Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horses [CLOSED]

Started by hotkey , Jun 27 2004 07:44 PM

  • This topic is locked This topic is locked

#1
hotkey
Posted 27 June 2004 - 07:44 PM

hotkey

    New Member

  • Member
  • Pip
  • 3 posts
i am having a problem loading norton antivirus, anytime i try to run it it automatically shuts itsself off. I ran a system scan with RAV online and got this log.

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\kondwani\Local Settings\Temp\optimize.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\Documents and Settings\kondwani\Local Settings\Temp\THI62B3.tmp\twaintec_cab.vir->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINDOWS\istinstall_si.exe - TrojanDownloader:Win32/Small.GL -> Suspicious
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JPAWT89T\http[1].hta->(SCRIPT0000) - Trojan:VBS/Startpage.J* -> Infected

Scanned
============================
Objects: 33009
Directories: 1457
Archives: 696
Size(Kb): -1511701
Infected files: 3

Found
============================
Viruses found: 3
Suspicious files: 1
Disinfected files: 0
Mail files: 53

please help
  • 0

Advertisements

#2
chimchim
Posted 27 June 2004 - 08:27 PM

chimchim

    Member

  • Member
  • PipPipPip
  • 149 posts
You may want to try the free version of AVG ANTI VIRUS. I don't know how often the NORTON ANTI VIRUS program updates but AVG ANTI VIRUS program has an update every day!!!! It also flags you right away when it finds a TROJAN HORSE virus so that you can run a scan to remove it
I used a trial version of NORTON ANTI VIRUS,briefly,and did not like how the program worked. AVG ANTI VIRUS is AWESOME,I have used it for years and best of all its free!!!! You may also want to get the free version of AD-WARE and run if you don't have it already!!! That program is great for AD-WARE and SPYWARE scanning and removal,it always has updates and its also FREE!!!!
  • 0

#3
ditto
Posted 27 June 2004 - 08:58 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
You have some suspicious files. Please run a free online virus scan here:
http://housecall.ant...start_frame.asp

And a free trojan scan here:
http://www.moosoft.com/
  • 0

#4
hotkey
Posted 27 June 2004 - 10:10 PM

hotkey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thank you for your replies, i ran house call it detected only one of the viruses which i then deleted. i then ran RAV online as well and it detected the following viruses,
C:\Documents and Settings\kondwani\Local Settings\Temp\optimize.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\Documents and Settings\kondwani\Local Settings\Temp\THI62B3.tmp\twaintec_cab.vir->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
Any clues on how i can get rid of these nasties?
Thank you
  • 0

#5
chimchim
Posted 27 June 2004 - 10:15 PM

chimchim

    Member

  • Member
  • PipPipPip
  • 149 posts
I used the below nnline virus scan at work. It was free and it removed the virus's
it found as well:
http://www.pandasoft...n_principal.htm

Give that a try!!!!
I also used this on a computer that had NORTON ANTI VIRUS installed and it didn't cause a problem.
  • 0

#6
hotkey
Posted 28 June 2004 - 12:28 PM

hotkey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
the situation has gone from bad to worse because now i can not open any program using my destop icons. i have to go into safe mode for me to even be able to access my documents. i am using a friend's machine right now at his home. I think i will just have to reformat my whole hard drive unless someone has an idea of what i can do?
  • 0

#7
ditto
Posted 28 June 2004 - 12:36 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Try restarting the computer using "last known good configuration":
1. Start Windows, or if it is running, shut Windows down, and then turn off the computer.
2. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
3. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Using the arrow keys on the keyboard, scroll to and select the Last Known Good Configuration menu item, and then press Enter.

Next, let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#8
netscout
Posted 02 July 2004 - 09:55 AM

netscout

    New Member

  • Member
  • Pip
  • 1 posts
Hotkey,
It sounds like you have the same problem I just had. It is likely caused by the Pinon.A worm which I found on my system along with Byfuca BQ and M trojans. All from a rogue website I think. It seemed to attach itself to my Benign program, and only by deleting all Benign files and doing a disc clean could I get the virtual memory back. I shut down and restarted several times to complete this process. Only then did I have enough memory to get my browser to run and login to HouseCall. They were all found by Trendmicro House call.
Norton found and cleaned the same number of infections but did not use the same names but descriptios of types. I don`t know why.
For Spyware I find that Pest Patrol finds many that other programs don`t but of course I haven`t tried them all.
I have switched to another Firewall, Sygate, in hopes of preventing these intrusions again and am also trialling a different browser, mozilla firefox, which is claimed to be much safer than IE. Time will tell if they are any better.
  • 0

#9
Kat
Posted 03 September 2005 - 01:13 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP