Security Basics mailing list archives
RE: Trojan.Lodear.B/Trojan.Lodav.A
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 15 Nov 2005 17:06:27 -0500
Joe, You might try the following it is quite detailed: ---------snip---------- We would like to introduce visitors to an exciting and valuable new resource available at CastleCops called the Malware Removal and Prevention procedure. This procedure is designed to enable users to either partially, or fully clean their systems without the direct aid of an expert. It provides instructions on how to perform a series of antispyware, antivirus and antitrojan scans, as well as, run a system cleaning utility. The generalized scanners we recommend are intended to address a broad spectrum of malware including adware, spyware, trojans, viruses, and browser hijackers. Soon it will become standard practice for all HijackThis (HJT) posters to perform malware removal before posting a HJT log. The ideas and suggestions of numerous staff members have contributed to the development of the final product. We even took a staff poll to decide on a name but such catchy monikers such as "Purging the Parasites" and "Zapping the Crap' were rejected in favor of the humdrum but more descript Malware Removal and Prevention (MRP). Malware removal and prevention procedure: http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction More information about it (continued...): http://castlecops.com/a6341-Malware_Removal_and_Prevention_Procedure.html ---------snip---------- And, if it is not successful you can utilize the CastleCops HJT forum. Both are free!! Regards, Dave -----Original Message----- From: Joe George [mailto:j.george () conservation org] Sent: Tuesday, November 15, 2005 14:50 To: security-basics () securityfocus com Subject: Trojan.Lodear.B/Trojan.Lodav.A Hi all, I have a workstation that was compromised by the Trojan mentioned in the subject, after the end user opened an infected .ZIP file. I followed the instructions Symantec recommended. I used their removal tool because I was not able to access the registry. I also installed the UnHookExec.inf in an attempt to reset the shell/open/command reg keys, per the article. I was still not able to access the registry. I ran the removal tool several times in normal and in safe mode and each time it would detect and terminate the Trojan process running in explorer.exe. Before one removal tool run, I ran Winternals Process Explorer, but nothing was found. I ran two anti-virus scans but did not find anything after the initial detection. Is there anything that I have not tried that someone can suggest? I'm about ready to run a repair on Windows, but not ready to rebuild, as I am concerned there maybe more workstations that have been just as compromised. Thanks in advance. -- Joe George IT Janitor x349
Current thread:
- Trojan.Lodear.B/Trojan.Lodav.A Joe George (Nov 15)
- RE: Trojan.Lodear.B/Trojan.Lodav.A dave kleiman (Nov 16)
- Re: Trojan.Lodear.B/Trojan.Lodav.A Brad Spangler (Nov 16)
- <Possible follow-ups>
- Re: Trojan.Lodear.B/Trojan.Lodav.A mjcarter (Nov 16)