GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 07-21-2004, 07:25   #1
Packin' Heat
Senior Member
 
Packin' Heat's Avatar
 
Join Date: Jan 2001
Location: Atlanta, GA
Posts: 3,050


backdoor.trojan

I cant rid my computer of this horrible thing!!!! I've been all up and down the street over at Symantec Security Response, but their procedure didnít work. Now the virus hasnít done anything "bad" per se, its just slowing me down a lot. Whatís nuts is that I keep on getting a warning from my Symantec telling me I have the virus, but when I run the antivirus, it comes up empty. Live update has been compromised, and the manual update via symantec "intelligent installer" seems to be ineffective.....ie. ITS STILL HERE!!!!

;U ^9
__________________
G23; .40 S&W Club #10
VEPR K 7.62x39; Kalashnikov Club # 770
Mossey 590; Tactical Shotgun Club #770
Saiga 12
Packin' Heat is offline   Reply With Quote
Old 07-21-2004, 07:53   #2
SamBuca
Senior Member
 
SamBuca's Avatar
 
Join Date: Aug 2002
Location: Carlisle, PA
Posts: 1,839
Send a message via AIM to SamBuca
Disable Norton and use a freebie scanner from http://housecall.trendmicro.com or http://www.mcafee.com

Once you get the system clean you can repair Norton.
__________________
Cum ignis armi proscripti erunt tum soli proscript ignis armatas habebunt. Morituri te salutant.
SamBuca is offline   Reply With Quote
Old 07-21-2004, 13:41   #3
David_G17
/\/\/\/\/\/\/\/
 
David_G17's Avatar
 
Join Date: Oct 2002
Posts: 7,678
it may help to do it from safe mode.
__________________
"One handgun a month is too much."
"If you ask me, 12 handguns/year is too much."
"I'd be OK with one gun a year."
"We need the strong gun regs and enforcement Europe has."
-DU debates America's future 10/23/2005
David_G17 is offline   Reply With Quote
Old 07-21-2004, 22:16   #4
lomfs24
Senior Member
 
lomfs24's Avatar
 
Join Date: Apr 2003
Location: Montana
Posts: 4,822
Send a message via AIM to lomfs24 Send a message via Yahoo to lomfs24
Quote:
Originally posted by David_G17
it may help to do it from safe mode.
Agreed. Alot of times you will find stuff in safe mode that you will not find otherwise. If all else fails you could pull the HD and put it in another machine that is clean and scan the HD as though it were just another drive.

I have never used them but doesn't Norton have or you can make rescue disks that you can boot from and scan before anything else starts? I suppose though that you would have to make those rescue disks before you have an infected machine. And I suppose you would have to remake those disks everytime an update was downloaded.
__________________
The simple believeth every word: but the prudent man looketh well to his going. ~Proverbs 14:15
lomfs24 is offline   Reply With Quote
Old 07-22-2004, 00:01   #5
Blast
'nuff said
 
Blast's Avatar
 
Join Date: Aug 2002
Location: NKY/Cincinnati area
Posts: 20,882


Quote:
Originally posted by David_G17
it may help to do it from safe mode.
I agree. I recently had a nasty CoolWebSearch variant which was well embedded and prevented me from running CWShredder. It also locked up computer when I tried to open My Computer or control panel. Hi-Jack This and Spybot would run okay, but couldn't fix.
I booted to safe mode, ran CWShredder and got rid of problem.

Last edited by Blast; 07-24-2004 at 01:12..
Blast is offline   Reply With Quote
Old 07-23-2004, 04:00   #6
tna55
Senior Member
 
tna55's Avatar
 
Join Date: Apr 2003
Location: Las Vegas NV
Posts: 723
If you are using ME or Xp, disable system restore, reboot then run your anti-virus. The virus or trojan may be in your restore directory.
__________________
"An armed society is a polite society"
Robert A. Heinlein

Joe Sarno: The only thing you can assume about a broken down old man is that he is a survivor.
tna55 is offline   Reply With Quote
Old 07-23-2004, 07:09   #7
Packin' Heat
Senior Member
 
Packin' Heat's Avatar
 
Join Date: Jan 2001
Location: Atlanta, GA
Posts: 3,050


safe mode and norton dosent work. sigh. gonna try the other stuff now.
__________________
G23; .40 S&W Club #10
VEPR K 7.62x39; Kalashnikov Club # 770
Mossey 590; Tactical Shotgun Club #770
Saiga 12
Packin' Heat is offline   Reply With Quote
Old 07-23-2004, 07:14   #8
HerrGlock
CLM Number 2
Scouts Out
 
HerrGlock's Avatar
 
Join Date: Dec 2000
Posts: 64,493


Find someone with the same OS you're running and an anti-virus program.

Make boot disks (NOT rescue disks) from their computer.

Boot with those disks and scan like that.

This takes your hard drive out of the picture and you are not using an infected drive to scan. It also goes one step beyond the booting in safe mode. Safe mode is the best idea if you cannot boot with boot/scan disks from another, clean, computer.

DanH
__________________
Sent from my rotary phone
"The way I see it as soon as a baby is born, he should be issued a banjo!"- Linus Van Pelt
UNIX - Not just for Vestal Virgins any more
HerrGlock is offline   Reply With Quote
Old 07-23-2004, 07:35   #9
Moprine
Senior Member
 
Join Date: Jul 2004
Posts: 157
NORTON IS NOT GOOD FOR MOST TROJANS!
What is the name of the trojan you have?
Do you run any spyware removers...such as spybot or ad-aware?
If it isn't average spyware i like moosoft for trojan removal..free trial available: http://www.moosoft.com/products/cleaner/download/

i would do all in safe mode~~

www.pcpitstop.com always a great place to visit in addition to housecall
Moprine is offline   Reply With Quote
Old 07-23-2004, 21:58   #10
Locke
Senior Member
 
Locke's Avatar
 
Join Date: Oct 2002
Location: Pennsylvania
Posts: 642
Send a message via ICQ to Locke
Take a look at BartPE - a slick way of creating a bootable CD which you can add antivirus and antispyware apps to.

This *does* require a clean machine to download the PEBuilder app to (PEBuilder creates the boot disk image from software you already have or can download, thus avoiding legal trouble from redistributing code)

Then burn the bootable CD image it creates and use the CD to start thr infected computer. You can then run apps like Ad-Aware, McAfee Stinger, etc. against the hard drive without any hostile code active.
__________________
Niner's Club #161 - PA Glockers #17 - Glockers of the Old Dominion #161
-----------------
"When society erases its past, for whatever reason, it cannot have a future."
-Wisteria Jane Milbury Snow
Locke is offline   Reply With Quote
Old 07-23-2004, 22:28   #11
aspartz
Senior Member
 
aspartz's Avatar
 
Join Date: Oct 2000
Location: Sandstone, MN 55072
Posts: 5,994
I got backdoor agent on my win2k box. It sucked to try and remove. I finally had to boot in windows recovery console and use a command line to delete the offending file (kbde.dll IIRC). Even booting from another win2k disk would not allow me to delete the file, only the recovery console would allow me to delete. Even in RC, I had to change the perm on the file.

ARS
__________________
"When fascism comes to America, it will be wrapped in the flag and carrying the cross." - Unknown
"Government is not reason, it is not eloquence, it is force" - George Washington
aspartz is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 16:12.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 883
259 Members
624 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31