Glock Talk

Glock Talk (http://glocktalk.com/forums/index.php)
-   Tech Talk (http://glocktalk.com/forums/forumdisplay.php?f=86)
-   -   backdoor.trojan (http://glocktalk.com/forums/showthread.php?t=267982)

Packin' Heat 07-21-2004 07:25

backdoor.trojan
 
I cant rid my computer of this horrible thing!!!! I've been all up and down the street over at Symantec Security Response, but their procedure didnít work. Now the virus hasnít done anything "bad" per se, its just slowing me down a lot. Whatís nuts is that I keep on getting a warning from my Symantec telling me I have the virus, but when I run the antivirus, it comes up empty. Live update has been compromised, and the manual update via symantec "intelligent installer" seems to be ineffective.....ie. ITS STILL HERE!!!!

;U ^9

SamBuca 07-21-2004 07:53

Disable Norton and use a freebie scanner from http://housecall.trendmicro.com or http://www.mcafee.com

Once you get the system clean you can repair Norton.

David_G17 07-21-2004 13:41

it may help to do it from safe mode.

lomfs24 07-21-2004 22:16

Quote:

Originally posted by David_G17
it may help to do it from safe mode.
Agreed. Alot of times you will find stuff in safe mode that you will not find otherwise. If all else fails you could pull the HD and put it in another machine that is clean and scan the HD as though it were just another drive.

I have never used them but doesn't Norton have or you can make rescue disks that you can boot from and scan before anything else starts? I suppose though that you would have to make those rescue disks before you have an infected machine. And I suppose you would have to remake those disks everytime an update was downloaded.

Blast 07-22-2004 00:01

Quote:

Originally posted by David_G17
it may help to do it from safe mode.
I agree. I recently had a nasty CoolWebSearch variant which was well embedded and prevented me from running CWShredder. It also locked up computer when I tried to open My Computer or control panel. Hi-Jack This and Spybot would run okay, but couldn't fix.
I booted to safe mode, ran CWShredder and got rid of problem.

tna55 07-23-2004 04:00

If you are using ME or Xp, disable system restore, reboot then run your anti-virus. The virus or trojan may be in your restore directory.

Packin' Heat 07-23-2004 07:09

safe mode and norton dosent work. sigh. gonna try the other stuff now.

HerrGlock 07-23-2004 07:14

Find someone with the same OS you're running and an anti-virus program.

Make boot disks (NOT rescue disks) from their computer.

Boot with those disks and scan like that.

This takes your hard drive out of the picture and you are not using an infected drive to scan. It also goes one step beyond the booting in safe mode. Safe mode is the best idea if you cannot boot with boot/scan disks from another, clean, computer.

DanH

Moprine 07-23-2004 07:35

NORTON IS NOT GOOD FOR MOST TROJANS!
What is the name of the trojan you have?
Do you run any spyware removers...such as spybot or ad-aware?
If it isn't average spyware i like moosoft for trojan removal..free trial available: http://www.moosoft.com/products/cleaner/download/

i would do all in safe mode~~

www.pcpitstop.com always a great place to visit in addition to housecall

Locke 07-23-2004 21:58

Take a look at BartPE - a slick way of creating a bootable CD which you can add antivirus and antispyware apps to.

This *does* require a clean machine to download the PEBuilder app to (PEBuilder creates the boot disk image from software you already have or can download, thus avoiding legal trouble from redistributing code)

Then burn the bootable CD image it creates and use the CD to start thr infected computer. You can then run apps like Ad-Aware, McAfee Stinger, etc. against the hard drive without any hostile code active.

aspartz 07-23-2004 22:28

I got backdoor agent on my win2k box. It sucked to try and remove. I finally had to boot in windows recovery console and use a command line to delete the offending file (kbde.dll IIRC). Even booting from another win2k disk would not allow me to delete the file, only the recovery console would allow me to delete. Even in RC, I had to change the perm on the file.

ARS


All times are GMT -6. The time now is 10:46.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright ©2013, Glock Talk, All Rights Reserved.