Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

F-secure Has Detected Trojans


  • Please log in to reply
2 replies to this topic

#1 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:05:04 PM

Posted 29 March 2006 - 06:30 PM

F-secure online scan has detected the following. Any recommendation for removal..

C:\Program Files\Aprps\ProxyStub.dll Trojan.Win32.Crypt.t
C:\Program Files\Aprps\pstub0\proxystub.dll Trojan.Win32.Crypt.t
C:\WINDOWS\svcproc.exe Trojan.Win32.Stervis.q
"2007 & 2008 Windows Shell/User Award"

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:04 PM

Posted 30 March 2006 - 08:23 AM

As you can see from the F-Secure Spyware Information Pages, Apropos can be difficult to detect and remove. Usually nothing is visible in normal mode or a HJT log. If the rootkit is present, files and registry entries are hidden by a kernel-level driver the rootkit installs.

Sometimes there will be an uninstall entry in Add/Remove Programs for ContextPlus. However you may need to run a scan with Root Kit Revealer or Blacklight to find all the related hidden files and get help with determining what files are bad.

If Apropos is present, it can be identified and removed using AproposFix in Safe Mode. This fix tool utilizes a batch file which creates a log.txt file in the folder it is run in. It would be better doing this in the HJT forum where the team can see a hjt log and logs from these other tools for a closer examination of what's present in your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 acklan

acklan

    Bleepin' cat's meow

  • Topic Starter

  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:05:04 PM

Posted 30 March 2006 - 08:56 AM

Thanks QM. Actually I ran Ewido and I think some how it removed it. I am rerunning all the scans now. I'll get back with you in about 6 hours, and let you know the progress.
"2007 & 2008 Windows Shell/User Award"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users