OT: Virus Gurus, FARK! |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
OT: Virus Gurus, FARK! |
Howard |
Nov 23 2005, 09:58 PM
Post
#1
|
Incontin(g)ent Member Group: Benefactors Posts: 5,785 Joined: 24-July 03 From: Westlake Village, CA Member No.: 943 Region Association: None |
Got this cutie today. Anti_Troj.exe
Screws up the works. Knocked out my Norton and won't let me reinstall nor get any new AV software installed. RegEdit the entry as per Symantec instructions, but can't run anti virus scan to kill it. Help! |
J P Stein |
Nov 23 2005, 10:12 PM
Post
#2
|
Irrelevant old fart Group: Members Posts: 8,797 Joined: 30-December 02 From: Vancouver, WA Member No.: 45 Region Association: None |
Goggle AVG. and run their free av scan off the net.
Their updates are very current . I get em' daily. Good luck. |
bd1308 |
Nov 23 2005, 10:30 PM
Post
#3
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
|
Rocket |
Nov 23 2005, 10:32 PM
Post
#4
|
VROOM VROOM Group: Members Posts: 86 Joined: 24-August 05 From: Dunstable MA Member No.: 4,659 |
go get lavasoft's anti spyware. and Spybot Search and Destroy. using both of thoes gets most of the stuff off. along with microsofts antispyware.
also. try F-Prot's antivirus software. you can get the trial online for free. have to hunt on their website. |
r_towle |
Nov 23 2005, 10:35 PM
Post
#5
|
Custom Member Group: Members Posts: 24,584 Joined: 9-January 03 From: Taxachusetts Member No.: 124 Region Association: North East States |
most of these have a pre-boot function...
You probably need to boot in safe mode and then run the symantic cleaner agent for this specific problem... Only in safe mode can you ensure that nothing got loaded... Rich |
lagunero |
Nov 23 2005, 10:43 PM
Post
#6
|
||
Donkey Member Group: Benefactors Posts: 1,042 Joined: 8-January 04 From: orange county,ca Member No.: 1,531 |
Yup. Howard, that's what you get for letting the Narpster site go (IMG:http://www.914world.com/bbs2/html/emoticons/laugh.gif) |
||
Howard |
Nov 23 2005, 11:00 PM
Post
#7
|
Incontin(g)ent Member Group: Benefactors Posts: 5,785 Joined: 24-July 03 From: Westlake Village, CA Member No.: 943 Region Association: None |
Thanks, guys. I'll try 'em one at a time. No effect on Mycrosoft anti spy, still running no problems. Alberto, I didn't kill the narp, the free server went out of biz.
|
bd1308 |
Nov 23 2005, 11:03 PM
Post
#8
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
Howie, you got my PM regarding that right?
did MS antispyware work? b |
Howard |
Nov 23 2005, 11:07 PM
Post
#9
|
Incontin(g)ent Member Group: Benefactors Posts: 5,785 Joined: 24-July 03 From: Westlake Village, CA Member No.: 943 Region Association: None |
Yeah, Britt. Set it up and I'll get it over to you. Unfortunately, we'll lose everthing that was in there.
MS Anti spy doesn't find it. And this guy is good... won't let me visit any AV site to get a download. Don't think I can access DSL in safe mode, so may have to get it on another machine. Back to the drawing board |
bd1308 |
Nov 23 2005, 11:13 PM
Post
#10
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
what OS are you using?
can you send me the file in a email? i'll look at it.....we'll come up with something b |
r_towle |
Nov 23 2005, 11:15 PM
Post
#11
|
Custom Member Group: Members Posts: 24,584 Joined: 9-January 03 From: Taxachusetts Member No.: 124 Region Association: North East States |
Howard...
This is from Syamntec. You have a bad Trojan horse...it downloads more bad files to your computer.... first thing...unlpug it from the internet... then follow these instructions... Print them out and follow them to a T At a high level. You have to boot in safe mode to disable the service from starting... Then you need to use the current version of the Virus software to get rid of it... Then you need to edit the registry to make sure its gone. There might also be some of the files left...the files it downloaded.... After you do that...boot in normal mode and get all the latest patches from symantec. then run it once again in normal mode. READ BELOW Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again. After the files are deleted, restart the computer in Normal mode and proceed with the next section. Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following: Title: [FILE PATH] Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. 4. To delete the value from the registry Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry. Click Start > Run. Type regedit Click OK. Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. Navigate to the subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run In the right pane, delete the value: "anti_troj" = "%System%\anti_troj.exe" Navigate to the subkey: HKEY_CURRENT_USER\Software\FirstRRRun In the right pane, delete the value: "FirstRRRun" = "1" Exit the Registry Editor. |
J P Stein |
Nov 23 2005, 11:16 PM
Post
#12
|
Irrelevant old fart Group: Members Posts: 8,797 Joined: 30-December 02 From: Vancouver, WA Member No.: 45 Region Association: None |
Are you on IE or Mozilla?
If you're on IE, you may want to load Mozilla and get a clean tool for the net. |
Howard |
Nov 23 2005, 11:19 PM
Post
#13
|
Incontin(g)ent Member Group: Benefactors Posts: 5,785 Joined: 24-July 03 From: Westlake Village, CA Member No.: 943 Region Association: None |
Did that before, but not in safe mode. I'll try again. Thanks
|
r_towle |
Nov 23 2005, 11:30 PM
Post
#14
|
Custom Member Group: Members Posts: 24,584 Joined: 9-January 03 From: Taxachusetts Member No.: 124 Region Association: North East States |
the part is pasted here says do it in safe mode...
its the part of the cure under the heading "if that did not work and you cant get rid of it...do this" Rich |
bd1308 |
Nov 23 2005, 11:33 PM
Post
#15
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
before you clean yourself....can you send that to me? i want to dissect it....
b |
MecGen |
Nov 24 2005, 06:39 AM
Post
#16
|
8 Easy Steps Group: Members Posts: 848 Joined: 8-January 05 From: Laval, Canada Member No.: 3,421 |
Hey
This summer I got infected with a simmilar troj... 3 PC shops and countless hours of net research... Cleaned my regit...no more internet... (IMG:http://www.914world.com/bbs2/html/emoticons/headbang.gif) Get the patches...worked ok but, final solution was, flush windows and start from scratch... I realy hope yours turns out better. Next time I,m calling Britt (IMG:http://www.914world.com/bbs2/html/emoticons/pray.gif) Later Poz (IMG:http://www.914world.com/bbs2/html/emoticons/drunk.gif) |
bd1308 |
Nov 24 2005, 10:02 AM
Post
#17
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
when i do work for somebody...
it costs less money for the customer (i do weekend house visits) if i dump the OS and reload. I'm going to setup a machine where i purposely infect it to see what goes on. Kinda like Jake blowing up and melting engines. b |
bd1308 |
Nov 24 2005, 10:03 AM
Post
#18
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
(IMG:http://www.914world.com/bbs2/html/emoticons/sad.gif) no message with troj attachment.
i'll figure something else out. b |
Howard |
Nov 24 2005, 10:36 AM
Post
#19
|
Incontin(g)ent Member Group: Benefactors Posts: 5,785 Joined: 24-July 03 From: Westlake Village, CA Member No.: 943 Region Association: None |
Britt, appreciate your help. We've got 20 people to feed today for t/g so I can't screw with this too much. Found the file, couldn't delete in windows, so rebooted in dos, changed the attrib and deleted. Can load AV software now and am running scans. According to Norton it's brand new as of yesterday, so they're still working out the bugs.
DON'T OPEN ZIP FILES FOR THE NEXT FEW DAYS UNTIL THEY FIGURE THIS LITTLE EFFER OUT. Brett, pm your phone number so I can ask you a few questions. |
bd1308 |
Nov 24 2005, 11:31 AM
Post
#20
|
||
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
brett=MecGen? |
||
Lo-Fi Version | Time is now: 29th May 2024 - 05:42 AM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |