Results 1 to 11 of 11
  1. #1
    New Lounger
    Join Date
    Feb 2007
    Location
    chandigarh
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    trojan horse backdoor

    hi
    for last one week i am trying to remove trojan horse backdoor.agent.LTR ..it has infected this file ... c:windowssystem32driversfdwmayz.sys ... i use AVG 7.5.516 version ..it has quarantined this file for me..but i cant repair it or heal it....if i delete the file then the flle comes back again and avg quarantines it again... my firewall is Zonealarm 7.0.462 ..so i am stuck ..can anyone give some suggestions how to get rid of that trojan horse..i searched in google for it found 4 results 1 was in chinese and other 3 did not help much .

  2. #2
    3 Star Lounger
    Join Date
    Feb 2003
    Location
    England
    Posts
    378
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    I would wait for more informed loungers than me to answer but....I seem to remember having trouble getting rid of a nastie and the solution was to clear all the restore points in windows restore and then run your anti virus again. What about the AVG forums? might be worth asking for advice there.

  3. #3
    3 Star Lounger
    Join Date
    Dec 2000
    Location
    La Verne, California, USA
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    If you have SYSTEM RESTORE ACTIVE, I'd turn it off, remove the virus, and turn it back on later.

  4. #4
    New Lounger
    Join Date
    Feb 2007
    Location
    chandigarh
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    i always keep windows system restore disabled..when i had installed win xp 6 months back..i had disabled system restore ...i even disabled it from services back then ...so i don't have any restore point...i will look in the avg forums also

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: trojan horse backdoor

    If a file keeps re-appearing, you should suspect that an undetected program keeps "dropping" the trojan after it is removed. Or, depending on how it spreads, a web site you visit regularly (or chat or P2P file sharing software) may be dropping the trojan. Try some other clean-up tools to detect and remove any malware. And shut down all nonessential programs that start up with Windows and Internet Explorer to try to arrive at a stable configuration where the trojan does not reappear.

    Trend Micro HouseCall - Free Online Virus and Spyware Scan

    AutoRuns for Windows 9.12

  6. #6
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: trojan horse backdoor

    Another well thought of and recommended program is SPYBOT S&D
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  7. #7
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    Hi, unfortunately I can't offer help with the problem of removing the trojan but I strongly recommend getting some kind of disc imaging system. Eg Acronis True Image 8 may now be available free. Personally, I just don't think it is worth the time and anxiety trying to remove a Trojan. Rootkits are so horrendous these days one can never be completely sure of having got rid of one. A better approach, in my opinion, is to install the operating system with programs from scratch and then make an image as a fail safe. I make a back-up image of my system every month. At the first sign of a problem I just go back to a known clean image. This approach does mean having a partition and putting your data on another drive. The images can be stored on the data partition - or for added security on a removable hard disc that is usually not connected to the system.

    Best wishes,

    Chris (Hunt)

  8. #8
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    Since I sometimes comment on issues related to SR (here in the Lounge) I could maybe be seen as its advocate, but I have not used it so many times and see it as one of several layers of protection (in broad sense) in Windows XP. However one should know its do's and don'ts.

    As Jefferson says (and puts it very well); if a file (or anything) keeps re-appearing something, yet not detected and removed, is responsible for putting it there. In this case it isn't SR.

    It has been mentioned so many times on the webb that you should disable SR in the process of cleaning out viruses and other malware, that it is almost on the standard list of tasks to do, but very few think about the consequences or why it should or shouldn't be done during the cleaning process.

    The reason SR is mentioned, obviously (for those who knows what SR is), is that if you don't remove old restore points (RP) you could maybe get re-infected in the future when using SR to go back in time to an earlier RP. But until the time you chose to use SR, there is no risk to get re-infected (via SR).

    In a, sometimes, complicated cleaning process it is possible that something goes wrong and the situation is worse than when you started to clean the PC. Given this possibility, it is obvious why one should wait with purging old RP's. You could then use SR in the cleaning process and go back to where you started. But when the PC is clean (confirmed by different types of programs) it is a good time to start fresh, by removing old RP's (turn off and turn on SR, and maybe adjust settings; size & what drive to monitor).

    Then of course one has to have a little knowledge about what the AV reports as a virus etc. If at last in the process it only reports a virus in the RP area, purging the RP's can be seen as the last step, since some AV programs have problems with working in that area.

    The recommendation to leave SR and its RP's in place until the PC is clean has been mentioned by some, most known maybe MS-MVP Bert Kinney, who probably knows most about SR of any outside MSFT.

    He has a site about SR, which also mention a little about virus and spyware removal programs: http://bertk.mvps.org/html/spyware.html The page also links to an IE community article by MS-MVP Sandi Hardmeier about getting rid of spyware.
    He also participates In the AUMHA FORUMS, which mention the above about SR in a thread: Purging old System Restore points

    Jefferosn an Bob have mentioned some good programs, since it could be needed to broaden the approach beyond AV programs.

  9. #9
    New Lounger
    Join Date
    Feb 2007
    Location
    chandigarh
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse backdoor

    ok ..i use spybot search and destroy also....i did a scan with it and found nothing...then i went to the free avg forums ....searched there for the trojan horse ..did not find it there..then i did a free online scan of my full system from ---http://housecall.trendmicro.com/ ...it detected some windows updates i needed to do rest it did not find anything...as i mentioned earlier i dont use windows system restore ..and i had disabled the serive from services.msc 6 months back and its off in my computer also from the beginning. Right now the trojan is quarantined by avg ...i have a software called hijackthis ...but i dont know how to use it .i use Process xp ..to see the process which are running all the time ..all of them looked the regular ones although i am not a expert in that . i have a 157 GB hdd ...3 partitions... c ,d ,e ...i have never made a image of the system ..but to make the image the system should be clean ..so if i could somehow get rid of the trojan ..then i could probably make the image also .

  10. #10
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: trojan horse backdoor

    Get your HijackThis Tutorial do a scan & post your log in their forum. I'm afraid you will be needing their help with this thing.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  11. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: trojan horse backdoor

    The purpose of using AutoRuns is to determine the programs and services that start up with Windows and with IE. Because such programs might do their dirty work and quickly exit, you may not see them running in Process Explorer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •