Unsolved
This post is more than 5 years old
1 Message
0
3494
February 27th, 2004 13:00
Backdoor, Trojan windows xp
I have been following all the instructions for the Trojan backdoor for my windows xp and have a couple of questions. First, in my Norton program I quarantined my virus. Do I have to "un-quarantine" it before I do any removal process? Second, in the McAfee removal instructions I got on-line, it states during the process to "Remove references to the trojan from these keys of the registry". At this point I have a list of files on the screen, but how am I to know what these "references" are - they don't say "trojan" because they are hidden. Does anyone have typical "references" I should look out for? Thanks, in advance, for any help.
0 events found
No Events found!
Dungeoncrawler
28 Posts
0
February 27th, 2004 15:00
I'm not a expert on the subject, although there are some within this forum that are, but I believe as long as the trojan/virus is quarentined, it cannot harm your system. Think of it as the guilty party being in jail. As far as hidden files associated...i recently had the same problem. There is a program called 'hijackthis' that will scan your system and build a file that you can copy and paste into the body of a email on this forum. The experts can then look at this file, and instruct you from that point as to what to do. I would suggest you also getting both adware and spybot, and running both of these hijack program detectors on a regular basis to keep your system clean. Hope this helps point you in the right direction. Good luck.
DC/Gary
ChrisRLG
2 Intern
•
3.9K Posts
0
February 27th, 2004 20:00
----------------------------------
Use these to remove Malware (Spyware and Adware).
1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Failing those solving your problems a post of a hijackthis log for the experts to advise.
HijackThis From Here
or one of these other links:-
http://www.merijn.org/files/hijackthis.zip
http://www.aluriasoftware.com/tools/hijackthis.zip
http://mjc1.com/mirror/hjt/
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
therock247uk (In Training at TomCoyotes)
irelynmisses (In Training at TomCoyotes)
You could also go to one of the more specalist forums where more experts will be able to help.
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
http://www.wilderssecurity.com/index.php
http://tomcoyote.org/forums/index.php
http://forums.spywareinfo.com/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.