 Command.exe Trojan, how to remove? |
|
|
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
|
  |
| dlo914 |
 Dec 19 2005, 03:19 PM
Post
#1
|
|
Whatchu' lookin' at?!?!  Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697  |
ive tried numerous spyware removers and no luck. they're all unable to remove the trojan, because it's not located in a file it's actually made itself into a running process. does anyone have a solution other than reformatting? this is the most troublesome trojan ive run into in the last 8 years (IMG:http://www.914world.com/bbs2/html/emoticons/sad.gif)
|
   |
 
|
| dlo914 |
Dec 19 2005, 03:30 PM
Post
#2
|
|
Whatchu' lookin' at?!?! Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697 |
here's the bastard:
Attached image(s) 
|
|
|
|
| dlo914 |
Dec 19 2005, 03:31 PM
Post
#3
|
|
Whatchu' lookin' at?!?! Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697 |
and this constantly pops up every 5 secs (IMG:http://www.914world.com/bbs2/html/emoticons/mad.gif)
Attached image(s) 
|
|
|
|
| SirAndy |
Dec 19 2005, 03:45 PM
Post
#4
|
|
Resident German Group: Admin Posts: 41,607 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
start in safe mode. that should prevent the trojan from being loaded.
delete it on the HD, find it in the registry and delete it there too. make sure it's not in your "startup" folder. look it up online (on symantecs website for example) and get a detailed filelist. viruses usually don't come in just one file. make sure you get them ALL deleted. then, and only then, run "spybot search & destroy" followed by a good anit virus program. restart machine in normal mode and cross your fingers ... (IMG:http://www.914world.com/bbs2/html/emoticons/type.gif) Andy |
|
|
|
| dlo914 |
Dec 19 2005, 04:02 PM
Post
#5
|
|
Whatchu' lookin' at?!?! Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697 |
thanks Andy! i was doing everything, but starting in Safe Mode... (IMG:http://www.914world.com/bbs2/html/emoticons/dry.gif)
|
|
|
|
| TROJANMAN |
Dec 19 2005, 04:16 PM
Post
#6
|
|
Looks nice in pictures......... Group: Members Posts: 5,249 Joined: 5-March 04 From: Colorado Member No.: 1,753 Region Association: None |
do a search on Command.exe you should find the answer you're looking for. (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif) and STOP SURFING PORN SITES (IMG:http://www.914world.com/bbs2/html/emoticons/laugh.gif) |
 |
|
| Carlitos Way |
Dec 19 2005, 04:43 PM
Post
#7
|
||
|
I did it MY WAY Group: Members Posts: 1,337 Joined: 14-September 04 From: Simi Valley, CA Member No.: 2,757 Region Association: Southern California |
Am I the only one finding it ironic that a TROJAN is against PORN? Don't the two of them go together by nature??? |
||
|
|
|
||
| tat2dphreak |
Dec 19 2005, 04:43 PM
Post
#8
|
|
stoya, stoya, stoya Group: Benefactors Posts: 8,797 Joined: 6-June 03 From: Wylie, TX Member No.: 792 Region Association: Southwest Region  |
to be sure you got them all... get HiJackThis, and run it 1-2 times a month, it will also tell you unneeded processed that bog down your computer...
paste the log here: http://hjt.networktechs.com/ and http://www.iamnotageek.com/ forums will help you clean things up... I am not a geek will also aid in spyware removal... good site... here is how Norton recommends to remove the command.exe trojan http://securityresponse.symantec.com/avcen...s.qqpass.e.html |
|
|
|
| TROJANMAN |
Dec 19 2005, 04:59 PM
Post
#9
|
||
|
Looks nice in pictures......... Group: Members Posts: 5,249 Joined: 5-March 04 From: Colorado Member No.: 1,753 Region Association: None |
haha. if you're watching porn, you are probably alone, so no need for a condom. (IMG:http://www.914world.com/bbs2/html/emoticons/lol2.gif) |
||
|
|
|
||
| Carlitos Way |
Dec 19 2005, 05:00 PM
Post
#10
|
|
I did it MY WAY Group: Members Posts: 1,337 Joined: 14-September 04 From: Simi Valley, CA Member No.: 2,757 Region Association: Southern California |
Back On-Track... Andy's recommendation on spyware removal seems to be right on the money. Same procedure we were using at my last job for a while.
|
|
|
|
| SLITS |
Dec 19 2005, 05:02 PM
Post
#11
|
|
"This Utah shit is HARSH!" Group: Benefactors Posts: 13,602 Joined: 22-February 04 From: SoCal Mountains ... Member No.: 1,696 Region Association: None |
(IMG:http://www.914world.com/bbs2/html/emoticons/hijacked.gif)
I thought you grasped it with your thumb and forefinger and pulled............... |
|
|
|
| dlo914 |
Dec 19 2005, 07:46 PM
Post
#12
|
|
Whatchu' lookin' at?!?! Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697 |
to start-up in Safe Mode for Win Xp i press? F8 or F10?
|
|
|
|
| Carlitos Way |
Dec 19 2005, 07:48 PM
Post
#13
|
|
I did it MY WAY Group: Members Posts: 1,337 Joined: 14-September 04 From: Simi Valley, CA Member No.: 2,757 Region Association: Southern California |
Usually F8 will do the trick.
|
|
|
|
| dlo914 |
Dec 19 2005, 07:52 PM
Post
#14
|
||
|
Whatchu' lookin' at?!?! Group: Members Posts: 3,432 Joined: 6-September 04 From: San Gabriel, CA Member No.: 2,697 |
wow quick response! thanks...a couple of times ive been pressing both F8 n 10 at the same time b/c i didnt remember which one it was (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif) |
||
|
|
|
||
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 30th April 2024 - 08:38 AM |
Invision Power Board
v9.1.4 © 2024 IPS, Inc.