Trojans Galore

Archived from groups: microsoft.public.win2000.general (More info?)

In the last few days I am getting messages from my AVG virus checker that a
trojan has arrived. I have The AVG running and a host files which is updated
every week in addition to running Spybot weekly and finally I am also connected
via a D-Link Router.

The amazing thing is that I can deal with something internal which has nothing
to do with the internet and yet the trojans keep coming. The vault was emptied
this morning and in 3 hours I have recieved 3 trojans.

They arrive in Documents/Borge/Local Settings/temp and there seems to be no
stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.

Fortunately they can just be emptied out of the vault and that is the finish of
them but soon enough new ones arrive.

B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
If you are curious look here http://www.mapquest.com/maps/latlong.adp
14 answers Last reply
More about trojans galore
  1. Archived from groups: microsoft.public.win2000.general (More info?)

    Any idea what the trojan's name is?

    Crouchie1998
    BA (HONS) MCP MCSE
  2. Archived from groups: microsoft.public.win2000.general (More info?)

    It seems obvious that AVG fails to clean your machine properly.
    I suggest an external virus scan on www.antivirus.com ("free
    online scan").


    "nesredep egrob" <Long. -31,48.21 Lat. 115,47.40> wrote in message
    news:6v0l91h98lavrmnrpkf7oo9uaof76dm34v@4ax.com...
    > In the last few days I am getting messages from my AVG virus checker that
    a
    > trojan has arrived. I have The AVG running and a host files which is
    updated
    > every week in addition to running Spybot weekly and finally I am also
    connected
    > via a D-Link Router.
    >
    > The amazing thing is that I can deal with something internal which has
    nothing
    > to do with the internet and yet the trojans keep coming. The vault was
    emptied
    > this morning and in 3 hours I have recieved 3 trojans.
    >
    > They arrive in Documents/Borge/Local Settings/temp and there seems to be
    no
    > stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    >
    > Fortunately they can just be emptied out of the vault and that is the
    finish of
    > them but soon enough new ones arrive.
    >
    > B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    > If you are curious look here http://www.mapquest.com/maps/latlong.adp
    >
  3. Archived from groups: microsoft.public.win2000.general (More info?)

    From: "nesredep egrob" <Long. -31,48.21 Lat. 115,47.40>

    | In the last few days I am getting messages from my AVG virus checker that a
    | trojan has arrived. I have The AVG running and a host files which is updated
    | every week in addition to running Spybot weekly and finally I am also connected
    | via a D-Link Router.
    |
    | The amazing thing is that I can deal with something internal which has nothing
    | to do with the internet and yet the trojans keep coming. The vault was emptied
    | this morning and in 3 hours I have recieved 3 trojans.
    |
    | They arrive in Documents/Borge/Local Settings/temp and there seems to be no
    | stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    |
    | Fortunately they can just be emptied out of the vault and that is the finish of
    | them but soon enough new ones arrive.
    |
    | B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    | If you are curious look here http://www.mapquest.com/maps/latlong.adp

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear


    Download CLEAN.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/clean.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
    { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
    (.lnk) files and a PDF instruction file.

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
    to allow the FTP utility to download the needed files

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !
    It would also help for you to read - "How to perform a clean boot in Windows XP"
    http://support.microsoft.com/kb/310353

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  4. Archived from groups: microsoft.public.win2000.general (More info?)

    On Mon, 30 May 2005 05:57:25 +0100, "Crouchie1998" <crouchie1998@spamcop.net>
    wrote:
    The names are as on the message, just numbers with an exe behind. You will see
    them at the bottom of the message. This is seen on the report issued by AVG.
    >Any idea what the trojan's name is?
    >
    >Crouchie1998
    >BA (HONS) MCP MCSE
    >
  5. Archived from groups: microsoft.public.win2000.general (More info?)

    Symantec (http://www.symantec.com) also provide a FREE online scan too

    Crouchie1998
    BA (HONS) MCP MCSE
  6. Archived from groups: microsoft.public.win2000.general (More info?)

