Re: Trojan Backdoor virus cannot be removed
From: Admin (chinkle_at_midcondata.com)
Date: 10/28/04
- Previous message: David H. Lipman: "Re: worm in memory"
- In reply to: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Next in thread: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Reply: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Oct 2004 17:07:35 -0500
Dump your Recycle has no effectto the virus
2004-10-26, 23:00:28, An error was detected on
"C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\aux\*.*":
Access is denied.
2004-10-26, 23:00:28, An error was detected on
"C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\aux\*.*":
Access is denied.
i cannot change security on sub directory nor can i take owner ship as
administrator
i made the directory visible by changing file to view system / hidden files
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:exnPGNBvEHA.452@TK2MSFTNGP09.phx.gbl...
> Dump your Recycle or Trash Bin !
>
> Dave
>
>
>
>
>
> "Admin" <chinkle@midcondata.com> wrote in message
> news:%23M1w0o9uEHA.2624@TK2MSFTNGP11.phx.gbl...
> | this had no effect on the virus access is denied
> |
> | sysclean log
> |
> | 2004-10-26, 23:00:28, An error was detected on
> | "C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\aux\*.*":
> | Access is denied.
> | 2004-10-26, 23:00:28, An error was detected on
> | "C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\aux\*.*":
> | Access is denied.
> |
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:eg5R2P9uEHA.612@TK2MSFTNGP15.phx.gbl...
> | >
> | > 1) Download the following three items...
> | >
> | > Trend Sysclean Package
> | > http://www.trendmicro.com/download/dcs.asp
> | >
> | > Latest Trend signature files.
> | > http://www.trendmicro.com/download/pattern.asp
> | >
> | > Adaware SE (personal free version)
> | > http://www.lavasoftusa.com/
> | >
> | > Create a directory.
> | > On drive "C:\"
> | > (e.g., "c:\New Folder")
> | > or the desktop
> | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | >
> | > Download sysclean.com and place it in that directory.
> | > Dowload the signature files (pattern files) by obtaining the ZIP file.
> | > For example; lpt218.zip
> | >
> | > Extract the contents of the ZIP file and place the contents in the
same
> | directory as
> | > sysclean.com.
> | >
> | > 2) Update Adware with the latest definitions.
> | > 3) If you are using WinME or WinXP, disable System Restore
> | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> | > 4) Reboot your PC into Safe Mode
> | > 5) Using both the Trend Sysclean utility and Adaware, perform a
Full
> | Scan of your
> | > platform and clean/delete any infectors/parasites found.
> | > (a few cycles may be needed)
> | > 6) Restart your PC and perform a "final" Full Scan of your
platform
> | using both the
> | > Trend Sysclean utility and Adaware
> | > 7) If you are using WinME or WinXP,Re-enable System Restore and
> | re-apply any
> | > System Restore preferences, (e.g. HD space to use suggested
400 ~
> | 600MB),
> | > 8) Reboot your PC.
> | > 9) If you are using WinME or WinXP, create a new Restore point
> | >
> | >
> | > * * * Please report your results ! * * *
> | >
> | > Dave
> | >
> | >
> | >
> | >
> | >
> | > "Admin" <chinkle@midcondata.com> wrote in message
> | > news:e8zmtL9uEHA.228@TK2MSFTNGP10.phx.gbl...
> | > | There is a backdoor Trojan in the recycler bin I fond it in a folder
> | > |
> | > |
> | > |
> | > |
> | > |
> | > |
C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\com3\lpt1\
> | > |
> | > |
> | > |
> | > |
C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\com3\lpt1\
> | > |
> | > |
> | > |
> | > | File attributes are hidden I cannot change with right click
> | > |
> | > | Or safe mode
> | > |
> | > | Or with take owner ship as administrator
> | > |
> | > |
> | > |
> | > | When I try to drill down in the directory computer lock up
> | > |
> | > |
> | > |
> | > | Symantec corporate addition ver 8.1 says Trojan backdoor no name
path
> | > |
> | > |
> | > |
> | > | C:\winnt\system32\odbcconf.exe but this file is not infected
> | > |
> | > |
> | > |
> | > | When it runs it kills IPC$ share using C:\winnt\system32\net1.exe &
> | > | C:\winnt\system32\net.exe
> | > |
> | > |
> | > |
> | > | I have scanned the hole server with 10 on line & download ant virus
> | programs
> | > |
> | > | They all say 0 virus found but every hour the virus goes off with
the
> | > | message
> | > |
> | > |
> | > |
> | > | Symantec corporate addition ver 8.1 says Trojan backdoor no name
path
> | > |
> | > |
> | > |
> | > | C:\winnt\system32\odbcconf.exe
> | > |
> | > | but this file is not infected
> | > |
> | > |
> | > |
> | > |
> | > |
> | > | Any ideas ?
> | > |
> | > |
> | >
> | >
> |
> |
>
>
- Previous message: David H. Lipman: "Re: worm in memory"
- In reply to: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Next in thread: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Reply: David H. Lipman: "Re: Trojan Backdoor virus cannot be removed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
