Re: backdoor.afcore.bb HELL
From: Very Agoboted (anonymous_at_discussions.microsoft.com)
Date: 01/31/04
- Next message: Very Agoboted: "Windows Update"
- Previous message: Philip Herlihy: "Problems with some programs now I've adopted a non-administrative account"
- In reply to: Sandi - Microsoft MVP: "Re: backdoor.afcore.bb HELL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jan 2004 04:14:47 -0800
I am in the same boat.These things are a true nightmare
for a non-I.T.expert to deal with.There is no fix on the
net that I can discern.
Far from being incensed,I am intrigued by the method in
which the Trojan was slipped onto my machine.
If a computer in which the messenger sevice has been
deleted,Windows Messenger,also vanquished,running no
third party chat software,dangerous services
disabled,firewalled and patched to the gills,etc can be
compromised,then what hope is there for home users?
The average Joe who just wants to e-mail his mates in Oz?
I would suggest,that a future issue of XP lists its own
legitimate entries in the registry in blue or
something.Furthermore,all dlls belonging to genuine
Microsoft componants should be coded in some way to make
it more easy to spot rogue ones.
It may be asking the impossible,but it is in the
interests of vast corporate entities to sponsor the
development of free,good quality A.V.programmes and
Firewalls,for home users.
Trojans are insidious,by their very nature almost
impossible to spot.I was alerted initially by the Sygate
free Firewall.With secure dll authentication enabled,by
observation,you can ascertain which particular app
is "rogue".
This is by no means an adequate method of eradication-
rather more one of containment.But are we expected to
perform reformats and clean reinstalls every time one of
these ghastly things trespasses?
>-----Original Message-----
>The problem with some malware,is it will recreate itself
(with new *.dll
>names) as soon as it detects that one of its processes
have been shut down
>or files
>have been deleted. There are two programmes, not just
one.. one of which is
>the classic malware, the other is a monitoring service
that restarts the
>malware as soon as it detects the other is deleted,
complete with new file
>names.
>
>I would use MSCONFIG and select 'diagnostic startup' to
run only basic
>services. Then track down and nuke the malware and all
associated files that
>I could find, using registry entries and MSCONFIG itself
to track down as
>many associated files as I could find.
>
>I note that your friend is a long way away. I really
don't think this is
>something that can be done remotely. If the reinfector
is missed, you're
>back to square one.
>
>--
>_______________________________________
>Sandi - Microsoft MVP since 1999 (IE/OE)
>http://www.mvps.org/inetexplorer
>
>"Shewman" <shewman@sympatico.ca> wrote in message
>news:_cDSb.44891$mf4.1596318@news20.bellglobal.com...
>> Hi,
>>
>> I've got a friend who has this trojan. I can't get rid
of it. Found it in
>> the registry and deleted the entries. Rebooted but the
entries get added
>> again. Tried uninstalling the dll, ftdpwmk.dll, but I
get access denied.
>> Everytime, I try another i.e. view processes, her PC
reboots. Went into
>> safe
>> mode but I can't find the source file(s).
>>
>> I've tried searching google but didn't find anything.
Also tried searching
>> Norton and sophos
>>
>> Anyone have any ideas??? It's an XP PC. Unfortunately,
she's a couple of
>> hundred miles away. But I can remote into the PC.
>>
>> Thanks
>>
>>
>>
>
>.
>
- Next message: Very Agoboted: "Windows Update"
- Previous message: Philip Herlihy: "Problems with some programs now I've adopted a non-administrative account"
- In reply to: Sandi - Microsoft MVP: "Re: backdoor.afcore.bb HELL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
