RE: Something to remove Download. Trojan or pesky spyware??? Plz Help!
From: zippy (zippy_at_discussions.microsoft.com)
Date: 07/06/04
- Next message: Bullwinkel J. Moose: "Re: Backdoor Trojans"
- Previous message: Derek: "Re: "SpywareGuard" question"
- In reply to: Annoyed: "Something to remove Download. Trojan or pesky spyware??? Plz Help!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 5 Jul 2004 17:00:02 -0700
Good luck. I had it, (because I got too lazy and did not update Security Patches, if I did, I wouldn't have gotten the virus,) This particular virus masquarades itself as Microsoft Products (Mine tried to masquarade as NotePad and Windows Media Player) It got into my system (although I run ZoneAlarm firewall) through a vunerability in IE. I had to buy a new virus scanner, AVG didn't detect it and the virus prevented me from downloading updated dat files (this is another reason why it is important to download weekly atleast, daily would be best.) I had to run from CD with, as most in here know, takes foreeevvveer. Because this particular virus also downloads adware, scumware and malware, the virus scanner didn't or wasn't able to get it all. Mine had download.trojan and downloader.trojan. Giving instructions for both, as they seem to go hand and foot.
Disable System Restore and run an Anti-Virus program in Safe-Mode. Delete or quaratene anything that pops up.
(downloader)
(WARNING: Messing up the Registry can cause unwanted effects, backup registry before doing anything)
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to each of these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
For each one, in the right pane, delete any values that refer to any files that were detected as Downloader.Trojan.
(download)
Navigate to HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
In the right hand pane, look for Start Page. If this is set to an address that you do not have as your perfered homepage, delete. When you restart, it will revert to default.
Exit the Registry Editor.
Now, with the download version, it will inbed itself inside your Content.IE5 file. Even if you delete temporary internet files, it's possible that it will still be there.
And the only way to get rid of it would be to delete the whole file. Which with XP is hard to do as you will get an error message when trying to delete the current user's IE5 file. I did a workaround, I opened up another account with administrative rights and deleted my normal accounts IE5 file. It will erase any stored passwords and cookies ect. And I've have problems since with certain web pages remembering my passwords and such (although, that really aint a bad idea) So I would use this as an absolute last step.
Get a firewall, install and use before going back online. Update windows. Then go to www.grc.com and intall their "Unplug and Play" program. Download AdAware, Spybot, CWShredder and HijackThis.
And most important, keep your computer up to date on all virus scans, windows, and other security items, ask an ounce of prevention is easier then pulling hair.
"Annoyed" wrote:
> Hey I really need your help. I think I've got this thing
> called Download. Trojan on my computer. I ran my virus
> scanner, and it said I had it. In the first display of
> it, the scanner "action taken: clean failed: delete
> failed :access denied." In the second display of the
> trojan, the scanner "action taken: clean failed:
> quarantine succeeded." I was then only able to delete the
> file which was called javacypt.exe (where the scanner said
> the Download. Trojan was located) I thought that would of
> gotten rid of it, but I still have the effects of it on my
> computer: changed home page that won't change back,
> annoying pop ups, and when u click on links sometimes they
> take you somewhere else even bad sites--sometimes the bad
> sites just come up out of nowhere! It's horrible! I've
> downloaded freeware Ad Aware and another program called
> Spybot: Search and Destroy. These programs have found
> cookies and spyware on my computer, but I still have these
> effects. I am at a loss as to what to do. I was
> wondering if there was a patch I could download for the
> Download. Trojan in case I did not get rid of it or to get
> rid of some spyware that is messing up my computer. Please
> Help. Thanks so much in advance!
>
- Next message: Bullwinkel J. Moose: "Re: Backdoor Trojans"
- Previous message: Derek: "Re: "SpywareGuard" question"
- In reply to: Annoyed: "Something to remove Download. Trojan or pesky spyware??? Plz Help!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
