Trojan Definition Site [Archive] - Glock Talk

PDA

View Full Version : Trojan Definition Site


pascal
10-11-2008, 06:14
Howdy,
Just got hit with trojan horse backdoor.generic10.OEO in three places. I use AVG* Free and scan everyday. I tried to google the name but no hits were found. The send threat to AVG for I.D., doesn't work. Checking my vault I have two more trojan horse infections that were detected and moved to vault. The first one mentioned was on an unistal.exe in common\shared folder. CCleaner later during a registry check called a fault to that file not being available.
So is there any good site that has current list of valid Trojans and their effects? Thanks for any info
pascal

sunrunner
10-13-2008, 16:56
go to

http://www.safer-networking.org and download spybot S&D update and scan.

then go to

http://www.ccleaner.com, download and install

when spybot is finished checking, it will place a button on the top that says "Fix Selected Problems", you want to click that.
once spybot is finished fixing, it will usually tell you that it could not remove some threats and will ask if it can run again on boot, tell it no.

run ccleaner, it will delete all your temp internet files, most trojans originate there, after it has cleaned your temp files, run the registry checker (it usually needs to be ran two or three times to get rid of all the junk in there, but is quick)

then open Start / Control Panel / (click classic mode on left) / internet options / advanced / Restore advanced settings, then reset web settings to factory (bottom button or on programs tab ~ it moves around in different versions of Windows)

then open Start / Run / type "regedit" in the box / click on HKEY LOCAL MACHINE/ software / microsoft / windows / current version / run
delete every item in the right hand box with the exception of your antivirus software (hint your software (symantic / avg / avast / trend / mcaffee should list it's directory in the right hand field)

do the same in HKEY_CURRENT_USER/Software/microsoft/windows/current version/run only one item should be in here, ctfmon.exe (Windows system file) and make sure that the spelling is correct, I've run into viruses named cftmon.exe, they do stuff like that.

that will clear out 99.9999% of all infections

and one more note, if you have multiple user accounts on your computer, you will need to log into each and every one of them, run spybot and edit registry. Reason is HKEY_Current_User is different for every account.

last but not least, uninstall whatever crap you have that isn't stopping viruses and go find avast online, it's free, it's simple, and it's the only av program in the world right now that can actually stop scripts. (The crap on webpages that actually infect you). You will have to register with their website to obtain a FREE KEY, takes all of 3 minutes of your life.

I build and fix computers for a living, viruses take up the better part of my day everyday.

pascal
10-16-2008, 06:15
Thanks for the in depth response. I have Avast and AVG8 running. Since the file was moved to the AVG Vault, am I safe? Should I delete the files in the vault to be sure. I update AVG nightly and run it every morning. Avast usually self updates and I run a scan several times a week. It was run after AVG finding the Generic10.OEO and it did has never indicated an infection. I'm uncomfortable about playing around with the regedit if I can help NOT to.
I also run Spybot nightly and update weekly and immunize. I don't believe it gave me a remove threat warning in a while.
I was downloading some rootkit removal freeware programs to get one to work, Sophos, Panda Pavark.exe and Helios and Microsoft Systernal Rootkit revealer. Only kept Revealer and Helios. Used XP to delete the ones I could, checked the program files and deleted any remaining files, then CCleanered with Registry scan. Might have got it from one of them.
pascal