PDA

View Full Version : trojan?


inside'eye
2006-03-25, 07:49 AM
My norton has been compromised.The given link reccomends a trojan removel program,it d/l's but does not operate. Then recomends to remove and reinstall norton. On removing, it stops and reads sig not recognised, do you want to carry on with "instillation"? clicking on yes or no makes no difference, it cancels itself.

The microsoft antispyware also cannot run a full scan,it stops with no notification what so ever,it just stops at "PID 3380:c:\windows\system32\rsaenh.dll"

I have since tried 4 different scan/removel programs, of which none worked by either:not downloading,
downloading but not registering the program in the o/s
or downloading,begining the scan but then stops,and closes the program.

This began two days ago, just one day after transfering all music and art files to data disc.I suppose you would call that lucky? :help: thankyou.

Internet explorer runs slower,but firefox is normal.

toys
2006-03-25, 08:01 AM
How do you know that Norton was compromised? I ask because a common tactic of the spyware/virus/badpeople is to give you a pop-up telling you that you've been infected and to click their link to fix the problem - when in fact your PC is fine to start with but if you click the link they provide it downloads their malicious crap onto your system and then you truly are screwed.

inside'eye
2006-03-25, 08:20 AM
The problems with the norton are:auto-protect against virus spyware is out
: e-mail is not protected

:instant messanger is not protected

:out going e-mails are not scanned.

I did not click on a pop-up.

The above may not sound as though I am in grave danger,but I am unable to perform any type of scans on my pc.
I tried a registry scan,which almost succeded,but It didn't.

TheMamba
2006-03-25, 09:16 AM
Hell, since you got all of your audio/video off earlier, get whatever else you need off burned to disc and reformat/reinstall windows.

inside'eye
2006-03-25, 09:52 AM
Hell, since you got all of your audio/video off earlier, get whatever else you need off burned to disc and reformat/reinstall windows.
Hey wow! That sounds like a hoot! :thumbsup

Any pointers?

diggrd
2006-03-25, 11:17 AM
Have you tried starting in safe-mode and then running a scan.

ohkeepa
2006-03-25, 11:24 AM
maybe download and run Ewido

Five
2006-03-25, 11:39 AM
yeah, if you don't want to reformat first try scanning with another antivirus, like AVG (available free at grisoft.com). I've been using AVG for years it is excellent, some say as good/better than NAV.

jcrab66
2006-03-25, 01:04 PM
avast also works good, get rid of norton, its crap

LazyTaper
2006-03-25, 01:18 PM
Is this with Norton 2006? Norton recently busted the cracked cersion. Could be that. If it is infact a trojan, what one does Norton think it is? Find out which one it is than it is very easy to clean most off..... but if it is indeed a trojan, I would format my computer and clear the bios. Really nasty ones can hide in the bios, etc.. and repropogate themselves even if you format.

drkhollow
2006-03-25, 02:15 PM
the last several releases of NAV and their bundled packages are terrible--
along with the huge footprints they leave their just not as effective as they once were. PC-Cillin is a good program and when I installed it the amount of stuff it found that norton let into my machine--well just one word NORTON SUCKS

feralicious
2006-03-25, 08:02 PM
Is this with Norton 2006? Norton recently busted the cracked cersion. Could be that. If it is infact a trojan, what one does Norton think it is? Find out which one it is than it is very easy to clean most off..... but if it is indeed a trojan, I would format my computer and clear the bios. Really nasty ones can hide in the bios, etc.. and repropogate themselves even if you format.How do you clear one off your Bios? I might have one in there.

When I reformatted and went to load Windows off a disk my friend gave me I got a message from some AV software company that said I had a boot virus, didn't say anything about how to fix it, had a website on the message. I visited the website and it's an anti-virus software site and gave no instructions on what to do and I still don't understand how/why I got that message off a Windows disk for a newly formatted drive. I don't know where that Windows came from, it could very well have been a pirated version, maybe it was just advertising?

In any case I wouldn't mind checking further into the situation since I'm planning on doing another fresh install of Windows.

inside'eye
2006-03-26, 09:33 PM
Nice pointers there,thankyou. Starting With the safe mode scan It still encountered the same problems.

EWIDO read like wierd or wierdo to me.sorry. Through some "light" investigation the following trojans have now been removed:

trojan horse downloader.generic.VGO 6.93 KB- one.
trojan horse proxy.BBR 4.5 KB- five,and returns with every start up,tommorow will be six times.

These trojans are not yet removed:

trojan horse.abuiz.c.- one.
trojan horse kws.combo.h.- two.

And just for the hell of it, there is one hundred and sixty eight mal/adware,of which thirty eight are still active. :thumbsup
I got rid of norton,its crap
Are bio's like the binery ?
Thanks everyone.

TheMamba
2006-03-26, 10:06 PM
How do you clear one off your Bios? I might have one in there.

When I reformatted and went to load Windows off a disk my friend gave me I got a message from some AV software company that said I had a boot virus, didn't say anything about how to fix it, had a website on the message. I visited the website and it's an anti-virus software site and gave no instructions on what to do and I still don't understand how/why I got that message off a Windows disk for a newly formatted drive. I don't know where that Windows came from, it could very well have been a pirated version, maybe it was just advertising?

In any case I wouldn't mind checking further into the situation since I'm planning on doing another fresh install of Windows.

Nina, I'd get with the manufacturer and see if they have any insight as to how to clear the BIOS of any viruses. It's not something you want to mess around with unless you have a manufacturer's tech guy (or manual) telling you step by step how to do it...a lot of the times it's as easy as moving a few jumpers around but if you get the wrong jumpers...you can have a big mess.

inside-eye: BIOS stands for Basic Input/Output System or Basic Integrated Operating System. It's the program on your motherboard that boots the computer up and starts detecting hard drives, printers, keyboard, mouse, etc. before Windows starts running.

lgerard
2006-03-26, 10:17 PM
Nice pointers there,thankyou. Starting With the safe mode scan It still encountered the same problems.

EWIDO read like wierd or wierdo to me.sorry. Through some "light" investigation the following trojans have now been removed:

trojan horse downloader.generic.VGO 6.93 KB- one.
trojan horse proxy.BBR 4.5 KB- five,and returns with every start up,tommorow will be six times.

These trojans are not yet removed:

trojan horse.abuiz.c.- one.
trojan horse kws.combo.h.- two.

And just for the hell of it, there is one hundred and sixty eight mal/adware,of which thirty eight are still active. :thumbsup
I got rid of norton,its crap
Are bio's like the binery ?
Thanks everyone.


You should open up the task manager and indentify any malicious applications or processes that are running. In order to remove some of these, it is first neccessary to stop them running, as many of them are written so as to prevent either the downloading or the execution of anti-viral or anti-spyware programs.

It also sounds llike you have not been very viligant in protecting yourself. You should run Ad Aware every day, and something like Spybot at least once a week. No program like Norton will ever protect you completely, although I agree that AVG is much better.

inside'eye
2006-03-27, 05:37 PM
Thanks for the spybot,it worked really well.Still have two different trojans though.I'm using avg now it's quite cool but will look around for others. Am using the task manager, but fear a reinstall in the works. Thanks everyone. :thumbsup

saltman
2006-03-27, 07:41 PM
You guys do know that attempting to kill virii through the task manager is a joke right..... Or atleast I'm pretty sure the person that suggested that is joking.

Any good virii from atleast 1995 on injects itself into the memory of another app to avoid detection in this manner..... i.e it will inject itself into explorer.exe or iexplorer.exe or whatever else it wants to hide in... Good ones change up where they are hiding.

Format and clear bios that is the only way to get them out. Period. Good ones will repropogate.

inside'eye
2006-03-28, 06:57 AM
Okay saltman thanks for the info. Looks as if I need to format and clear bios.
But...Let me bring you up to date..

I have never used a computer at all before six months ago.Also I am living in a dutch speaking country which is my second language,thus, my xp edition is in dutch.
So before I enter the next learning phase,are there any preperations to make before unstall? Any advice with the new format? How do you clean bios?

saltman
2006-03-28, 01:14 PM
preparations should include backing up anything that you don't want deleted. This should include your music, photos, etc... (which it sounds like you already have done) but also emails, etc... BE very careful with what you bring back onto your new installation. music files are pretty safe. pics and emails are not. That's where virii hide. Sometimes pics are bound with executable files such as trojans so that they run when you view them.... This is one way people hide trojans and trick people into opening them without their knowledge. I would only bring back pics that i knew where they came from. emails should be obvious.

As far as formatting/installing that is a piece of cake. You just plop your windows cd/dvd in and it will autoplay. It will then ask you if you want to format and install... click yes and it will do it's thing. Don't do a fast format. Also you want to format your hard drive as NTFS not FAT32. when it asks. FAT32 is limited in many ways... such as file size no greater then 4GB which sucks for dvd .iso files. That's it. It will format and put on a fresh copy of windows. It's probably easier to download a cracked copy that has sp2 preinstalled. (this should be legal since you own a copy already) . Otherwise you will have to download all the updates which will take some time.

Hope this helps.

Hippycat
2006-03-28, 02:15 PM
avast also works good, get rid of Norton, its crap

Exactly what I was going to write!

But to add:

Get Avast, it's free.
Get Ad-Aware, it's free.
Get Spybot S&D, it's free
Get Spyware Blaster, it's free
Get Zone Alarm Firewall, it's free
Get NOD 32, free for 30 days

Download what you can, and save them.

Remember to consistently update Ad-Aware, Spybot S & D (if you get checksum error, that's just their server being bitchy, try back later), and Spyware Blaster. These will clean out the bastard adware/malware, and both Spybot & Spyware Blaster will prevent most from coming in.

Install Zone Alarm. Windows firewall is from what I hear, crap. Though I guess it can't hurt to run them both. Also try a router. Heard those work well.

Disconnect from the net, get rid of Norton and install both Avast & NOD 32. They will work together, something Norton doesn't really do with anything.

After you reboot and reconnect (get use to it), update both Avast & NOD 32 immediately. Disconnect again AND turn off system restore - some viruses and trojans will sit in there even after they have been scanned and cleaned out of the system. Let one scan, then the other. This is going to take some time, but both work very well and may find things the other didn't. Certainly they will find things Norton can't do anything about.

saltman
2006-03-28, 02:33 PM
I have heard it is bad to use more than one firewall or more than one antivrus at the same time (installed on the same machine). But I don't have any facts to back that up nor technical reasons.

I used to LOVE zonealarm.. but be careful now it is often bundled with their AV which sucks... and the whole interface sucks after that point. Do they still offer just a firewall?

I would also add that IMO Norton AV doesn't suck. It is great for a non technical user. It does have a tendency to take over ones computer similar to how quicktime does in terms of file association control, etc... However, It can be controlled and I think it works pretty good. There are virii that specifically target Norton and shut it down. But they also target many others. Whatever you do don't use Black Ice that would be my only statement. I do find that Norton Internet Security (the firewall program) sucks. The interface sucks and also the technical abilities of the firewall itself.

Spybot and Ad-Aware are excellent programs and can be used in conjunction with each other. Amazingly so I have found that Microsoft's Adware program ( which is free) is excellent also. It will find many things that neither of the above will. I guess they bought it from someone who knew what they were doing. :rolleyes:

Hippycat
2006-03-28, 03:31 PM
I have heard it is bad to use more than one firewall or more than one antivrus at the same time (installed on the same machine). But I don't have any facts to back that up nor technical reasons.
Double firewalls do take some extra configuration, and is probably unnecessary. As for AVs, I've got both Avast & NOD 32 working on mine. No problems and everything is tip top. Though Norton won't play well with others. If there is a conflict with multiple AVs running, I haven't discovered it with these two.

I used to LOVE zonealarm.. but be careful now it is often bundled with their AV which sucks... and the whole interface sucks after that point. Do they still offer just a firewall?
Yep firewall still free and readily available at the Zone Alarm site. The free one should be totally adequate for most people. I have tried the 'Pro' version and found that was more than I really needed, but it can't hurt to try that after you're comfortable with the ZA settings some. I've heard their AV is pretty good as I know a few people that run the bundle (firewall combined with the AV), but I haven't tried that one. To each their own. As a matter of fact, the Avast interface sucks too. Works great, but looks stupid.

I would also add that IMO Norton AV doesn't suck. It is great for a non technical user. It does have a tendency to take over ones computer similar to how quicktime does in terms of file association control, etc... However, It can be controlled and I think it works pretty good. There are virii that specifically target Norton and shut it down. But they also target many others. Whatever you do don't use Black Ice that would be my only statement. I do find that Norton Internet Security (the firewall program) sucks. The interface sucks and also the technical abilities of the firewall itself.
I totally HATE how QT takes over and installs all kinds of extra crap! I think I've removed it like 5 times just because I've wanted to keep mem usage down and I've noticed tonnes of junk (like itunes which I don't use and mDNSResponder which is part of their crap!), only to get it reinstalled because I'm hooked on the Apple movie trailer site. :(

Spybot and Ad-Aware are excellent programs and can be used in conjunction with each other. Amazingly so I have found that Microsoft's Adware program ( which is free) is excellent also. It will find many things that neither of the above will. I guess they bought it from someone who knew what they were doing. :rolleyes:
Or maybe they make the spyware too! Then they make a program (possibly the only one) that can detect and beat it! Then once everyone is hooked using it, they begin selling a subscription service to it at crazy expensive prices that nobody can afford to pay! Eventually anarchy breaks out! The streets are full of chaos and a virtual plaque of madness is rampant everywhere! The machine breaks down and mankind is thrown into another dark age!!! http://img63.imageshack.us/img63/6086/emottinfoil7nv.gif (http://imageshack.us)http://img63.imageshack.us/img63/6086/emottinfoil7nv.gif (http://imageshack.us)http://img63.imageshack.us/img63/6086/emottinfoil7nv.gif (http://imageshack.us)

Hey you guys voted for Bush twice, so like anything is possible.

Five
2006-03-28, 04:28 PM
my gf uses Kerio (http://www.sunbelt-software.com/Kerio.cfm), it seems to me it is the best of all the free firewalls but a little over my head... I stick with ZoneAlarm 5 free for now

saltman
2006-03-28, 04:31 PM
Hey you guys voted for Bush twice, so like anything is possible.

oh no...... he didn't say it.... I can stand up and say in a court of law and would really like to let the record show.... I have NEVER voted for any Bush. I could keep going but I'll leave that for the political forum. :D

You've tackled the hard part... backing up all your music, etc... Just find you a firewall, anti-virus, and adware program and you will be set for ever. I'll bet you will never get another virus. :wave:

p_k
2006-03-28, 04:39 PM
heh, i knew G.W. would win :clap: ... woohooo

john kerry is a ketchup douche bag..........

feralicious
2006-03-28, 05:32 PM
Dubya didn't win, he was appointed, then he stole.


Back to the topic at hand...

I totally HATE how QT takes over and installs all kinds of extra crap! I think I've removed it like 5 times just because I've wanted to keep mem usage down and I've noticed tonnes of junk (like itunes which I don't use and mDNSResponder which is part of their crap!), only to get it reinstalled because I'm hooked on the Apple movie trailer site. :(
Try this Quicktime Alternative. (http://www.free-codecs.com/download/QuickTime_Alternative.htm) I can't remember if I actually used this or not.

There's also a Real Alternative (http://www.free-codecs.com/download/Real_Alternative.htm) which I use and it works great!

p_k
2006-03-28, 05:44 PM
Dubya didn't win, he was appointed, then he stole.

word.

inside'eye
2006-03-29, 05:54 PM
THANKYOU LADIES AND GENTELMEN!!!

Recomended programs are all now installed up and running.The amount of garbage found and quarintined is just phenomenol!!

There is still one trojan left in the system which seems to deflect all detection.All scans have been run twice each.So before I format windows again I have "just" one more question.

Why do my smileys not work anymore? I see them, but they don't move anymore. It takes the smile out of smileys.How do you make them work again?
Please.