Results 1 to 4 of 4

Thread: Trojan Virus

  1. #1
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    Atlanta, GA
    Posts
    220
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Trojan Virus

    I have a trojan virus. It's preventing me from downloading and accessing some web pages.
    The virus name is Trojan NT Root Kit - H.
    I tried using Mcaffee and it said that it "can't be deleted or quarantined.

    Can anyone help?

    Thanks."

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,348
    Thanks
    5
    Thanked 1,015 Times in 890 Posts

    Re: Trojan Virus

    Have checked out the tools mentioned here <!post=Tutorials & Links to Detection & Removal Tools,385669>Tutorials & Links to Detection & Removal Tools<!/post> or <!post=Anti Adware, Spyware, Hijack,296439>Anti Adware<!/post>?

    Joe
    Joe

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trojan Virus

    Try Trojan Hunter at

    TrojanHunter
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Trojan Virus

    Here's what it is:
    A rootkit is an application that allows an intruder to hide malicious activity on a previously compromised machine. Using a rootkit, an attacker can hide processes, files, registry keys and communication channels.
    Hides the attackers actions by changing data structures in the kernel. This rootkit only functions on Windows NT-based operating systems.
    This detection most likely indicates further system compromise. This detection will continue to be triggered even after the offending file is removed.


    I found an interesting disertation by what appears to be the guy who wrote your particular version of this nasty here, containing the following......
    Despite their increasingly sophisticated design, the current crop of Windows root kits are generally not completely undetectable, and Slanret is no exception. Because it relies on a device driver, booting in "safe mode" will disable its cloaking mechanism, rendering its files visible. And in what appears to be an oversight by the kit's author, the device driver "ierk8243.sys" is visible on the list of installed drivers under Windows 2000 and XP, according to Symantec Security Response (SecurityFocus is owned by Symantec). McAfee reports that a running service named "Virtual Memory Manager" with a blank description field is visible on a compromised host. And, of course, there are reports that the root kit sometimes crashes servers.

    You might also want to read the information at http://www.giac.org/practical/GSEC/A...ydosh_GSEC.pdf] http://staff.washington.edu/dittrich...s/rootkits.faq or the article by your author A *REAL* NT Rootkit, patching the NT Kernel.

    It appears that this will require some work to remove, but that it can be detected and removed. Has your homepage been hijacked ??? If so you might be looking at a go-round with HijackThis and the nice folks at Tom Coyote Forums. Actually, with this one, I think you'll end up there anyway. Good luck. HTH.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •