Security Basics mailing list archives

RE: How to get rid of two trojans

From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Tue, 06 Jul 2004 05:22:46 +0000

Hi there VI,

Have you had the chance to look into the registry (specifically in the runkeys), and see if either of the trojans have made strange entries in there?If you are a bit afraid of editing the registry, using the "msconfig" GUImight be a little more user friendly.If you find that there are registry entries, restart in safe mode (pressingF8 during preliminary boot up), and check that the trojan(s) haven't found away to run (pressing ctrl + alt + del & looking for the trojans in therunning processes) - if they have then close them, remove the registryentries (or uncheck them in MSconfig), delete any trojan related files (butbe sure to check they arent critical windows files!) and you should have nofurther problems.

If you do, drop me a line and we can look into things a little further.

Warmest of regards,

Hamish Stanaway

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Owner/Operator
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com

From: "VI" <vi () vizo com>
To: <security-basics () securityfocus com>
Subject: How to get rid of two trojans
Date: Sun, 4 Jul 2004 12:25:27 +0300
MIME-Version: 1.0

Received: from outgoing3.securityfocus.com ([205.206.231.27]) bymc10-f29.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 5 Jul 200421:16:12 -0700Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPidA0D28237004; Mon, 5 Jul 2004 22:25:12 -0600 (MDT)

Received: (qmail 21330 invoked from network); 4 Jul 2004 09:20:07 -0000
X-Message-Info: 6sSXyD95QpWe7S8jobhZikHnkX3GnGVB
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <20040704092212.12944.qmail () mail2 securityfocus com>
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Thread-Index: AcRhqJVVrlfkoSoRRFyJgeHTgK/Ixg==

Return-Path:security-basics-return-29129-koremeltdown=hotmail.com () securityfocus comX-OriginalArrivalTime: 06 Jul 2004 04:16:12.0976 (UTC)FILETIME=[F9333B00:01C4630F]


Hi All,

AVG free edition shows two trojans; IRC. Backdoor.SdBot.29.T, andProxy.6.AG

kjhbb.exe and gfhhr.exe in system32 folder but it cannot clean them. Of

course deleting the files is no cure, because they come up again anadagain.


Trend Micro housecall and Norton AV 2003 does not even show them.

I could not find any mention of them in Symentec Web site.

Can anybody help in getting rid of them.

BTW, the OS is W2000 pro, and the latest patches are applied.

Regards,

VI



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field

pen testing experience in our state of the art hacking lab. Master theskills

of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today - it's FREE!http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

How to get rid of two trojans VI (Jul 05)
- Re: How to get rid of two trojans Paul Kurczaba (Jul 06)
- <Possible follow-ups>
- RE: How to get rid of two trojans Hamish Stanaway (Jul 06)
- Re: How to get rid of two trojans H Carvey (Jul 06)
  - Re: How to get rid of two trojans Carlos Bergero (Jul 07)
- RE: How to get rid of two trojans Halverson, Chris (Jul 07)
- RE: How to get rid of two trojans Hamish Stanaway (Jul 07)