Computing.Net > Forums > Security and Virus > I think I got a trojan 8(

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

I think I got a trojan 8(

Reply to Message Icon
Original Message
Name: Andre Kurnitski
Date: October 30, 2002 at 01:34:41 Pacific
Subject: I think I got a trojan 8(
OS: XP/linux
CPU/Ram: 768MB
Comment:

Hi, recently, I left my computer on for a while, while it was online, and turned the monitor off.
then after I while I came back to find a Norton alert about a virus...
C:\System Volume Information\_restore{9CA48BBE-7CDA-4DA5-98CE-A952F6F38524}\RP17\A0008550.exe
is infected with the Backdoor.BladeRunner virus.
When I looked into my C:\ directory
I couldn't find it, so I switched my folder option to show hidden files
and found 'System Volume Information' dir, but when I tried opening it. It said
C:\System Volume Information in not accessible
Access is denied.
I am logged in as the administrator, and usually careful about what I d/l.
anyone have any idea of how I got this, and how to access that directory?
I tried safe mode with no luck...
btw, when I do a complete system scan, I come up with nothing. can this be a hacker trying to acssecute the trojan
remotely?
... another strange thing, after I d/c my computer cuz of the trojan, then reconnected back I got this form my ZA firewall
The firewall has blocked routed traffic from myIP(xxx.xxx.xxx.xxx) (UDP Port 123) to 207.46.226.34 (UDP Port 123).

User: SYSTEM
Program: Generic Host Process for Win32 Services
Time: 10/30/2002 1:29:24 AM
Thanks in advance!



Report Offensive Message For Removal

Response Number 1
Name: WhoDunnit
Date: October 30, 2002 at 05:23:27 Pacific
Subject: I think I got a trojan 8(
Reply: (edit)

It sounds like the virus is trying to get your computer to communicate to the IP address where the virus came from. I dont know if this will work for sure, but try going into My Computer, and find the folder you cannot get into. When you find it, right-click on it and select properties. Now, if you see a security tab, click that. Now on the bottom you may see a button that says Advanced. Click that. Now you should see a tab that says Owner. It should have your sign on name or your name as the owner. If it doesnt click your name from the box and click apply. Now try it.

Post back if it helps or not.


Report Offensive Follow Up For Removal

Response Number 2
Name: Karma
Date: October 30, 2002 at 20:36:30 Pacific
Subject: I think I got a trojan 8(
Reply: (edit)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Take a look at this key for the said trojan.

Also look for your netstat -na results (netstat -nap ?) for XP to attach it to the owner process.

If ports 5400, 5401, 5402 is listening, then you might indeed be infected.

However, a trojan as it is, is useless unless it has a client connecting to it.



Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: I think I got a trojan 8(

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Burning Boot Disk

faulty hdd?

Booting with a broken graphic card

Help with my DRAM:FSB Ratio

Maintain VOB Files After Cropping

All Posts Awaiting Replies