Re: Please Help with WINCFG.SCR Infection !
From: Reticulum (rock_bustin_at_yahoo.com)
Date: 07/30/03
- Next message: Roedy Green: "Re: How Java work with PKCS12?"
- Previous message: Security Alert: "SSRT2443 Network traffic can cause programs to fail"
- In reply to: Andrew: "Re: Please Help with WINCFG.SCR Infection !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Jul 2003 12:45:28 -0700
andrew@fried.us (Andrew) wrote in message news:<ba5c82c3.0307300657.7146a4fb@posting.google.com>...
> I received a very prompt reply from Symantec (less than six hours) on
> the file submission which contained WINCFG.SCR. They advised that it
> was a known trojan which had been identified in April. They suggested
> that I download their intelligent anti-vius updater, as opposed to
> Live Update. I did, and Norton detected the trojan. I'm a little
> puzzled, however, as to why Norton chose not to include the signature
> in the regular signature file. After all, isn't that what an
> anti-virus program is supposed to do??? My concern now is in trying
> to determine HOW that trojan got installed in the first place.
>
> I also submitted the files to TrendMicro and two days later have yet
> to receive any kind of reply.
>
> Andrew
>
> To Andrew (the Knowing) from Andrew (the Clueless),
FWIW,... I did this to myself in classic manner by downloading .jgp's
(Ahem!) from Usenet. Prior to removal I noticed that in addition to the
WINCFG.SCR file in System32, the original download was sitting there
still in my Forte Directory. When I tried to delete using BC Wipe the
PC froze, I did a reboot, found there was now approx. 700+ goobleygook
files with nonsense names - undeletable and PC frozen again. Another
reboot and they had vanished !! (Although I spent a LONG time crawling
thru my C: Drive looking to see if they'd multiplied elsewhere ).
Don't know if this helps, but I sure thank you for yours.
Andrew
>
>
>
> cathexis@erols.com (Reticulum) wrote in message news:<3f26f1c2.1069031@localhost>...
> > Andrew,
> >
> > WINCFG.SCR is DEAD !!
> > Thanks Man.
> >
> > If you'd like the specifics,....
> > Reboot to Safe Mode caused error screen for "Registry Problem" and suggested
> > restore --
> > "Okay" pressed and rebooted to normal mode, No change noted in problem.
> > Rebooted back into Safe Mode without error message.
> > Regedit then would come up.
> > Followed path to trojan ref in registry as posted many places on internet
> > (Can re-post that here if you'd like). Deleted relevant refs.
> > *** NOTE: Also found ref. to "WINKEET" a known trojan I'd thought I'd killed
> > last year. Deleted same.
> > Rebooted to normal mode, regedit works fine, no more Connection Screen pop-ups
> > (see my original post)
> > No further signs of WINCFG.SCR activity on Outpost Firewall.
> >
> > So I guess that's it!
> >
> > One more question;
> >
> > Using "Find" under Regedit to search for refs. to wincfg I still
> > come up with two. I won't give whole path unless you want but they
> > boil down to - ,.../explorer/Doc Find Spec MRU and also RunOnce.
> > Are these harmless refs. to my own Find searches or should they also
> > be killed ??
> >
> > Again -- My Hearty Thanks,
> >
> > Andrew
> >
> > Reticulum
> >
> > Remove "your.hat" when replying via e-mail
- Next message: Roedy Green: "Re: How Java work with PKCS12?"
- Previous message: Security Alert: "SSRT2443 Network traffic can cause programs to fail"
- In reply to: Andrew: "Re: Please Help with WINCFG.SCR Infection !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
