Trojan Help

[Mike]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Greetings! Last weekend I visited a web site that installed a Trojan
on my system. I am not really sure how seeing how I run Norton's AV
and Firewall but after visiting that site I started getting notices
from Start Up Monitor that certain .DLL's were trying to register
themselves during startup. I then ran Spy Bot Search and Destroy,
Ad-aware, and Webroot's Spy Sweeper finding several ad-ware types that
Norton's (updated) has missed and a Trojan that I then deleted. I
also found that some files were trying to access the Internet without
permission. It seems my Norton's Firewall and AV have been
compromised. I have since stopped using IE and have only been using
Firefox for browsing but I am still getting alerts that my computer is
trying to access the Internet without my permission. I assume I have
a Trojan again. Question is how do I get rid of it? I can delete
traces of it by finding files that it creates but how do I find the
actual file that is causing my problems? I have run Hijackthis and
found a few items that I delete, but after a reboot most show up
again. I have run Norton's many times in Safe Mode. Any ideas?
Thanks.

I am running WinXP SP2 on a Dimension 8400. I have Norton's Internet
Security, Zone Alarm, and Spy Sweeper running on startup. I also
downloaded Port Explorer which allows me to see when my computer tries
to dial home. Any information would be appreciated!

Mike

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Mike <Mike@home.com> wrote:
>Greetings! Last weekend I visited a web site that installed a Trojan
>on my system [That I can't find and/or get rid of].

I'd also try McAfee, AVG, and/or other antivirus programs, and I've
found Microsoft's AntiSpyware can find (and protect against) problems
that other products can't.

There are no easy answers, nor is any one product perfect...

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Mike wrote:

> Greetings! Last weekend I visited a web site that installed a Trojan
> on my system. I am not really sure how seeing how I run Norton's AV
> and Firewall but after visiting that site I started getting notices
> from Start Up Monitor that certain .DLL's were trying to register
> themselves during startup. I then ran Spy Bot Search and Destroy,
> Ad-aware, and Webroot's Spy Sweeper finding several ad-ware types that
> Norton's (updated) has missed and a Trojan that I then deleted. I
> also found that some files were trying to access the Internet without
> permission. It seems my Norton's Firewall and AV have been
> compromised. I have since stopped using IE and have only been using
> Firefox for browsing but I am still getting alerts that my computer is
> trying to access the Internet without my permission. I assume I have
> a Trojan again. Question is how do I get rid of it? I can delete
> traces of it by finding files that it creates but how do I find the
> actual file that is causing my problems? I have run Hijackthis and
> found a few items that I delete, but after a reboot most show up
> again. I have run Norton's many times in Safe Mode. Any ideas?
> Thanks.
>
> I am running WinXP SP2 on a Dimension 8400. I have Norton's Internet
> Security, Zone Alarm, and Spy Sweeper running on startup. I also
> downloaded Port Explorer which allows me to see when my computer tries
> to dial home. Any information would be appreciated!
>
> Mike

Take a very hard look at the entire contents of the computer,
especially any helper files that might have been downloaded
and installed, especially from ISP's to facilitate access to
the Internet. Worst case example of this is, IMHO, AOL, but
many other ISP's are degrading to a similar state. Minimize
access to a minimal state, such as original versions of web
browsers, set up connections via the Control Panel and not
through the assistance of ISP-provided cdroms, etc. Most of
the time, what's left after running several anti-virus scans,
anti-trojan scans, adware/malware/spyware shredding, etc.,
are these "bots", helper or not, trying to re-establish their
contact.

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Mike wrote:

[snippage]

You have learned the hard way. Buy a NAT router with integrated
firewall, even if yours is the only computer on the network. This will
take care of almost all subversive attacks.

*After* you do this, reinstall the OS.

Q

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Disable System Restore, run all your malware software, updating them as
required, and when the system is finally clean, enable System Restore. When
you disable SR you will lose all the restore points and everything in them.
These pieces of uninvited software can, and often do, hide a copy of
themselves in System Restore. You can run scanners until you are blue in
the face, but if you don't eliminate the potential hiding place of System
Restore, it won't do you any good.

"Mike" <Mike@home.com> wrote in message
news:9c1rb1des2o91i9jts0g8hjb43s3v8g463@4ax.com...
> Greetings! Last weekend I visited a web site that installed a Trojan
> on my system. I am not really sure how seeing how I run Norton's AV
> and Firewall but after visiting that site I started getting notices
> from Start Up Monitor that certain .DLL's were trying to register
> themselves during startup. I then ran Spy Bot Search and Destroy,
> Ad-aware, and Webroot's Spy Sweeper finding several ad-ware types that
> Norton's (updated) has missed and a Trojan that I then deleted. I
> also found that some files were trying to access the Internet without
> permission. It seems my Norton's Firewall and AV have been
> compromised. I have since stopped using IE and have only been using
> Firefox for browsing but I am still getting alerts that my computer is
> trying to access the Internet without my permission. I assume I have
> a Trojan again. Question is how do I get rid of it? I can delete
> traces of it by finding files that it creates but how do I find the
> actual file that is causing my problems? I have run Hijackthis and
> found a few items that I delete, but after a reboot most show up
> again. I have run Norton's many times in Safe Mode. Any ideas?
> Thanks.
>
> I am running WinXP SP2 on a Dimension 8400. I have Norton's Internet
> Security, Zone Alarm, and Spy Sweeper running on startup. I also
> downloaded Port Explorer which allows me to see when my computer tries
> to dial home. Any information would be appreciated!
>
> Mike

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

> You have learned the hard way. Buy a NAT router with integrated
> firewall, even if yours is the only computer on the network. This will
> take care of almost all subversive attacks.
> *After* you do this, reinstall the OS.

I disagree. A firewall will block incoming port attacks, but will do
nothing to prevent malware included as part of a software package, or a
hack introduced by use of internet exploder.

If you reinstall the OS, you`ll likely have an even more unsecured system
until you manage to download all the patches again.

--
Please add "[newsgroup]" in the subject of any personal replies via email
--- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"Kevin" <webman6@hotmail.com> wrote in message
news:Qyove.46$5J6.13207@news.uswest.net...
> Disable System Restore, run all your malware software, updating them as
> required, and when the system is finally clean, enable System Restore.
> When you disable SR you will lose all the restore points and everything in
> them. These pieces of uninvited software can, and often do, hide a copy of
> themselves in System Restore. You can run scanners until you are blue in
> the face, but if you don't eliminate the potential hiding place of System
> Restore, it won't do you any good.
>



Good advice. And for funsies, do all of that in safe mode.

Most trojans I come across are no more than annoyance to remove and system
restore should always be included.

Sadly, all the (good) advice of programs and methods of locking any given
system down will only work to the degree the end user allows it. If someone
in a household is 'click happy', indiscrete with downloads and/or file
transfers they will likely have a dirty system again in a matter of weeks.

The real-time protection that (Giant) MS anti-spyware provides is some small
help in at least warning the user of normally invisible 'invasions'.


Stew

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

The only trouble I have with Trojans, is trying to find one big enough!!

;\)

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

guess,
Well Trojan makes some rather large yachts but that's a different
group.
Paul


guess wrote:
> The only trouble I have with Trojans, is trying to find one big enough!!
>
> ;\)
>
>
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

I just had a bad run in with a trojan on a system running WindowsXP SP1 and
Norton Internet Security 2005. It seemed to be so inundated
that I decided to format and reload WindowsXP from scratch. I booted to the
Windows CD, removed the partitions and did a Quick Format. Once loaded I
started to redownload/install the Windows Updates. By the time I finished
with the updates (except SP2) it was again inundated. Then I took another
approach which seems to have worked. First I pulled the DSL cable out. Then
ran Windows98 FDISK to remove partitions. The I booted to the Windows CD and
did a FULL Format of the drive. I loaded WindowsXP and needed drivers. I
then Loaded Norton Internet Security and had it running but not updated.
Then and only then did I plug in the DSL. The first thing I did was update
Norton-which took several reboots. I then ran a Full system Scan with
Norton. Then and only then did I install the Windows updates. Once all the
updates were in (except SP2) I installed and Ran AdAware, Spybot, Spyware
blaster and HiJack this. Then I installed SP2 from a CD and its needed
updates.

The system seems clean and Ok with no trojans, viruses or popups.


"Mike" <Mike@home.com> wrote in message
news:9c1rb1des2o91i9jts0g8hjb43s3v8g463@4ax.com...
> Greetings! Last weekend I visited a web site that installed a Trojan
> on my system. I am not really sure how seeing how I run Norton's AV
> and Firewall but after visiting that site I started getting notices
> from Start Up Monitor that certain .DLL's were trying to register
> themselves during startup. I then ran Spy Bot Search and Destroy,
> Ad-aware, and Webroot's Spy Sweeper finding several ad-ware types that
> Norton's (updated) has missed and a Trojan that I then deleted. I
> also found that some files were trying to access the Internet without
> permission. It seems my Norton's Firewall and AV have been
> compromised. I have since stopped using IE and have only been using
> Firefox for browsing but I am still getting alerts that my computer is
> trying to access the Internet without my permission. I assume I have
> a Trojan again. Question is how do I get rid of it? I can delete
> traces of it by finding files that it creates but how do I find the
> actual file that is causing my problems? I have run Hijackthis and
> found a few items that I delete, but after a reboot most show up
> again. I have run Norton's many times in Safe Mode. Any ideas?
> Thanks.
>
> I am running WinXP SP2 on a Dimension 8400. I have Norton's Internet
> Security, Zone Alarm, and Spy Sweeper running on startup. I also
> downloaded Port Explorer which allows me to see when my computer tries
> to dial home. Any information would be appreciated!
>
> Mike

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"Jeff B" <JBlank@warwick.net> wrote:
>started to redownload/install the Windows Updates. By the time I finished
>with the updates (except SP2) it was again inundated.

This is another argument for a hardware firewall (NAT router), even if
have only one computer. IIRC, the average lifespan of an unprotected
computer hanging out on the Internet is about 20 minutes...

While there may be some value for power users (and those who can parse
the queries) in a software firewall that'll warn you about outgoing
connections, a hardware firewall is a minimum requirement, IMHO.

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

So, to have a complete analogy, a hardware firewall is a kind of a Trojan that
one uses to cut down the risk of disease and infections from unprotected
internet access. But a Trojan to protect against Trojans? I never heard of
such a thing.

Seriously, yes, a hardware router with network address translation (NAT) is a
good thing... Ben Myers

On Mon, 27 Jun 2005 07:09:12 -0400, William P. N. Smith wrote:

>"Jeff B" <JBlank@warwick.net> wrote:
>>started to redownload/install the Windows Updates. By the time I finished
>>with the updates (except SP2) it was again inundated.
>
>This is another argument for a hardware firewall (NAT router), even if
>have only one computer. IIRC, the average lifespan of an unprotected
>computer hanging out on the Internet is about 20 minutes...
>
>While there may be some value for power users (and those who can parse
>the queries) in a software firewall that'll warn you about outgoing
>connections, a hardware firewall is a minimum requirement, IMHO.
>