Re: Trojan Dropper/Horse Issue
From: Malke (malke_at_nospoonnotreally.com)
Date: 09/29/04
- Next message: Dan: "BACKDOOR.SDBOOT - Virus"
- Previous message: Bill: "Anti Virus"
- In reply to: Rebecca Owens: "Trojan Dropper/Horse Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 05:29:16 -0700
Rebecca Owens wrote:
> I have real trouble here folks. I have found a virus that
> Symantec picks up as a trojan horse or trojan dropper and
> the files that it installs in the c:\ are as follows:
>
> swe.bat
> hiderun.exe
> reg11.*
> reg12.*
> iexpierer.exe
> swed.bat
> swef.bat
> kirby.exe
>
> These are just a few. I have ran spybot, ad-aware,
> trendmicro scan, symantec etc. I have even restored from
> cd and paritioned a machine and the viruses still came
> back. I have tried to search for a cleaner and nothing
> comes. I need some serious help with this issue. It has
> effected XP Pro, XP home and 2000.
>
> Please Help
I searched on quite a few of those files, but only hit paydirt with
hiderun.exe:
http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html
You've run all these cleaners, but have you run them in Safe Mode and
manually deleted all the files you could find? Did you disable System
Restore in the XP installs? And when you say you restored from cd, do
you mean you deleted partitions, formatted, and then installed your
three operating systems (this is what it sounds like from your
description). Did you do the cleaning from within each operating
system? Did you leave the computer disconnected from any lans and the
Internet until you thought it was clean?
Assuming you did a clean install, did you put on a firewall before
connecting to the Internet? Apply patches before connecting? Install
av's in each os? If the system was completely formatted and operating
systems installed, patched, protected by a current av, and firewalled
before being connected to the Internet, did you then copy over some
data that was infected?
Post back to this thread with more details, but if you haven't done all
of the above, that's what you need to do. When I have an infected
system like that, I manually delete malware - always in Safe Mode.
Since you have three operating systems on your computer, you'll need to
do the cleanup three times.
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: Dan: "BACKDOOR.SDBOOT - Virus"
- Previous message: Bill: "Anti Virus"
- In reply to: Rebecca Owens: "Trojan Dropper/Horse Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
