktop Properties etc denied access; phantom user accounts), it had this
http://www.precisesecurity.com/threats/trojanblusod/
which was particularly annoying, it pops up with random BSODs with all sorts of reasons and stop codes (they look real tho), timed also at random; may be what you had.
After spending several hours and all sorts of antispyware and antivirus progs, it was more time-effective to reformat and reinstall (after I'd got it to the point where I could recover his data); I dont think it's cheating really, you're letting the malware writer/s take the upper hand if you spend too much time at it (more than an hour or two), worse if you're charging for the fix.