    On Mon, 30 May 2005 15:10:43 +1000, "Pegasus \(MVP\)" <I.can@fly.com> wrote:

    >It seems obvious that AVG fails to clean your machine properly.
    >I suggest an external virus scan on www.antivirus.com ("free
    >online scan").

    Thanks. I have now for some time run firefox and netscape has been left behind.
    It seems that Trend does need Netscape which was duly re-installed on drive
    D:\Program Files, complete with the plugins folder in the netscape folder. That
    plugins is what trends says it cannot find after having found it with the browse
    button as is the norm for installations. Netscape is working fine.

    Someone was asking for the name of the files and AVG has them down as Trojan
    horse downloader. The file itself is an exe file named with just number and no
    alpha chars at all.
    >
    >
    >"nesredep egrob" <Long. -31,48.21 Lat. 115,47.40> wrote in message
    >news:6v0l91h98lavrmnrpkf7oo9uaof76dm34v@4ax.com...
    >> In the last few days I am getting messages from my AVG virus checker that
    >a
    >> trojan has arrived. I have The AVG running and a host files which is
    >updated
    >> every week in addition to running Spybot weekly and finally I am also
    >connected
    >> via a D-Link Router.
    >>
    >> The amazing thing is that I can deal with something internal which has
    >nothing
    >> to do with the internet and yet the trojans keep coming. The vault was
    >emptied
    >> this morning and in 3 hours I have recieved 3 trojans.
    >>
    >> They arrive in Documents/Borge/Local Settings/temp and there seems to be
    >no
    >> stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    >>
    >> Fortunately they can just be emptied out of the vault and that is the
    >finish of
    >> them but soon enough new ones arrive.
    >>
    >> B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    >> If you are curious look here http://www.mapquest.com/maps/latlong.adp
    >>
    >
  7. Archived from groups: microsoft.public.win2000.general (More info?)

    Did you just copy/paste your reply?

    You gave exactly the same answer with something yesterday where I mentioned
    you are promoting your own website tools..

    Crouchie1998
    BA (HONS) MCP MCSE
  8. Archived from groups: microsoft.public.win2000.general (More info?)

    From: "Crouchie1998" <crouchie1998@spamcop.net>

    | Did you just copy/paste your reply?
    |
    | You gave exactly the same answer with something yesterday where I mentioned
    | you are promoting your own website tools..
    |
    | Crouchie1998
    | BA (HONS) MCP MCSE
    |

    I copid the concept of many MS MVPs in coming up with a boiler place set of instructions
    (which does get modified based upon feedback) that are know to work.

    I am not about to re-write a response to a repetitive problem each time. I see the same
    problems, over and over again.

    As Chek replied...

    "Admittedly a lot of Dave's posts are repetitive, but only
    because it's a valid procedure to follow for most posters
    here with their limited knowledge. Sure, more sophisticated
    tools like Process Explorer, HiJackThis and others may be
    needed to actually remove the reported but undeletable files
    McAfee or Trend find even in Safe Mode (Winlogon being
    another current fave in the malware start-up routines), but
    there’s always an invitation to report back the findings."

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.win2000.general (More info?)

    > In the last few days I am getting messages from my AVG virus checker that
    > a
    > trojan has arrived. I have The AVG running and a host files which is
    > updated
    > every week in addition to running Spybot weekly and finally I am also
    > connected
    > via a D-Link Router.

    Your firewall may be configured incorrectly.

    Andrew
  10. Archived from groups: microsoft.public.win2000.general (More info?)

    On Wed, 1 Jun 2005 13:42:25 +0100, "Andrew Morton" <akm@in-press.co.uk.invalid>
    wrote:

    >> In the last few days I am getting messages from my AVG virus checker that
    >> a
    >> trojan has arrived. I have The AVG running and a host files which is
    >> updated
    >> every week in addition to running Spybot weekly and finally I am also
    >> connected
    >> via a D-Link Router.
    >
    >Your firewall may be configured incorrectly.
    >
    >Andrew
    >
    I shall have a go at that. I do not recall doing anything to upset the factory
    defaults - but you never know. Did not even think of that being wrong. Thanks

    B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    If you are curious look here http://www.mapquest.com/maps/latlong.adp
  11. Archived from groups: microsoft.public.win2000.general (More info?)

