|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page. |
 |
|
|
LinkBack | Thread Tools |
10-29-2009, 02:27 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 19
OS: Windows XP SP2
|
Is this a Valid Way to Get Rid of a Trojan?
Funny (not!) thing happened to me today. I clicked on a Google link and it took me to an entirely irrelevant page. I smelled a rat immediately, and a full system scan with F-Secure revealed the Trojan-PWS.Win32.Kates.c in a [can't remember the name].obx file in C:/Windows. I attempted to delete it (through F-Secure) and yes, I'm sure you know the rest. It replicated itself. It did that also when I tried to rename it. Another symptom was that attempting to open the registry (either by double-clicking regedit or by entering 'regedit' in Run) resulted in the taskbar disappearing for a second or two - without registry editor ever running.
I read numerous threads with similar problems and they all suggest the combofix method. I tried something else. I opened the infected file with wordpad, deleted all the contents and saved it with the same name. It didn't replicate itself, it shows 0 KB size (of course), and F-Secure doesn't recognize it as a virus (of course). Regedit works. Full system scan with F-Secure doesn't find anything anywhere. After a couple of reboots, nothing has changed. File still 0 KB, regedit works, no viruses reported. Is it safe to assume the problem is taken care of? I find it hard to believe - where is the initiator of the replication action? Is there a specific registry entry (or anything else) I should check to see if there is still an infection lurking? Thanks! 
__________________
-- Windows XP SP2, Desktop PC (HP), USB mouse, PS2 keyboard, 512 RAM, MSI-AMETHYST-M, AMD Athlon 64 3500+ |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-29-2009, 03:00 PM
|
#2 (permalink) | |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Re: Is this a Valid Way to Get Rid of a Trojan?
Hi
Quote:
We cannot give you any advice until you start here and follow the instructions. NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help Do not post your logs back in this thread - follow the guidance in the above link! If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply. Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums.   PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
|
| Thread Tools | |
|
|
