There is a backdoor Trojan in the recycler bin I fond it in a folder

From: Admin (chinkle_at_midcondata.com)
Date: 10/30/04 

Date: Fri, 29 Oct 2004 20:57:14 -0500

i cannot change security on sub directory nor can i take owner ship as
administrator

what command do i use to delete c:\recycler ?

at current i canot even do (cd c:\recycler) no access "access denied" ?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23qOMqHHvEHA.3376@TK2MSFTNGP12.phx.gbl...
> Install the WinNT Command console...
>
> C:\i386\winnt32 /cmdcons
>
> or if on CDROM...
>
> D:\i386\winnt32 /cmdcons
>
> Reboot the PC, enter the Command Console as adminstrator and delete it
from the Command
> Console.
>
> Dave
>
>
> "Admin" <chinkle@midcondata.com> wrote in message
> news:eOxl0DHvEHA.3948@TK2MSFTNGP15.phx.gbl...
> | Dump your Recycle has no effectto the virus
> |
> | 2004-10-26, 23:00:28, An error was detected on
> | "C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\aux\*.*":
> | Access is denied.
> |
> | 2004-10-26, 23:00:28, An error was detected on
> | "C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\aux\*.*":
> | Access is denied.
> |
> | i cannot change security on sub directory nor can i take owner ship as
> | administrator
> |
> | i made the directory visible by changing file to view system / hidden
files
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:exnPGNBvEHA.452@TK2MSFTNGP09.phx.gbl...
> | > Dump your Recycle or Trash Bin !
> | >
> | > Dave
> | >
> | >
> | >
> | >
> | >
> | > "Admin" <chinkle@midcondata.com> wrote in message
> | > news:%23M1w0o9uEHA.2624@TK2MSFTNGP11.phx.gbl...
> | > | this had no effect on the virus access is denied
> | > |
> | > | sysclean log
> | > |
> | > | 2004-10-26, 23:00:28, An error was detected on
> | > |
"C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\aux\*.*":
> | > | Access is denied.
> | > | 2004-10-26, 23:00:28, An error was detected on
> | > |
"C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\aux\*.*":
> | > | Access is denied.
> | > |
> | > |
> | > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | > | news:eg5R2P9uEHA.612@TK2MSFTNGP15.phx.gbl...
> | > | >
> | > | > 1) Download the following three items...
> | > | >
> | > | > Trend Sysclean Package
> | > | > http://www.trendmicro.com/download/dcs.asp
> | > | >
> | > | > Latest Trend signature files.
> | > | > http://www.trendmicro.com/download/pattern.asp
> | > | >
> | > | > Adaware SE (personal free version)
> | > | > http://www.lavasoftusa.com/
> | > | >
> | > | > Create a directory.
> | > | > On drive "C:\"
> | > | > (e.g., "c:\New Folder")
> | > | > or the desktop
> | > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | > | >
> | > | > Download sysclean.com and place it in that directory.
> | > | > Dowload the signature files (pattern files) by obtaining the ZIP
file.
> | > | > For example; lpt218.zip
> | > | >
> | > | > Extract the contents of the ZIP file and place the contents in the
> | same
> | > | directory as
> | > | > sysclean.com.
> | > | >
> | > | > 2) Update Adware with the latest definitions.
> | > | > 3) If you are using WinME or WinXP, disable System Restore
> | > | >
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> | > | > 4) Reboot your PC into Safe Mode
> | > | > 5) Using both the Trend Sysclean utility and Adaware, perform
a
> | Full
> | > | Scan of your
> | > | > platform and clean/delete any infectors/parasites found.
> | > | > (a few cycles may be needed)
> | > | > 6) Restart your PC and perform a "final" Full Scan of your
> | platform
> | > | using both the
> | > | > Trend Sysclean utility and Adaware
> | > | > 7) If you are using WinME or WinXP,Re-enable System Restore
and
> | > | re-apply any
> | > | > System Restore preferences, (e.g. HD space to use
suggested
> | 400 ~
> | > | 600MB),
> | > | > 8) Reboot your PC.
> | > | > 9) If you are using WinME or WinXP, create a new Restore point
> | > | >
> | > | >
> | > | > * * * Please report your results ! * * *
> | > | >
> | > | > Dave
> | > | >
> | > | >
> | > | >
> | > | >
> | > | >
> | > | > "Admin" <chinkle@midcondata.com> wrote in message
> | > | > news:e8zmtL9uEHA.228@TK2MSFTNGP10.phx.gbl...
> | > | > | There is a backdoor Trojan in the recycler bin I fond it in a
folder
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.1\com3\lpt1\
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | C:\RECYCLER\S-1-5-21-507921405-1343024091-1957994488-500\.2\com3\lpt1\
> | > | > |
> | > | > |
> | > | > |
> | > | > | File attributes are hidden I cannot change with right click
> | > | > |
> | > | > | Or safe mode
> | > | > |
> | > | > | Or with take owner ship as administrator
> | > | > |
> | > | > |
> | > | > |
> | > | > | When I try to drill down in the directory computer lock up
> | > | > |
> | > | > |
> | > | > |
> | > | > | Symantec corporate addition ver 8.1 says Trojan backdoor no name
> | path
> | > | > |
> | > | > |
> | > | > |
> | > | > | C:\winnt\system32\odbcconf.exe but this file is not infected
> | > | > |
> | > | > |
> | > | > |
> | > | > | When it runs it kills IPC$ share using
C:\winnt\system32\net1.exe &
> | > | > | C:\winnt\system32\net.exe
> | > | > |
> | > | > |
> | > | > |
> | > | > | I have scanned the hole server with 10 on line & download ant
virus
> | > | programs
> | > | > |
> | > | > | They all say 0 virus found but every hour the virus goes off
with
> | the
> | > | > | message
> | > | > |
> | > | > |
> | > | > |
> | > | > | Symantec corporate addition ver 8.1 says Trojan backdoor no name
> | path
> | > | > |
> | > | > |
> | > | > |
> | > | > | C:\winnt\system32\odbcconf.exe
> | > | > |
> | > | > | but this file is not infected
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | > | > |
> | > | > | Any ideas ?
> | > | > |
> | > | > |
> | > | >
> | > | >
> | > |
> | > |
> | >
> | >
> |
> |
>
>

Quantcast