Security Basics mailing list archives
RE: Question for all
From: Ricardo Ceballos <rceballos () actualiza cl>
Date: Wed, 6 Aug 2003 12:21:29 -0400
Clean up any reference to "Backdoor.Trojan" from you regedit and then you will be able to delete it from his location. Ricardo -----Original Message----- From: Nick Bennett [mailto:nick () acorndesign co uk] Sent: Tuesday, August 05, 2003 12:02 PM To: Jeffrey.Flory2 () LACKLAND AF MIL Cc: security-basics () securityfocus com Subject: Re: Question for all don't know if this is of any help, but found it through google search : http://www.symantec.com/avcenter/venc/data/w32.randex.d.html ----- Original Message ----- From: "Morton B. Maser" <MBMaser () msn com> To: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL>; <security-basics () securityfocus com>; <incidents () securityfocus com> Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> Sent: Tuesday, August 05, 2003 10:57 AM Subject: Re: Question for all
Haven't heard of it specifically by that name - you might check http://www.diamondcs.com.au (TDS-3 anti-trojan scanner) or http://www.nsclean.com (BOClean anti-trojan). Have you done a scan for alternate date streams? Could be hidden that way. Obviously, if you can identify the trojan or its code (Hackman is always useful for stuff like that), you may be able to just use the local loop (127.0.0.1) to send its "kill" command. ----- Original Message ----- From: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> To: <security-basics () securityfocus com>; <incidents () securityfocus com> Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> Sent: Friday, August 01, 2003 7:22 AM Subject: Question for allA friend of mine recently went from Windows ME to Win2K, but now he has
a
trojan on his computer. He is running Norton Anti-virus, and it will
not
clean it off, it will only quarentine it. The affliction is: Backdoor.Trojan, and it has placed a hidden folder on his hard drivecalled:Payload.Dat. He cannot get ride of it. We have tried doing a search ontheinternet for some kind of information pertaining to this, but we had no luck. We also tried all the antiviral websites but they do not have atoolfor this. My question is: Has anyone ever heard of this, and if so, how do youcleanit off. Thanks in advance for any assistance, anyone can provide. Jeff-------------------------------------------------------------------------- - -------------------------------------------------------------------------- ----------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
The information in this email is confidential, and is intended solely for the addressee. Access to this email by anyone else is strictly unauthorized. Further, Acorn Design does not accept liability for the consequences of anyone acting on the information contained in this email before receiving written/signed confirmation. The contents of this email does not necessarily represent the views of Acorn Design --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Question for all, (continued)
- RE: Question for all McCleskey, David (Aug 01)
- Re: Question for all KoRe MeLtDoWn (Aug 01)
- RE: Question for all Bob Walker (Aug 04)
- RE: Question for all Glenn Pearl (Aug 04)
- RE: Question for all Bob Walker (Aug 04)
- Re: Question for all Chris Berry (Aug 01)
- Re: Question for all Brad Mills (Aug 04)
- RE: Question for all George Peek (Aug 04)
- RE: Question for all Chris Berry (Aug 04)
- Re: Question for all Ansgar Wiechers (Aug 06)
- RE: Question for all Ramsinghani, Aashish (EM, GECIS) (Aug 06)
- RE: Question for all Ricardo Ceballos (Aug 06)