TROJAN HORSE - I need a nerd

cori · Joined: 30 Apr 2006

I have a trojan horse, short of having to bring the pc to a fix-it shop for quite a few quid I was hoping someone has a suggestion that I can do myself.

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

faceless · admin Joined: 25 Apr 2006

how do you know it's a trojan? If you're sure it is and you have the name of it then you should be able to do a search for information on google on how to remove it.

cori · Joined: 30 Apr 2006

It was identified by a norton scan, but damn I can't remember the name, I installed this software "the cleaner" which I found through google to get rid of the sucker, however my system is running slower than a snails pace. I hope you're the nerd that can help, I'll gladly send you your allowance for the pub.

cori · Joined: 30 Apr 2006

Forgot to mention I also loaded and ran spy doctor

faceless · admin Joined: 25 Apr 2006

If you can do that scan again and find out the name that would help more than anything...

but to find out what's making things go slowly, press ctrl-alt-delete at the same time and then when you get the window popping-up, click on "task-manager". Then you'll see 4 tabs, click on "processes" and then "CPU". Look at the list that's showing and you'll see the program that's hogging everything as it will show that's it using something like 99%. Post the name of that process and that will also help to sort you out...

6ULDV8 · Joined: 30 Apr 2006 Location: USA

Dump Norton anti speed (I mean anti virus) as soon as possible...

Norton was great up to about 3 years ago & now it's just a systems hog with very little in the way of protection...
I mean c'mon, you got a trojan whilst using it right.

Kaspersky anti virus is what I use myself (Pro version) & once set up right it's great...
Most ppl I know will say to use NOD32 as it's free & is pretty streamlined too.

As for the trojan etc...

First start by removing the spyware crud you installed (both of them), no offence but most of those programs do more harm than good.

Pop along to PCPITSTOP & use their virus scan, if you have anything on your PC it will not only detect it but will also give you links / help in removing it.
PCPITSTOP.COM is a trusted site... never did me any harm in the many years of use.

Ohhh also... Norton has a habit of showing certain applications & even web media as trojans Sad

Post a screen shot of the 'trojan' (in nortons window) if you can... it would help.

cori · Joined: 30 Apr 2006

Face, in following your directions I see alot of shite, in particular the following; svchost.exe, lsass.exe, CCSETMGR.exe, PDUDServ.exe, explorer.exe, Magickey.exe. Idon't understand how to Post, and does 6ULD also have the answer. I will not send you your pub dosh until all is sorted as I don't want to have my card compromised, LOL

til661 · Joined: 11 Feb 2007

none of those exe files are trojans inherently. pdudserv. is power dvd, ccsetmgr.exe is norton. and the rest are all system processes. It is possible they could be compromised though so it would be best for you to visit the site 6uldv8 recommended

faceless · admin Joined: 25 Apr 2006

cori - give that site 6uldv8 mentioned a shot and see if that sorts you.

www.pcpitstop.com

there's also http://housecall.antivirus.com

cori · Joined: 30 Apr 2006

Guys I'm going for it, film at eleven

6ULDV8 · Joined: 30 Apr 2006 Location: USA

Good news Cori...

Seriously dump Norton...

I have a slew of programs I can upload to help with the pesky stuff your dealing with (Including Kaspersky) if you need em.

major.tom · Posted: Sat May 12, 2007 1:10 am Post subject:

There are a couple other useful programs out there for finding trojans -- Lavasoft AdAware and Spybot Search & Destroy.

Here's what *I* do when I suspect a system is infected:
- run CodeStuff Starter (my preference) to see what programs run automatically when booting windows
- look for anything suspicious; you can tell by a) the folder where it is located (eg. random-looking folder names under c:\windows\system32 or under c:\documents and settings -- no programs should be located here) b) the program name, and c) a little knowledge of what hardware and software is in your system.
- with any suspicious-looking files, open windows explorer and go to the folder where the file is located, right-click and select properties. Pay attention to the creation dates (to see if it coincides with when you think the problem started) company and version information. Anything listed as Microsoft might not be. The best way to tell is to compare it to other program files under c:\windows, as M$ is pretty consistent. Trojans sometimes try to pass themselves off as M$, but leave the version as 1.0.0.
- If you find any that don't look right after this inspection, disable them in CodeStuff Starter and reboot your machine.

Once everything seems to be "normal" and you're satisfied that the system is working, you can delete/rename the files you disabled.

Good luck!

cori · Joined: 30 Apr 2006

Okay to make a long story short over several days I tried quite a bit of your more than helpful suggestions, did alot of googling and finally after installing a combo of spyware detector & max registry, found a trojan identified as vundo, apparently it's some kind of advertising bug? I have run these programs for several days and it seems thaat I'm clean. Will pay a bill today online and track to make sure that's the only transaction that goes through. Hopefully, I'm in good shape, should it work fine that'll be a couple three pints sent to Face from all who helped out!

major.tom · Posted: Sat May 19, 2007 12:56 am Post subject:

Congratulations on your success. Hopefully it's gone for good.

Another suggestion is that you can run a program called "Active Ports" to see what programs are connecting over the internet. Many trojans will chat back to their owner and wait for instructions (ie. "Listening").

cori · Joined: 30 Apr 2006

I'm on that right now Major, cheers!!