Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Of A New Breed? How Do I Fix This?


  • Please log in to reply
5 replies to this topic

#1 BoneDigger

BoneDigger

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 15 August 2006 - 12:39 AM

I am running Windows 2000 on a Dell latitude laptop. I was recently infected with a Trojan Horse Virus. I tried Norton virus scan and it gets halfway through the scan then says "Scan aborted by user" and stops. Ad-Aware is really slow and finds a couple of issues, but it can't fix them. I tried to run Hijackthis and it won't allow me to click the "scan" button. When I click scan it just sits there and does nothing. Every 5-10 minues or so my antivirus flashes this message:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan Horse
File: C:\WINNT\system32\{D69D1FC6-693C-423D-ACF6-DBA09A979993}.exe
Location: Quarantine
Computer: SP-TMCMAKIN2KLT
User: tmcmakin
Action taken: Quarantine succeeded : Access denied
Date found: Tuesday, August 15, 2006 12:14:14 AM

Any ideas what this THING is on my computer?

Todd

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:11 AM

Posted 15 August 2006 - 01:18 AM

Boot into Safe Mode With Networking. Ru your Antivirus and antispyware programs in Safe Mode. The Networking wll allow you to upgrade them in Safe Mode.
"2007 & 2008 Windows Shell/User Award"

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:11 AM

Posted 15 August 2006 - 05:28 AM

I don't think acklan's instructuctions are going to work.
You have a Wareout rootkit infection, it needs special instructions to remove.
I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review.
I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 15 August 2006 - 12:25 PM

Yeah, we don't usually recommend trying to remove malware in safe mode with networking since some malware now runs in safe mode and can cause preoblems if you're connected. You should try updating your security software in normal mode first and if successful run the scans in safe without networking. Of course, if you can't update in normal mode, go ahead and try safe mode with networking, assuming you're not on dialup.

But as David said, automatic scanners have a hard time with certain infections and don't always fex everything, so go thru the steps in the Prep guide so we can get a look at a HJT log. If you still have a problem getting HijackThis to open, post back here to let us know. Something you can try first is to rename HijackThis and try again. Something off the wall that the malware looking for it won't expect. Like booyah.exe.

If you are successful in getting a log, be sure to post it in the HJT logs forum, not here.

The thing about people

is they change

when they walk away.--Mipso


#5 BoneDigger

BoneDigger
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 16 August 2006 - 12:04 AM

Thanks guys. I posted a hijackthis log on the other forum. I appreciate any help!

Todd

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:11 AM

Posted 16 August 2006 - 03:52 AM

Ok, I've picked up your log.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users