    >>> In the last few days I am getting messages from my AVG virus checker
    >>> that
    >>> a
    >>> trojan has arrived. I have The AVG running and a host files which is
    >>> updated
    >>> every week in addition to running Spybot weekly and finally I am also
    >>> connected
    >>> via a D-Link Router.
    >>
    >>Your firewall may be configured incorrectly.
    >>
    > I shall have a go at that. I do not recall doing anything to upset the
    > factory
    > defaults - but you never know. Did not even think of that being wrong.
    > Thanks

    What firewall are you using? Also, you might want to use AdAware because it
    catches some things which Spybot S&D doesn't.

    Andrew
  12. Archived from groups: microsoft.public.win2000.general (More info?)

    lemme throw my $.02 in.... I haven't been on in awhile, but my "slow
    pc/trojan/spyware"
    routine includes the following:

    1) dump the temp and temporary internet files directories
    2) reset the size of the recycle bin and browser cache to mins -- and empty
    them out
    3) reset the swap file settings "appropriately" -- a lot of debate on that,
    so I won't go into detail here
    4) virus scan
    a) new sigs for onboard scanner
    b) housecall.antivirus.com
    c) replace Symantec/Norton with AVG7 (imho)
    5) ad-aware
    6) ccleaner
    7) spybot s&D
    8) reboot
    9) defrag
    10) reboot

    "nesredep egrob" <Long. -31,48.21 Lat. 115,47.40> wrote in message
    news:6v0l91h98lavrmnrpkf7oo9uaof76dm34v@4ax.com...
    > In the last few days I am getting messages from my AVG virus checker that
    a
    > trojan has arrived. I have The AVG running and a host files which is
    updated
    > every week in addition to running Spybot weekly and finally I am also
    connected
    > via a D-Link Router.
    >
    > The amazing thing is that I can deal with something internal which has
    nothing
    > to do with the internet and yet the trojans keep coming. The vault was
    emptied
    > this morning and in 3 hours I have recieved 3 trojans.
    >
    > They arrive in Documents/Borge/Local Settings/temp and there seems to be
    no
    > stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    >
    > Fortunately they can just be emptied out of the vault and that is the
    finish of
    > them but soon enough new ones arrive.
    >
    > B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    > If you are curious look here http://www.mapquest.com/maps/latlong.adp
    >
  13. Archived from groups: microsoft.public.win2000.general (More info?)

    On Thu, 2 Jun 2005 13:08:33 -0600, "j9" <j9@1stamericanproperties.com> wrote:

    >lemme throw my $.02 in.... I haven't been on in awhile, but my "slow
    >pc/trojan/spyware"
    >routine includes the following:
    >
    >1) dump the temp and temporary internet files directories
    >2) reset the size of the recycle bin and browser cache to mins -- and empty
    >them out
    >3) reset the swap file settings "appropriately" -- a lot of debate on that,
    >so I won't go into detail here
    >4) virus scan
    > a) new sigs for onboard scanner
    > b) housecall.antivirus.com
    > c) replace Symantec/Norton with AVG7 (imho)
    >5) ad-aware
    >6) ccleaner
    >7) spybot s&D
    >8) reboot
    >9) defrag
    >10) reboot
    >
    >"nesredep egrob" <Long. -31,48.21 Lat. 115,47.40> wrote in message
    >news:6v0l91h98lavrmnrpkf7oo9uaof76dm34v@4ax.com...
    >> In the last few days I am getting messages from my AVG virus checker that
    >a
    >> trojan has arrived. I have The AVG running and a host files which is
    >updated
    >> every week in addition to running Spybot weekly and finally I am also
    >connected
    >> via a D-Link Router.
    >>
    >> The amazing thing is that I can deal with something internal which has
    >nothing
    >> to do with the internet and yet the trojans keep coming. The vault was
    >emptied
    >> this morning and in 3 hours I have recieved 3 trojans.
    >>
    >> They arrive in Documents/Borge/Local Settings/temp and there seems to be
    >no
    >> stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    >>
    >> Fortunately they can just be emptied out of the vault and that is the
    >finish of
    >> them but soon enough new ones arrive.
    >>
    >> B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    >> If you are curious look here http://www.mapquest.com/maps/latlong.adp
    >>
    >
    I have saved you very good comments in notepad as "Troubleshooter". Last night I
    reset the D-Link as I remembered that I had set it up to deal with eMule at
    speed - to no avail as most of the items there have been fouled up either
    deliberately or with people having lots of trouble on their computers.

    I am hoping that the reset will set the firewall to its usual old self. Like to
    do one thing at a time so I eventually can let people know which one did the
    trick - but thanks.

    B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    If you are curious look here http://www.mapquest.com/maps/latlong.adp
  14. Archived from groups: microsoft.public.win2000.general (More info?)

    On Fri, 03 Jun 2005 09:43:50 +0800, nesredep egrob <Long. -31,48.21 Lat.
    115,47.40> wrote:

    >On Thu, 2 Jun 2005 13:08:33 -0600, "j9" <j9@1stamericanproperties.com> wrote:
    >
    >>lemme throw my $.02 in.... I haven't been on in awhile, but my "slow
    >>pc/trojan/spyware"
    >>routine includes the following:
    >>
    >>1) dump the temp and temporary internet files directories
    >>2) reset the size of the recycle bin and browser cache to mins -- and empty
    >>them out
    >>3) reset the swap file settings "appropriately" -- a lot of debate on that,
    >>so I won't go into detail here
    >>4) virus scan
    >> a) new sigs for onboard scanner
    >> b) housecall.antivirus.com
    >> c) replace Symantec/Norton with AVG7 (imho)
    >>5) ad-aware
    >>6) ccleaner
    >>7) spybot s&D
    >>8) reboot
    >>9) defrag
    >>10) reboot
    >>
    >>"nesredep egrob" <Long. -31,48.21 Lat. 115,47.40> wrote in message
    >>news:6v0l91h98lavrmnrpkf7oo9uaof76dm34v@4ax.com...
    >>> In the last few days I am getting messages from my AVG virus checker that
    >>a
    >>> trojan has arrived. I have The AVG running and a host files which is
    >>updated
    >>> every week in addition to running Spybot weekly and finally I am also
    >>connected
    >>> via a D-Link Router.
    >>>
    >>> The amazing thing is that I can deal with something internal which has
    >>nothing
    >>> to do with the internet and yet the trojans keep coming. The vault was
    >>emptied
    >>> this morning and in 3 hours I have recieved 3 trojans.
    >>>
    >>> They arrive in Documents/Borge/Local Settings/temp and there seems to be
    >>no
    >>> stopping them. The names are today 28537.exe, 15805.exe and 21702.exe.
    >>>
    >>> Fortunately they can just be emptied out of the vault and that is the
    >>finish of
    >>> them but soon enough new ones arrive.
    >>>
    >>> B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    >>> If you are curious look here http://www.mapquest.com/maps/latlong.adp
    >>>
    >>
    >I have saved you very good comments in notepad as "Troubleshooter". Last night I
    >reset the D-Link as I remembered that I had set it up to deal with eMule at
    >speed - to no avail as most of the items there have been fouled up either
    >deliberately or with people having lots of trouble on their computers.
    >
    >I am hoping that the reset will set the firewall to its usual old self. Like to
    >do one thing at a time so I eventually can let people know which one did the
    >trick - but thanks.
    >
    >B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    >If you are curious look here http://www.mapquest.com/maps/latlong.adp

    Maybe too soon to declare victory but so far today there are no entries in the
    trojan vault (AVG).
    I used the reset button on the back of the D-Link to save time. After that all
    you have to do is to follow the directions and a few instructuion in the book.
    As I said one thing at a time and it appears this might have been the answer.
    the pox on trying to get back to eMule except by the slow way, maybe.

    B.Pedersen Latitude -31,48.21 Longitude115,47.40 Time=GMT+8.00
    If you are curious look here http://www.mapquest.com/maps/latlong.adp
Ask a new question

Read More

Windows