Results 1 to 15 of 15

Thread: Trojan problems

  1. #1
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Trojan problems

    Daughter's laptop - grrrrrr! No SP2 on it..... She does have AVG and she kept that updated but somehow she managed to get a few trojans which apparently AVG did catch. She didn't note what they were but deleted them and rebooted as instructed. Then she began the eternal loop of reboot. She was able to reboot in safe mode, do another virus scan and didn't find anything but still she couldn't start her laptop in regular mode. So I ended up with the laptop.

    After messing about for more time than I care to admit, I finally decided to do a windows restore which resolve the rebooting problem. I've checked out verious trojans, Backdoor.Lastdoor, Trojan.Startpage plus Blaster. Nothing seems apparent in the different registry entries that are mentioned on these infection's pages (Symantec). I've checked the host file and it only has the 127.0.0.1 local host in it.

    So now I am experimenting with an evaluation copy of Trojan Hunter. It has found four more entries that it did quarantine. Is this a pretty thorough application or is there a better one for sorting out trojans?

    I also know I need to load SP2 but I didn't want to do that before I managed to get this laptop reasonably cleaned up simply because I don't have a slipstream disk of her Win XP install disk. I can still run SFC or Recovery Console etc. with the way the laptop is set up currently. I'm not sure what my capabilities would be if I advance the system to SP2 while trying to recover from this mess.

    So any thoughts about this problem would be appreciated. Plan of action from this point, what steps seem logical to take - whatever anyone wants to offer by way of help will be appreciated!
    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Trojan problems

    Look at Tutorials & Links to Detection & Removal Tools to see more tools to run. You should definitely get the system cleaned up before installing SP-2. BTW, are you saying that after a windows restore (restore from what - a backup image, a system restore??) it still had these issues?

    Joe
    Joe

  3. #3
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    Hi Joe,

    I wasn't very clear was I <img src=/S/doh.gif border=0 alt=doh width=15 height=15> but what I meant is that I did a Windows Repair using the Win XP Pro CD because I was hoping to retain her current data, etc. (which I have downloaded to a safe place, just in case of a complete disaster.)

    But yes, I still seem to be having problems. At the moment, it has decided that it won't allow me to run .exe programs in regular mode but I can do what I want in safe mode. So there is still something on it someplace. I did also decide to plop $$ down on the Trojan Hunter software to see if it would help clean up the mess. It hasn't discovered anything else active which seems strange since there is still something amiss.

    Things were fine until I went back online so there is something not right yet. I did update the AVG virus detection and it didn't find a thing but it is telling me that kernal32.dll, user.dll, shell32.dll and ntoskrnl.exe have been changed. Is that because I did a repair on Windows or is that a sign of something else? I forgot about the Tutorial - I'll check it out - I should say too that I had already run Spybot and it found a number of items to be disposed of.

    So it seems like I've gotten bits and pieces but not all of it.

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Trojan problems

    > Things were fine until I went back online

    Yes, there are some programs that keep very quiet until they find a network connection, at which point they take over 99% of your CPU and spew like crazy. If possible, download the anti-spyware programs of your choice on another PC, copy them to a CD or USB stick and install them on the troubled computer while keeping it off the internet. You also could use Process Explorer or another program that provides insight into running processes to see whether you can identify any unknown programs that might be causing the problem.

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Trojan problems

    As Jefferson said, you need to get the other anti-malware programs on that PC and run them. IMO, you are rapidly reaching the point where you should seriously consider a reload from scratch. As painful as that is consider the time you've already spent and the additional time you'll spend. You may find it is just less frustrating and less time consuming to 'bite the bullet'.

    Joe
    Joe

  6. #6
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    I had a look at things starting with "Autoruns" and the only weird item is Khooker but it seems to be part of the SIS Adapter suite of things for the monitor. I don't think it would help to try another scanner. That was the main reason I downloaded Trojan Hunter and brought it up to date. And as you guessed, when I tried to do anything "on line" whatever the troublemaker is - it wouldn't allow me to do this. I have "groan" weary <img src=/S/smile.gif border=0 alt=smile width=15 height=15> of this mess!

