close

Privacy guaranteed - Your email is not shared with anyone.

backdoor.trojan

Discussion in 'Tech Talk' started by Packin' Heat, Jul 21, 2004.

  1. Packin' Heat

    Packin' Heat

    Joined:
    Jan 17, 2001
    Messages:
    1,356
    Likes Received:
    0
    Location:
    Atlanta, GA
    I cant rid my computer of this horrible thing!!!! I've been all up and down the street over at Symantec Security Response, but their procedure didn’t work. Now the virus hasn’t done anything "bad" per se, its just slowing me down a lot. What’s nuts is that I keep on getting a warning from my Symantec telling me I have the virus, but when I run the antivirus, it comes up empty. Live update has been compromised, and the manual update via symantec "intelligent installer" seems to be ineffective.....ie. ITS STILL HERE!!!!

    ;U ^9
     
  2. SamBuca

    SamBuca

    Joined:
    Aug 9, 2002
    Messages:
    317
    Likes Received:
    0
    Location:
    Carlisle, PA

  3. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Joined:
    Oct 7, 2002
    Messages:
    2,046
    Likes Received:
    0
    it may help to do it from safe mode.
     
  4. lomfs24

    lomfs24

    Joined:
    Apr 19, 2003
    Messages:
    2,353
    Likes Received:
    133
    Location:
    Montana
    Agreed. Alot of times you will find stuff in safe mode that you will not find otherwise. If all else fails you could pull the HD and put it in another machine that is clean and scan the HD as though it were just another drive.

    I have never used them but doesn't Norton have or you can make rescue disks that you can boot from and scan before anything else starts? I suppose though that you would have to make those rescue disks before you have an infected machine. And I suppose you would have to remake those disks everytime an update was downloaded.
     
  5. Blast

    Blast 'nuff said

    Joined:
    Aug 2, 2002
    Messages:
    16,574
    Likes Received:
    398
    Location:
    NKY/Cincinnati area
    I agree. I recently had a nasty CoolWebSearch variant which was well embedded and prevented me from running CWShredder. It also locked up computer when I tried to open My Computer or control panel. Hi-Jack This and Spybot would run okay, but couldn't fix.
    I booted to safe mode, ran CWShredder and got rid of problem.
     
  6. tna55

    tna55

    Joined:
    Apr 14, 2003
    Messages:
    319
    Likes Received:
    0
    Location:
    Las Vegas NV
    If you are using ME or Xp, disable system restore, reboot then run your anti-virus. The virus or trojan may be in your restore directory.
     
  7. Packin' Heat

    Packin' Heat

    Joined:
    Jan 17, 2001
    Messages:
    1,356
    Likes Received:
    0
    Location:
    Atlanta, GA
    safe mode and norton dosent work. sigh. gonna try the other stuff now.
     
  8. HerrGlock

    HerrGlock Scouts Out CLM

    Joined:
    Dec 28, 2000
    Messages:
    23,796
    Likes Received:
    210
    Find someone with the same OS you're running and an anti-virus program.

    Make boot disks (NOT rescue disks) from their computer.

    Boot with those disks and scan like that.

    This takes your hard drive out of the picture and you are not using an infected drive to scan. It also goes one step beyond the booting in safe mode. Safe mode is the best idea if you cannot boot with boot/scan disks from another, clean, computer.

    DanH
     
  9. Moprine

    Moprine

    Joined:
    Jul 20, 2004
    Messages:
    61
    Likes Received:
    0
    NORTON IS NOT GOOD FOR MOST TROJANS!
    What is the name of the trojan you have?
    Do you run any spyware removers...such as spybot or ad-aware?
    If it isn't average spyware i like moosoft for trojan removal..free trial available: http://www.moosoft.com/products/cleaner/download/

    i would do all in safe mode~~

    www.pcpitstop.com always a great place to visit in addition to housecall
     
  10. Locke

    Locke

    Joined:
    Oct 11, 2002
    Messages:
    64
    Likes Received:
    0
    Location:
    Pennsylvania
    Take a look at BartPE - a slick way of creating a bootable CD which you can add antivirus and antispyware apps to.

    This *does* require a clean machine to download the PEBuilder app to (PEBuilder creates the boot disk image from software you already have or can download, thus avoiding legal trouble from redistributing code)

    Then burn the bootable CD image it creates and use the CD to start thr infected computer. You can then run apps like Ad-Aware, McAfee Stinger, etc. against the hard drive without any hostile code active.
     
  11. aspartz

    aspartz

    Joined:
    Oct 19, 2000
    Messages:
    3,281
    Likes Received:
    133
    Location:
    Sandstone, MN 55072
    I got backdoor agent on my win2k box. It sucked to try and remove. I finally had to boot in windows recovery console and use a command line to delete the offending file (kbde.dll IIRC). Even booting from another win2k disk would not allow me to delete the file, only the recovery console would allow me to delete. Even in RC, I had to change the perm on the file.

    ARS