Re: Elusive trojan Haher

From: anikya (anikya_at_faked_anikya.com)
Date: 02/11/04

• Next message: anikya: "Re: Common Extension hijack"
• Previous message: anikya: "Re: Elusive trojan Haher"
• In reply to: Dave: "Re: Elusive trojan Haher"
• Next in thread: optikl: "Re: Elusive trojan Haher"
• Reply: optikl: "Re: Elusive trojan Haher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 11 Feb 2004 18:27:47 GMT

Just one more question.
I found this info in its "Properties"
name WEXTRACT.EXE
version 6.00.2800.1106 (xpsp1.020828-1920)

Would deleting wextract.exe affect the operation system?
Would I have to replace it with a healthy file?

anikya

"Dave OldBloke Budd" <davebudd@ukmisc.org.uk> ¦b¶l¥ó
news:MPG.1a942d18fd1b9aac989b30@news.xenopsyche.net ¤¤¼¶¼g...
> In article <pQoWb.471933$X%5.234919@pd7tw2no>, anikya@faked_anikya.com
> says...
> > I'm really at my wits end.
> >
> > RAV online found win32/haher a trojan in my computer.
> >
> > Following is the report:
> > C:\WINDOWS\SYSTEM32\wextract.exe - Trojan:Win32/Haher -> Infected
> > C:\WINDOWS\SYSTEM32\dllcache\wextract.exe - Trojan:Win32/Haher ->
Infected
> > C:\System Volume
> >
Information\_restore{98BDF40A-19C4-4B43-B477-27F9F90D580A}\RP313\A0056340.ex
> > e - Trojan:Win32/Haher -> Infected
>
> Turn off System Restore (properties of MyComputer, C:)
> Boot into Safe Mode with Command Prompt (f8 during boot sequence to get
> boot options menu)
> CD \WINDOWS\SYSTEM32
> DEL wextract.exe
> CD dllcache
> DEL wextract.exe
> Re-boot
>
> If it won't let you DEL the files, REN them to some other name instead,
> eg REN wextract.exe wextract.xex
>
>
> --
> Order 1000 pieces of a given atom & get a 10% discount
>
> (http://www.indigo.com/models/orbit-molecular-model-components.html)

---

• Next message: anikya: "Re: Common Extension hijack"
• Previous message: anikya: "Re: Elusive trojan Haher"
• In reply to: Dave: "Re: Elusive trojan Haher"
• Next in thread: optikl: "Re: Elusive trojan Haher"
• Reply: optikl: "Re: Elusive trojan Haher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Cant run restore CD or access setup ... When I push the del key after power on the screen stays blank which makes me ... > first boot HDD. ... > When Windows boots, are you getting all the way into Windows? ... (microsoft.public.windowsxp.general) Re: Missing hal.dll ... > BootCfg /Rebuild ... did you mean 'del c:\boot.ini'? ... > It is a bad boot.ini, resulting in boot looking for Windows in the wrong ... > Other approach needs a basic DOS mode boot floppy; ... (microsoft.public.windowsxp.general) Re: Help . My Linux has been hacked. ... >> under my user directory ... >> operation system." ... >> I notice that xfs takes longer to boot (during system ... (comp.security.unix) Re: startup setting; changing boot sequence ... Not sure which memory test you are running. ... You boot ... As far as getting into the BIOS, ... some use DEL etc. Seems ... (microsoft.public.windowsxp.security_admin) XP will not allow login ... When you boot from this CD be carefull read all of the ... >DEL, ... >Install from CD. ... >show me a log in screen after I tried a ALT CTL DEL. ... (microsoft.public.windowsxp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-02