sticky trojan

• Previous message: peter: "RE: W32.Spybot.Worm"
• Next in thread: David H. Lipman: "Re: sticky trojan"
• Reply: David H. Lipman: "Re: sticky trojan"
• Reply: Max M.Wachtel III: "Re: sticky trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Dec 2004 20:07:49 +1030

Have just come across a paricularly stuborn trojan, after spending
almost two hours in a fruitless attempt to remove it, regretably I had
to format and start over. [clients insistance]

Here are the symptons:
The desktop was hijacked as web page with the warning that the
system had been compromised and displayed a link to the following web
site: for a "cure" www.topantispyware.com/overview.php?30. Right
clicking on the "desktop" and choosing properties showed
C:\Windows\Web\desktop.html not the normal properties ***.

Panda would detect the trojan downloader.small.11.BU and heal it on each
reboot, but always came back with a different file name, EG
C:\windows\system32\jgglaaaa.dll and wisadwsfndos.exe, plus there was
always a file r.exe on the root of C:.

I ran uptodate versions of FPROTDOS, sysclean, AD-Aware, Hijackthis and
Spybot S and D, but just couldn't remove it. Anyone come across this
and have a fix? for next time

rgds
Li'l Roberto

• Previous message: peter: "RE: W32.Spybot.Worm"
• Next in thread: David H. Lipman: "Re: sticky trojan"
• Reply: David H. Lipman: "Re: sticky trojan"
• Reply: Max M.Wachtel III: "Re: sticky trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]