Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lockx.exe (trogan)


  • Please log in to reply
3 replies to this topic

#1 hitori

hitori

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 19 October 2005 - 07:44 AM

//Mod edit: Moved from Windows XP/NT/2000/2003 forum to the more appropriate.

I got an IM from a friend yesterday with a link to what sounded like a picture. When I tried to open it, it was a program, and I thought it seemed weird for her to be sending me a program. I opened it anyway, because I trust her, but then she wasn't saying anything, and my firewall shut down, so the whole thing seemed much more sketchy to me. I disconnected the internet and did two virus scans. The first caught some Trogons, the second came up with nothing. She later told me it was a virus, and I was the only one who opened it because it was going around her campus and everyone else knew. Fantastic. -.-

So I thought I'd gotten rid of it. This morning I started my computer, and the program prompted me to open it again, and my firewall shut off, again. I left the thing open, and tried to track it down. Says it's opening from C:\WINDOWS\system32

So I went to that folder, and searched around to delete this thing. I didn't find it. I searched "all files and folders". Didn't find anything suggesting the file existed. But the file says it's opening from there. Apparently my virus protection software didn't get it. (I use AVG free version) How do I attack this thing and get it out of m computer?

Edited by KoanYorel, 19 October 2005 - 09:40 AM.


BC AdBot (Login to Remove)

 


#2 hitori

hitori
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 19 October 2005 - 08:00 AM

I went to this URL:

http://www.jayloden.com/aimfix.htm

You can run a program there to fight AIM viruses. This is one of them. It only said it “quarantined” the virus, I thought it would have to “delete” it after, or “cure” it, or whatever these things do, but we’ll see how it goes now. Still, tell me anything you can, or any way you know it might’ve survived this, or if it’s still in my computer. Thanks.

#3 hitori

hitori
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 19 October 2005 - 08:13 AM

The annoying toolbar it added to my computer still won't go away (HOT Ringtones, Online Dating, Online Casinos...) and I keep getting pop-ups for Adult Friend Finder. -.- I already have an adult friend. We are very happy. Ecstatic.

So this toolbar, it comes up when I open a new explorer window (but not firefox, which appears to load 1,000 times slower than IE, so I'm sticking with IE.) I can make it go away By turning on or off another toolbar, but when I open a new window it's still there in that window, and I have to fix it manually every time.

Also, something, since the virus, is adding something to my favorites list. Like an IE icon, but with no name or text, just a blank space, and I'm not going to check where it goes, I just delete it. That only happens on start up. Once I delete it, it's gone until I shut down or restart.

#4 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 19 October 2005 - 10:09 AM

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

If you can't get into safe mode download the following - Ultimate Boot CD however you will need to update the definitions on the disk see here how to do that. Alternatively download a archive version of Public AntiVirus again this will need updating but full instructions are here.

If you want a smaller download look here for instructions on how to create your own boot CD.

Also try installing and running A2 Free and Ewido

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users