executer trojan question
-
frankinstine
- Member
- Posts: 30
- Joined: Thu Apr 26, 2001 12:00 am
- Location: cincinnati / ohio
executer trojan question
a friend i know has the executer trojan on their puter and its been there for a about 3 months.we ran the cleaner,trojan 5.mcafee,nortons virus scans,spytech integirity check.spy check integirity is the one that found it,but said be cautious with the folder its in.any clues on what to do with this thing?Im not experienced with cleaning trojans only preventing them in the first place.thanks for any help on this.
-
frankinstine
- Member
- Posts: 30
- Joined: Thu Apr 26, 2001 12:00 am
- Location: cincinnati / ohio
thanks Ken for the post,
Those are all good progies you listed.I have the cleaner I use myself.The person that had the trojan here said they were able to clean it out using a program called spytechintegrity plus. I don,t know anything about that program.I,ll get all the info and post here later what this trojan did,how they got it and all that good stuff
Those are all good progies you listed.I have the cleaner I use myself.The person that had the trojan here said they were able to clean it out using a program called spytechintegrity plus. I don,t know anything about that program.I,ll get all the info and post here later what this trojan did,how they got it and all that good stuff
As Ken says in the earlier post, if the The Cleaner didn't find it, then I would hesistate to call it a trojan. However, if you are not satified with any of the program's findings then there are places you can look for rogue software.
Open your registry editor (regedit) and locate these keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
The above is taken from a Windows 2000 machine, I can't remember if they are different in the DOS kernel OS's. You can always do a find in regedit to locate them.
If your machine has an NT-based kernel, check to see what services are loading a start-up via the path below.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Each service will have it's very own key. Note at the root of each service key there is a DWORD named Start. A value of 0x00000002(2) means the service is loading at boot.
And as always, if your inconfortable messing with your machine's registry. DON"T do it. Altering the above keys could screw up your computer. Do not disable valid services/startup progs. If your unsure of your findings, repost I'll take a look at what is loading at boot on your machine.
Open your registry editor (regedit) and locate these keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
The above is taken from a Windows 2000 machine, I can't remember if they are different in the DOS kernel OS's. You can always do a find in regedit to locate them.
If your machine has an NT-based kernel, check to see what services are loading a start-up via the path below.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Each service will have it's very own key. Note at the root of each service key there is a DWORD named Start. A value of 0x00000002(2) means the service is loading at boot.
And as always, if your inconfortable messing with your machine's registry. DON"T do it. Altering the above keys could screw up your computer. Do not disable valid services/startup progs. If your unsure of your findings, repost I'll take a look at what is loading at boot on your machine.
I have NAV 2001 on my computer also. and i noticed that my computer was screwing up alot so i decided that i better scan with something else. so i found eSafe.com and they have a *FREE* scanner/firewall/whatever. and it found BO2k and SubSeven. and i was a lil suprised that NAV didn't find it... eSafe told me that there were *18* in C:\_RESTORE who'da thought free stuff actually worked...anyways, had to go to dos since windows didn't let me delete them myself 
. well check it out, it might find something those $49.95 anti-virus' didn't...
. well check it out, it might find something those $49.95 anti-virus' didn't...