Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Infection?


  • Please log in to reply
7 replies to this topic

#1 lsj0302

lsj0302

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 23 July 2005 - 09:13 AM

I am running Windows XP. I use AVG Anti-virus and a scan is sceduled every day.

I was reviewing the results and noticed some odd files that are showing up in the scan and being deleted. They are as follows:

July 14 and 15 - Trojan Horse BackDoor.Generic.Geu
July 16, 17, 18, 19 No problems reported
July 20 - Trojan Horse IRC/BackDoor.SdBot.194.BJ and
Trojan Horse IRC/BackDoor.ScBot.193.AQ
July 21 - Trojan Horse IRC/BackDoor.ScBot.193BQ
July 22 - No problems reported
July 23 - Trojan Horse Generic.GM


It seems there is some type of problem going on, but I cannot find out any details about this and would appreciate any help in clearing up.

Thank you very much.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:56 AM

Posted 23 July 2005 - 12:59 PM

If they're being caught, and deleted, then AVG is doing it's job.
Are you having any problems?
Where are the infections, being detected, located at?
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:56 AM

Posted 23 July 2005 - 01:10 PM

Do you have a firewall? What protection do you have?

Edited by Leurgy, 23 July 2005 - 01:11 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#4 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 23 July 2005 - 09:55 PM

I have Zone Alarm for a firewall. Also use Spyblaster.

Regarding where the error shows up, when I look at the detail of the daily scan done by AVG, the item(s) that are showing up are always in the
C;\System Volume Information\restore{numbers}. (The "numbers" are a very long string--I could copy them here if they would help).

Thank you.

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:56 AM

Posted 24 July 2005 - 04:09 AM

Thats the XP System Restore. Go to Start>My Computer and right click and go to properties. Find System Restore and uncheck it. Ok out and recheck it, That will delete your infected Restore Points and create a new (hopefully clean) one.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 24 July 2005 - 10:18 AM

I tried that and will see what happens when then scan happens tonight.

Thank you.

#7 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 27 July 2005 - 05:43 AM

It looks like the infection is now gone. Thank you everyone for your help.

#8 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:56 AM

Posted 27 July 2005 - 05:50 AM

Glad we were able to help. Thanks for posting back and letting us know the outcome.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users