Got this cutie today. Anti_Troj.exe
Screws up the works.
Knocked out my Norton and won't let me reinstall nor get any new AV software installed. RegEdit the entry as per Symantec instructions, but can't run anti virus scan to kill it. Help!
Full Version: OT: Virus Gurus
Goggle AVG. and run their free av scan off the net.
Their updates are very current . I get em' daily.
Good luck.
Their updates are very current . I get em' daily.
Good luck.
go get lavasoft's anti spyware. and Spybot Search and Destroy. using both of thoes gets most of the stuff off. along with microsofts antispyware.
also. try F-Prot's antivirus software. you can get the trial online for free. have to hunt on their website.
also. try F-Prot's antivirus software. you can get the trial online for free. have to hunt on their website.
most of these have a pre-boot function...
You probably need to boot in safe mode and then run the symantic cleaner agent for this specific problem...
Only in safe mode can you ensure that nothing got loaded...
Rich
You probably need to boot in safe mode and then run the symantic cleaner agent for this specific problem...
Only in safe mode can you ensure that nothing got loaded...
Rich
| QUOTE (r_towle @ Nov 23 2005, 08:35 PM) |
| most of these have a pre-boot function... Only in safe mode can you ensure that nothing got loaded... Rich |
Yup.
Howard, that's what you get for letting the Narpster site go
Thanks, guys. I'll try 'em one at a time. No effect on Mycrosoft anti spy, still running no problems. Alberto, I didn't kill the narp, the free server went out of biz.
Howie, you got my PM regarding that right?
did MS antispyware work?
b
did MS antispyware work?
b
Yeah, Britt. Set it up and I'll get it over to you. Unfortunately, we'll lose everthing that was in there.
MS Anti spy doesn't find it. And this guy is good... won't let me visit any AV site to get a download. Don't think I can access DSL in safe mode, so may have to get it on another machine. Back to the drawing board
MS Anti spy doesn't find it. And this guy is good... won't let me visit any AV site to get a download. Don't think I can access DSL in safe mode, so may have to get it on another machine. Back to the drawing board
what OS are you using?
can you send me the file in a email?
i'll look at it.....we'll come up with something
b
can you send me the file in a email?
i'll look at it.....we'll come up with something
b
Howard...
This is from Syamntec.
You have a bad Trojan horse...it downloads more bad files to your computer....
first thing...unlpug it from the internet...
then follow these instructions...
Print them out and follow them to a T
At a high level.
You have to boot in safe mode to disable the service from starting...
Then you need to use the current version of the Virus software to get rid of it...
Then you need to edit the registry to make sure its gone.
There might also be some of the files left...the files it downloaded....
After you do that...boot in normal mode and get all the latest patches from symantec.
then run it once again in normal mode.
READ BELOW
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.
Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
Click Start > Run.
Type regedit
Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
Navigate to the subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"anti_troj" = "%System%\anti_troj.exe"
Navigate to the subkey:
HKEY_CURRENT_USER\Software\FirstRRRun
In the right pane, delete the value:
"FirstRRRun" = "1"
Exit the Registry Editor.
This is from Syamntec.
You have a bad Trojan horse...it downloads more bad files to your computer....
first thing...unlpug it from the internet...
then follow these instructions...
Print them out and follow them to a T
At a high level.
You have to boot in safe mode to disable the service from starting...
Then you need to use the current version of the Virus software to get rid of it...
Then you need to edit the registry to make sure its gone.
There might also be some of the files left...the files it downloaded....
After you do that...boot in normal mode and get all the latest patches from symantec.
then run it once again in normal mode.
READ BELOW
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.
Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
Click Start > Run.
Type regedit
Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
Navigate to the subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"anti_troj" = "%System%\anti_troj.exe"
Navigate to the subkey:
HKEY_CURRENT_USER\Software\FirstRRRun
In the right pane, delete the value:
"FirstRRRun" = "1"
Exit the Registry Editor.
Are you on IE or Mozilla?
If you're on IE, you may want to load Mozilla and get a clean
tool for the net.
If you're on IE, you may want to load Mozilla and get a clean
tool for the net.
Did that before, but not in safe mode. I'll try again. Thanks
the part is pasted here says do it in safe mode...
its the part of the cure under the heading "if that did not work and you cant get rid of it...do this"
Rich
its the part of the cure under the heading "if that did not work and you cant get rid of it...do this"
Rich
before you clean yourself....can you send that to me? i want to dissect it....
b
b
Hey
This summer I got infected with a simmilar troj...
3 PC shops and countless hours of net research...
Cleaned my regit...no more internet...
