View Profile
View Forum Posts
Guys, I have a problem with a trojan that continues to pop up. EZ Trust's realtime protection picks up the infection, But I've run four different scans with four different antivrus/Trojan apps and neither picked this trojan or its source.
I left the realtime protection box open during each scan and I realized that it detected the same infection four different times in two different locations. The funny thing is that when I'd go to the folder that is said to contain the trojan, that trojan isn't there. This leaves me to beleive that EZ Trust's realtime protection deletes the file once it has located it.
The weird thing is that I can't find the source of the trojan. In order for the same trojan to continue to show up it the same locations, tells me that someone or something is continuing to drop the trojan, I just don't know how its getting on my computer or who is doing it.
I figure if I can delete the file that is steadily downloaded the file onto my computer, it wouldn't show up.
Do you guys have any ideas as to how I can get rid of this little pest, or what I can do to found out how it continues to make its way onto my computer?
How can I tell if someone is remotely connected to my pc without my permission?
PS. You might say that I contract it whenevr I visit a certain site; I dought that, because most of the times I receive the notification from EZ Trust When I'm not even surfing the web.
+ Reply to Thread
Results 1 to 11 of 11
-
-
This is all I could find on the Thorin virus. Not sure about removal.http://www.kaspersky.ch/avpve/newexe/win32/thorin.stm
Make sure all your antivirus/antitrojan software is updated. Maybe the link above will give you some help. Sometimes you can run the scans in safe mode and kill it that way. And unhook from the internet while you are doing this. -
Just read the link that redwudz posted. Ruh ro (in Scooby Doo voice). Burn your data to CD/DVD and be prepared to reinstall. Sounds like a BAD one.
You have a CHANCE of removing it by booting your system via CD and using WinPE (XP on a CD) to clean the infection. Look here for info - you'll need an XP CD with SP1 or greater on it to create the thing. http://www.ubcd4win.com/howto.htm
You can try to find the source of the trojan/virus with this app:
RootkitRevealer
url: http://www.sysinternals.com
RootkitRevealer
What is a Rootkit?
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.
The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.
Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer. -
Thanx supafresh, I'll be sure to use that app
-
Under windows explorer options are you sure that you're showing hidden files and folders as well as system files and folders? It's possible the file might just be hidden.
I'd recommend trying AdAware and Microsoft AntiSpyware beta if you haven't already. both are free and work great. -
Yes I'm sure.Under windows explorer options are you sure that you're showing hidden files and folders as well as system files and folders? It's possible the file might just be hidden.
-
I read about kernel rootkits a couple of weeks ago and it sounds pretty nasty.
You may need to start over. -
G'day
Mate, try this. (Free demo) Update it before you use it.
http://www.eset.com/home/home.htm
It 'll be the end of your problem. Configure to do deep clean and and check on everything including Potentially Dangerous Applications. You won't beleive how much shit you will find in the PC.
John -
Master of Time & Space
- Feb 2004
- Denver, CO United States
Consider doing a system restore from a previous safe restore point
-
I have reformatted since my last post; I couldn't get rid of the little bugger that was pesterring me, so I fried him with a reformat :P Burn baby Burn :lol2:
My system was hesitating badly, it had poor response, and sometimes it acted as if it had a mind of its own
Now that I've reformatted, speed, speed, speed; I love it. I literally feel refreshed by the fresh reinstall.
One thing though, since the reformat, I've only installed the most important files and progs. I want to make a copy of my system as it is now would. I want to try once more to install sp2, should I make the copy of my system before or after sp2? I ask this because the last time I tried to install sp2 I wasn't able to connect to the internet.
Which is better anyway, A fresh install, or booting from a dvd copy of your OS?
Ive never booted a copied os from disc before, how is that done? I know that question is noobish
-
have you tried turning off system restore then booting in safe mode. run the scan delete all trojans etc i would use ms antispyware and adaware and spybot all of them. then reboot back into windows normally.. wait a couple hours see if it comes back. if not thn you can safely turn system restore on..
if you arenot sure how to turn it off.. go to control pannel admin tools services. scroll down to system restore you should stop it and disable it for the time being.
this has worked for me a couple times when nothing else has.. key is to run scans in safe mode.
Quote
Similar Threads
-
vob2mpg Backdoor.Trojan
By otherwhorl in forum SVCD2DVD & VOB2MPGReplies: 4Last Post: 1st Jan 2010, 03:37 -
Trojan virus
By Jomapil in forum ComputerReplies: 4Last Post: 17th May 2009, 10:57 -
is Erightsoft's SUPER a Trojan?
By mister_to_you in forum Video ConversionReplies: 4Last Post: 13th Jun 2008, 02:30 -
is Trojan Remover 6 good
By dewolf in forum ComputerReplies: 8Last Post: 24th Jun 2007, 13:38 -
how do i get ride of a trojan horse?
By mvp in forum Newbie / General discussionsReplies: 31Last Post: 18th May 2007, 09:35