Re: backdoor trojan in windows XP

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 09/30/04

• Next message: Lanwench [MVP - Exchange]: "Re: Help DNS cache poisoning"
• Previous message: L.G.: "Spyware Removal Tool"
• In reply to: Sue: "Re: backdoor trojan in windows XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 29 Sep 2004 21:53:37 -0400

Get the ZIP file version and extract their contents in the same directory as the Sysclean
utility.

Dave

"Sue" <anonymous@discussions.microsoft.com> wrote in message
news:05f401c4a68b$8e8e9370$a301280a@phx.gbl...
| Dave, I was able to download the sysclean but was not
| able to get the downloaded sig files to work with the
| program. What am I missing?
| >-----Original Message-----
| >1) Download the following two items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| >2) If you are using WinME or WinXP, disable System
| Restore
| >
| http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.ht
| m
| >3) Reboot your PC into Safe Mode
| >4) Using the Trend Sysclean utility, perform a Full
| Scan of your platform and
| > clean/delete any infectors found
| >5) Restart your PC and perform a "final" Full Scan
| of your platform
| >6) If you are using WinME or WinXP,Re-enable System
| Restore and re-apply any
| > System Restore preferences, (e.g. HD space
| to use suggested 400 ~ 600MB),
| >7) Reboot your PC.
| >8) If you are using WinME or WinXP, create a new
| Restore point
| >9) Please report back your results
| >
| >Dave
| >
| >
| >
| >
| >
| >
| >"Sue" <anonymous@discussions.microsoft.com> wrote in
| message
| >news:10bd01c4a67b$e6b11650$a401280a@phx.gbl...
| >| My symantec is telling me I have a "backdoor trojan" in
| >| sys32 wsrv.dll It can not delete it. It's been there
| >| for over a month now. When I try to delete it myself
| it
| >| won't work because the system is always running. Have
| >| been running all types of scans from freebie sites that
| >| have been suggested to other people with trojan
| >| infections, but don't want to pay for the removal for a
| >| program upgrade that might not work. Any suggestions? I
| >| know how to go into regedit but haven't found anything
| >| yet.
| >
| >
| >.
| >

---

• Next message: Lanwench [MVP - Exchange]: "Re: Help DNS cache poisoning"
• Previous message: L.G.: "Spyware Removal Tool"
• In reply to: Sue: "Re: backdoor trojan in windows XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: WindowsXP Bootup Takes 6 Minutes? ... I did download and tried to run Sysclean. ... >3) Disable System Restore ... >| DISK WRITE CACHING IS DISABLED. ... (microsoft.public.windowsxp.general) Re: Attn: Rock ... You can download a free trial at. ... >> Start with Trend Micro's Sysclean. ... >> signature file turn off system restore, ... >> Trend Micro Signature File ... (microsoft.public.windowsxp.general) Re: Virus? ... Sysclean is a broad-spectrum ... Dave ... |>| even disable sys restore or create files on the "C" ... |>|>3) Reboot your PC into Safe Mode ... (microsoft.public.security.virus) Re: backdoor trojan in windows XP ... I was able to download the sysclean but was not ... >6) If you are using WinME or WinXP,Re-enable System ... Restore and re-apply any ... (microsoft.public.security.virus) RE: computer shuts down shortly after connnecting, help please ... You must clean up the computer before trying to install SP2 on it. ... And yes, you can download ... From a different, clean machine download Stinger ... After you've run Stinger and/or Sysclean and removed spyware as ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)