Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anyone Knows How To...


  • Please log in to reply
3 replies to this topic

#1 LLM

LLM

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 November 2005 - 07:52 AM

Hi, I got Windows XP pro, and got infected with Win32.SecDrop.IY . I am using eTrust Antivirus 7.1 with the latest signature (VET engine). When I run the AV, it comes back with the message that I am infected with Win32.efewe (also a trojan) but it is isolated and by rebooting will be solved.
As soon as I connect to the internet, Secdrop.IY is detected and gets isolated by the AV.
I have encountered some suggestions in the forum how to deal with secdrop, but they involve downloading smitRem, ewido, lavasoft and finally panda... which creates the catch 22 situation, as soon as I start trying to download something, the account gets disable!!!! (at this point, I am not sure whether it gets disable by the OS or the AV, but gets disable), then I reboot, and the process starts again!!
Any suggestions how to overcome the disabling account issue?
Or alternatives on how to cure Secdrop and/or efewe?
Any help is appreciated!!!
Cheers,
LLM

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 16 November 2005 - 08:11 AM

Go to a friends house and download any of the programs listed, that way you'll be able to run them without running into problems.

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

Edited by stidyup, 16 November 2005 - 08:26 AM.


#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:47 AM

Posted 16 November 2005 - 08:29 AM

Do you have access to another computer (second computer, friends computer, ....) that you can download the files to, then copy to a disk for transfer to your infected computer?
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 LLM

LLM
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 November 2005 - 09:34 AM

Do you have access to another computer (second computer, friends computer, ....) that you can download the files to, then copy to a disk for transfer to your infected computer?


Thanks guys! I appreciate the advise... If you think this is the only way of getting around the problem... I will try tomorrow and let you know... Cheers,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users