Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • Please log in to reply
8 replies to this topic

#1 Jtheisen

Jtheisen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 June 2005 - 11:25 AM

Hello,
I keep getting a message from Norton that a trojan horse has been found and that it is unable to delete the infected file.

where do I start???

JT

BC AdBot (Login to Remove)

 


#2 pchartwell

pchartwell

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 24 June 2005 - 11:37 AM

What named is the file and/or the trojan type?

Check Norton's Quarantine... is the file in there? Even if you can't delete it that's usually good enough for me. But if you're getting repeated notices of the same file/trojan being infected then obviously that a potential problem.

#3 Jtheisen

Jtheisen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 June 2005 - 11:46 AM

I think it is called uhorji???

#4 Jtheisen

Jtheisen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 June 2005 - 11:48 AM

Here it is C:\WINDOWS|KB890175.log:uhorji

#5 pchartwell

pchartwell

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 24 June 2005 - 12:11 PM

what's the status of Norton's quarantine?

I get nothing regarding that name. And the KB890175 is a particular hotfix for Windows 2000; is that what you're running?

#6 Jtheisen

Jtheisen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 June 2005 - 12:23 PM

No, running xp professional. Norton has 15 files in quarantine.

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:13 PM

Posted 24 June 2005 - 12:52 PM

Try downloading, updating and running the following (in safe mode where you can):

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

AdAware: http://www.lavasoftusa.com/software/adaware/
Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Spybot S&D: http://www.safer-networking.org/en/index.html
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

AČ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

CWShredder from InterMute
CW Shredder removes some variants of spyware known as the Coolwebsearch Trojan. The Trojan takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites. Run CWShredder after installing, and have it look for updates. Then click the "Fix" button, and the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.
Cost: Free
http://www.intermute.com/spysubtract/cwshr...r_download.html

If none of the above cures your problem I suggest you post a HijackThis log for assistance with your problem.

Read the pinned post in the HijackThis forum, here
Carefully read and follow all directions exactly.

Run a log, and post it in the HJT forum, at this link.

Do not attempt to fix anything, yet.

A member, of the HJT Team, will examine the log and offer assistance.

Please be patient. It may take a while to get a response because the members of the HJT Team are very busy.

Please, be patient, this team is manned by volunteers. They will help you as soon as possible.

NOTE
Once you have made the post, pleaseDO NOT make another post in the HJT forum, until your original post has been answered by a member of the HJT Team.

The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, it will show 1 reply.
A team member, looking to see if a reply has been made might assume someone is already assisting you and will not respond.

So, just make your post and wait for a response until a team member responds.

Edited by Enthusiast, 24 June 2005 - 12:53 PM.


#8 pchartwell

pchartwell

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 24 June 2005 - 12:58 PM

Take Enthusiast's advice by all means.

But go back into Norton and the quarantine, select all of the files listed there and use the "X" delete function and see if that can delete it for you. (the file in question is or isn't listed there?)

#9 Jtheisen

Jtheisen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 June 2005 - 01:49 PM

OK Deleted files in Norton Quarantine. The ones listed are not the 3 I keep getting notices about.

I posted a hijack log.

we'll see

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users