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> for your thoughts about it however.


    "Peace begins with a smile. "-- Mother Teresa

  7. #7
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    Yes, very tiresome dealing with this messy laptop. With "the kid's permission" (when she shows up), I do believe I am going to follow your advice and just begin fresh and new. I am hoping I have everything saved that needs to be and I am also hoping that I have the proper drivers for this laptop. I have only ever formatted one other laptop and that was in the school setting where I had lots of helpful utilities to use. A home user doesn't have the tools to make this job very easy IMHO. The "bullet will be bitten" either later this weekend or not until early next week.

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> ......and now it is time for <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48> <img src=/S/grin.gif border=0 alt=grin width=15 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  8. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Trojan problems

    You should be able to download the drivers you need from the original vendor. Just burn them to a CD and you'll have them for the install.

    Joe
    Joe

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Trojan problems

    > I don't think it would help to try another scanner.

    Maybe not, but the reason I suggested trying anti-spyware was that many trojans have the purpose of loading a computer up with as much adware and spyware as possible, because unlike virus writers, adware writers will pay to get their stuff installed. Not all AV packges include anti-spyware.

  10. #10
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    Do you mean like Spybot and Ad-aware? I did run those two. Did you have another in mind that would work and do what you are suggesting? I probably won't format the laptop until sometime next week so I still have time to "play". "The kid" wants to be sure that I have saved a couple of very important files that she needs so she'll be stopping by to double check before I go forward with the project. <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> for your interest in this mess of mine. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  11. #11
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    I might be in luck! "The kid" says that she thinks there is a utility disk with drivers on it 'somewhere' in her files! I have my <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16> that she finds it. <img src=/S/grin.gif border=0 alt=grin width=15 height=15> Otherwise, I'll see if I can figure out who the vendor is. The laptop has the lettering "ECS" on the lid - Model No Green731.....not sure what it could be! It was purchased from a local Vendor so if all else fails, perhaps we can enlist his help again. <img src=/S/yep.gif border=0 alt=yep width=15 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  12. #12
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Trojan problems

    Hi Skitter !!

    Sorry to hear about your troubles. <img src=/S/sorry.gif border=0 alt=sorry width=15 height=15> Before you go to a whole lot more trouble, take a look here and get yourself a <img src=/S/free.gif border=0 alt=free width=30 height=15> scan. Spysweeper is one of the best, if not the best, tools on the market today. It might just clean house for you and give you back control of your system. <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  13. #13
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    Hi Doc

    I don't know if I went about it the way it was supposed to be done but I hit the scan now button on the linked page you referred to. It gave me the option to download the application for the scan. So I do so and managed to get it loaded okay. Ran the scan. It found 29 cookies but when I wanted to delete them, it said it couldn't do that unless I was a paid subscriber. So much for that! Guess what it does mean is that I should delete all the cookies from IE and FF. I thought I had cleaned them out but apparently I haven't.

    Thanks!


    "Peace begins with a smile. "-- Mother Teresa

  14. #14
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Trojan problems

    I'm surprised that's all it found. Have you tried HijackThis ??? It can be a bit time consuming and take a bit of back and forth with the forum experts, but they usually clean up your system for you, or "with you" I suppose is more correct.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  15. #15
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trojan problems

    I haven't tried Hijack This yet since I tried doing a repair install. I am "patiently waiting" for the "The Kid" to show up to double check that I've saved her most important data from her computer before I go forward with anything else. I will consider submitting a report to them just to see what they think but if they take very much time to answer, I will probably just get "antsy" and do a fresh install, etc. I am not good trying to ferret out these nefarious baddies one by one! So for me it will probably be easier to start from scratch even if it does mean digging out drivers, etc. Better than digging out stuff in the registry which makes my eyes blurry after awhile! <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> everyone for your advise, suggestions and especially your patience!


    "Peace begins with a smile. "-- Mother Teresa

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •