Computing.Net > Forums > Security and Virus > Backdoor.trojan virus??

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Backdoor.trojan virus??

Reply to Message Icon

Original Message
Name: Lisa S
Date: April 3, 2002 at 21:44:29 Pacific
Subject: Backdoor.trojan virus??
Comment:

I just reformatted my computer a couple days ago and I haven't used it much since then. I just downloaded a NAV update and it told me I had the Backdoor.trojan virus. (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html) I was able to remove it, but how do I know if I have actually been infected or not? I don't recall clicking on the file and I do not have any noticable signs, except my little computers in the taskbar flash when I am on idle at a site. Is somebody hacking me?! Is it ok for Rundll32 to access the internet? That's one of the files it told me was infected. Somebody please help me!


Report Offensive Message For Removal


Response Number 1
Name:
Date: April 4, 2002 at 02:54:15 Pacific
Reply: (edit)

Put a firewall on your machine and check the traffic log


Report Offensive Follow Up For Removal

Response Number 2
Name: Brant
Date: April 4, 2002 at 07:12:32 Pacific
Reply: (edit)

I think you need to delete your Rundll32 and download a new one.
1. Removing Trojans in Windows 95/98/Me

To remove the Trojan

* Check the virus analysis for details on the Trojan and its removal.
* Go to Start|Programs|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
* Select the 'Immediate' tab.
* Go to Options|Configuration... select the 'Action' tab, tick 'Infected files', select 'Delete' then click 'OK'.
* Click the 'Go' button on the toolbar to start the scan.
* Delete the files. Run another scan to check it has gone.
* Go back to Options|Configuration... select the 'Action' tab, then deselect 'Infected files' and 'Delete'. Click 'OK'.
* Reboot and run a final scan to be certain it has gone.

If the Trojan cannot be removed because the files are held open by the operating system:

* Reboot the PC from a clean startup or system disk.
* Delete and replace the infected files manually or using the DOS instructions.


http://www.sophos.com/search/index.cgi


Report Offensive Follow Up For Removal

Response Number 3
Name: sxshep
Date: April 4, 2002 at 18:17:22 Pacific
Reply: (edit)

Lisa,
If your system is running OK,if so, sit tight for a while and don't take any drastic actions.
Unless I am mistaken, NAV will identify with more specificity which trogan is the culprit.
The message you related is a non specific warning that there is a trogan present.
If you can get a more targeted trogan this site has a good list of them and their presence.
http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html
It may be neccesary to re-install run32 as mentioned above, but you should at the very least get a good firewall such as ZoneAlarm
so you can keep track of this stuff.
GoodLuck
sheo


Report Offensive Follow Up For Removal

Response Number 4
Name: wawadave81@hotmail.c
Date: April 4, 2002 at 18:46:28 Pacific
Reply: (edit)

hello
dont let rundll on the internet at all


Report Offensive Follow Up For Removal

Response Number 5
Name: Analyzer
Date: May 8, 2002 at 03:34:15 Pacific
Reply: (edit)

Trying To Trace the origin of Backdoor.Trojan

Hello,

I am running windows xp pro and have The Latest Zone Alarm As well as
the Latest Norton 2002 installed on my PC.

Norton detected the backdoor.Trojan in a file called
winlogon.exe under c:\windows\system virus 2 days late.
and sadly found out that the file c:\windows\system\winlogon.exe
has bypassed ZoneAlarm !!!!

I have deleted that file now and Norton doesn't detect anything
else on my pc, I hope this is sufficient.

2 days ago I was running KaZaA and downloading something, I have
a strong feeling the backdoor.trojan came through KaZaA, I would
just like to know how it was done so it can be safe again to use
KaZaA.

Note: of course I had to let kazaa bypass zonealarm.

was the file created for use with subseven? and how was it able
to get into my c:\windows\system dir without clicking on any
suspicious files?

I always scan my files b4 I execute them on regular basis.

I scanned all my hard drive and the only file that contained the
trojan was winlogon.exe nothing else !!!!


the reason this is making my head spin a little is because I have
the latest Norton plus Zone alarm not only that I am always 100%
careful about what components and programs are getting access through
zonealarm and then I find this stupid winlogon as access !!!!

Please if you have some information on how to prevent this in the future
let me know as I don't know what mistakes I have done other than using
KazAalite the one without spy ware.

thanks in advance,


Analyzer Analyzer_@hotmail.com


Report Offensive Follow Up For Removal


Response Number 6
Name: Kishor Valia
Date: May 8, 2002 at 11:25:09 Pacific
Reply: (edit)

Please send me step by step instructi9on to remove this virus. My MRPEXE.EXE file is infected with this virus. I run Window 95 system.

Kishor Valia.


Report Offensive Follow Up For Removal

Response Number 7
Name: jefke patat
Date: May 9, 2002 at 04:04:59 Pacific
Reply: (edit)

my shellex.exe is infected by the backdoor trojan how to remove the virus
i run windows 2000 xp


Report Offensive Follow Up For Removal

Response Number 8
Name: Rodrigo
Date: May 18, 2002 at 07:30:49 Pacific
Reply: (edit)

My NAV detected this virus on c:\windows\temp
in three files, i updated my Norton but sadly it didnīt repaired the files so i deleted them, so do you think my cpu is no longer in danger?
This matter really surpasses me...


Report Offensive Follow Up For Removal

Response Number 9
Name: samera
Date: May 24, 2002 at 17:19:01 Pacific
Reply: (edit)

Hi,
I use ME windows, and I have a trogan files in:

c:_RESTORE\ARCHIVE\FS997.CAB[A0082115.CPY]
C:_RESTORE\ARCHIVE\FS997.CAB[A0082113.CPY]

I do scan by pc-cillin its always says: unable to delete

The virus name:
TROJ_PSW_RING0.B

How can I clean my pc ( laptop).

thanks


Report Offensive Follow Up For Removal

Response Number 10
Name: Phill
Date: June 24, 2002 at 20:57:23 Pacific
Reply: (edit)

Hello i tink i managed to get trojan virus via msn messenger, they guy that sent it now knows he hes it. my m8 says its a subseven trojan every time he presses ** in msn it brings up an anoying message and then i cant do nething until i clickon ok we have spent 2 days trying to get rid of it plz help wot do i need to look 4 to get rid of it??
p.s it also makes me automatically DL a file if he sends it to me plz plz someone help


Report Offensive Follow Up For Removal






Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home








Do you have your own blog?

Yes
No
I did before
I will soon


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History




Data Recovery Software