Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojanhorse.pushu


  • Please log in to reply
2 replies to this topic

#1 im_no_good_with_computers

im_no_good_with_computers

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 27 June 2007 - 05:58 PM

hi i downloaded a bad call of duty 2 mod and the person who created the mod injected my pc with trojanhorse.pushu, and left a pretty nice message about how cool he was that he hacked me
i know its trojan pushu because i ran a sweep with spysweeper and thats what it got
i belive its in the registry and i tried to find it in regedit
heres the location that the log showed HKLM\system\controlset001\enum\root\legacy_secdrv\ (ID = 2232035)

i went into the legacy_secdrv folder in regedit but i didnt find ID=2232035 or is that not what i should be looking for

the reason why i think its not gone is because it shows up on every spy sweeper sweep even after i quarintine it

what should i do to get rid of it?

i plan on posting a hjt log in the future but im going on vacation for 2 weeks in a day and i was wondering if there were any quicker solutions
thanks for the help

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,095 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:10 PM

Posted 27 June 2007 - 07:53 PM

http://www.sophos.com/virusinfo/analyses/trojpushua.html
Troj/Pushu-A Aliases
Rootkit.Win32.Agent.dp
Win32/Rootkit.Agent.NAZ
--------------------------------------------------------------------------------

Give the AVG Antirootkit a try.
http://free.grisoft.com/doc/39798/lng/us/tpl/v5

AND/Or:
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 im_no_good_with_computers

im_no_good_with_computers
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 27 June 2007 - 08:45 PM

hey thanks alot for the quick help
the avg didnt seem to find any rootkits installed maybe spysweeper did get rid of it
ill do a hjt log after my vacation just to be sure
i hate hackers....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users