Re: how to locate hidden trojan horse that repeatedly installs spyware

From: River_Rat (youknow_at_Iwillslapyou)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 09:53:57 -0500

Ross
You will need to delete your temp files.
Click on Tools in your browser window go to Internet Options>Delete
Cookies>Delete Files>check Delete all offline content.

Do some major cleaning while you're at it.
Start>Run>(type) %temp% >OK>Delete the contents of this folder

Trojans will also get into the System Restore files so they will need to be
deleted too in order to keep from getting infected again should you ever do
a system restore. Turn off system restore this delete all restore points
from here back.
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Run TrendMicro & McAfee free virus scan to make sure you are clean. It will
not hurt to run Ad-Aware and SpyBot S&D also.
http://www.mvps.org/sramesh2k/Scanners.htm

http://www.majorgeeks.com/downloads31.html

Turn System Restore back on (Restart) then create a restore point. 

-- 
Good Day
River_Rat
"Ross K." <battlingtheTrojans@discussions.microsoft.com> wrote in message 
news:406b01c4a44e$630542b0$a601280a@phx.gbl...
Hello all,
Unfortunately my PC has been infected with what I am
guessing is a hidden trojan horse. Symantec Anti-virus
can't find it. Whatever it is, it repeatedly installs
several files on my PC with XP Home 5.1 Build
2600.xpsp2.030422-1633: Service Pack 1. Some of the files
are .exe (nthpwwrr.exe, wupdt.exe, wupdsnff.exe,
systb.exe, and maybe others), and some are registry mod.
attempts. Thank goodness for Adwatch by Lavasoft, which
pops up each time and shows repeated attempts to mod. my
registry. I successfully blocked those attempts with
Adwatch, then use Ad-aware to clean my files, then I
restart. Thereafter, at a random time, the same .exe
files are installed again and registry mod. attempts
again. One more thing: When I look at the running
processes, I find that nthpwwrr.exe is running. If I kill
that process, then delete nthpwwrr.exe, then run Ad-aware
to clean the PC's files, no more installation attempts
are made for many hours, maybe up to a day. SO.... Is
there some audit trail that I can view that would show me
what is installing these files? Any other solution? THANK
YOU IN ADVANCE FOR ANY HELP!
Kind regards,
Ross K.

Relevant Pages

  • Re: System File Checker question
    ... NTREGOPT NT Registry Optimizer ... Similar to Windows 9x/Me, the registry files in an NT-based ... Should I disable Windows XP?s System Restore function when using ... dfrog hunted and pecked: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System File Checker question
    ... Howdy dfrog, ... NTREGOPT NT Registry Optimizer ... Similar to Windows 9x/Me, the registry files in an NT-based ... Should I disable Windows XP’s System Restore function when using ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: XP doesnt starts normally after CHKDSK /f
    ... It could well be a registry entry left over after uninstalling ... Once you have installed cCleaner create a new System Restore point. ... You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Additionaly Re: Uninstalling Windows Search 4.0
    ... general low-skilled Joe who will not be able to edit the registry and stuff ... These System Restore and Indexing services are cases in point. ... silly service runs just so you can gain a second or two when you search once ...
    (microsoft.public.windowsxp.general)
  • Re: Office documents opening very slowly
    ... I looked at McAfee only because I found documentation of a similar problem ... I have tried all of these recommendations except the system restore (I'm not ... > software/hardware installs? ... > that point it was still not working properly, I would uninstall Office XP ...
    (microsoft.public.windowsxp.perform_maintain)