Get the patches...worked ok but, final solution was, flush windows and start from scratch...
I realy hope yours turns out better. Next time I,m calling Britt
Later Poz
This summer I got infected with a simmilar troj...
3 PC shops and countless hours of net research...
Cleaned my regit...no more internet...
Get the patches...worked ok but, final solution was, flush windows and start from scratch...
I realy hope yours turns out better. Next time I,m calling Britt
Later Poz
when i do work for somebody...
it costs less money for the customer (i do weekend house visits) if i dump the OS and reload.
I'm going to setup a machine where i purposely infect it to see what goes on. Kinda like Jake blowing up and melting engines.
b
it costs less money for the customer (i do weekend house visits) if i dump the OS and reload.
I'm going to setup a machine where i purposely infect it to see what goes on. Kinda like Jake blowing up and melting engines.
b
no message with troj attachment.i'll figure something else out.
b
Britt, appreciate your help. We've got 20 people to feed today for t/g so I can't screw with this too much. Found the file, couldn't delete in windows, so rebooted in dos, changed the attrib and deleted. Can load AV software now and am running scans. According to Norton it's brand new as of yesterday, so they're still working out the bugs.
DON'T OPEN ZIP FILES FOR THE NEXT FEW DAYS UNTIL THEY FIGURE THIS LITTLE EFFER OUT.
Brett, pm your phone number so I can ask you a few questions.
DON'T OPEN ZIP FILES FOR THE NEXT FEW DAYS UNTIL THEY FIGURE THIS LITTLE EFFER OUT.
Brett, pm your phone number so I can ask you a few questions.
| QUOTE (Howard @ Nov 24 2005, 10:36 AM) |
| Britt, appreciate your help. We've got 20 people to feed today for t/g so I can't screw with this too much. Found the file, couldn't delete in windows, so rebooted in dos, changed the attrib and deleted. Can load AV software now and am running scans. According to Norton it's brand new as of yesterday, so they're still working out the bugs. DON'T OPEN ZIP FILES FOR THE NEXT FEW DAYS UNTIL THEY FIGURE THIS LITTLE EFFER OUT. Brett, pm your phone number so I can ask you a few questions. |
brett=MecGen?
I meant Britt!
fat fingers typing on tiny laptop
fat fingers typing on tiny laptop
| QUOTE (Howard @ Nov 24 2005, 11:58 AM) |
| I meant Britt! fat fingers typing on tiny laptop |
you must have some ham fingers.....
the E and the I are real far apart
b
just jokin man....dont want to offend anybody. 
Howard,
Try this. It works for me everytime. Unplug the computer, lift it off the ground, shelf, whatever. Find the tallest building in town. Go up to the roof and throw it off. Buy a new one. Foolproof. Aaron told me about this technique and said the hardest part was finding where the roof was.
Cheerio, Elliot
Try this. It works for me everytime. Unplug the computer, lift it off the ground, shelf, whatever. Find the tallest building in town. Go up to the roof and throw it off. Buy a new one. Foolproof. Aaron told me about this technique and said the hardest part was finding where the roof was.
Cheerio, Elliot
| QUOTE (Elliot Cannon @ Nov 24 2005, 11:03 PM) |
| Howard, Try this. It works for me everytime. Unplug the computer, lift it off the ground, shelf, whatever. Find the tallest building in town. Go up to the roof and throw it off. Buy a new one. Foolproof. Aaron told me about this technique and said the hardest part was finding where the roof was. Cheerio, Elliot |
old man got jokes....
| QUOTE (Elliot Cannon @ Nov 25 2005, 12:03 AM) |
| Howard, Try this. It works for me everytime. Unplug the computer, lift it off the ground, shelf, whatever. Find the tallest building in town. Go up to the roof and throw it off. Buy a new one. Foolproof. Aaron told me about this technique and said the hardest part was finding where the roof was. Cheerio, Elliot |
i'd hate to be walking around town and having a computer falling on my head.
b
All's well. Took some interesting wrenching with a little help from my friends. Kinda 914ish. Thanks all.
Britt (not Brett) I know you want a copy of this mess to dissect, but now that it's gone, I'm not gonna look for it.
The company left with the leftovers, the kitchen is clean, I've got the farts, life is good. Calm before the storm..
Britt (not Brett) I know you want a copy of this mess to dissect, but now that it's gone, I'm not gonna look for it.
The company left with the leftovers, the kitchen is clean, I've got the farts, life is good. Calm before the storm..
Howard, don't worry about it. It's okay....seriously.
you have my cell number if you need to ask questions. dont be afraid to call.
b
you have my cell number if you need to ask questions. dont be afraid to call.
b
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.