Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi....
I too am having problems with my puter. it's always giving me the "error" and end task crap. I'm running windows 98 and Today I loaded the Eanthology stop sign and it said I have an infected c:\windows\winserv.exe trojan.imiserv.
Now, I have AVG AND ZOne alarm and neither picked this up, I also tried to find this in my computer and it shows nothing. What the heck do I do now? PLEASE HELP!
Thank You in advance!
Hello Rdl,
When you are corrupted by a trojan, you need quickly a program specialized to detect and eradicate it... Zone Alarm is a firewall, it protects you as long as you are safe, but absolutely not when you are corrupted.
Trojan has two parts: the "spread" and the "worm". As long as you have the "worm" hiden somewhere in your hard drive the virus will stay active as soon as you connect to internet.
I recommend you to download the program "Trojan Remover" which use two differents scan to find and erase Trojan's betrayals.....
This is a freeware for one month:
http://www.simplysup.com/tremover/details.html
Good luck....
0 
Click Start > Run > type msconfig and click OK. Click the Startup tab. Locate the following two entries and uncheck them:
Win Server Updt C:\Windows\wupdt.exe
Win Server C:\Windows\winserv.exeClick Apply/OK and reboot. Do a find files for: wupdt.exe and winserv.exe and delete them.
0
In response to tom....
I tried that, but when I find the files after I rebooted and try to delete them they says "The file wupdt is a program. if you remove it you will no longer be able to run this program or edit some documents". and it says the same thing on the winserv.exe
What's going to happen if I delete them?
0
IMP.....I got the trojan remover too, big help (NOT) 30 minutes of loading and scanning and it said it found NOTHING but whenn I did another eanthology scan, there was the trojan once again!
TOM.....
OK, I deleted them both...I hope it works...and THANK you both!
0
"IMP.....I got the trojan remover too, big help (NOT) 30 minutes of loading and scanning and it said it found NOTHING but whenn I did another eanthology scan, there was the trojan once again!"
Hehe..That's because Trojan Remover isn't as good as he thinks it is...
0
Usually Trojans do not have "worm" payloads. They have no way of self spreading.
There are a few exeptions to this rule but this is not one of them.
Your correct in saying they have two parts but they are the "Client" and "Server".
The server is the infection part and the Client is used to parse commands to the infected machine EG> Open CD-Rom Tray, Upload / Download files...etc
The server.exe (could be called anything - in this case it's WinServ.exe) is installed on your machine and then uses Windows to start everytime the operating system starts. There are only a handful of ways these files can "autostart", the oldest of the methods being; Win.ini, System.ini and HKCU & HKLM Run Keys.
These methods are all documented on the Internet;http://www.megasecurity.org/Trojaninfo/auto_start_methods.htm
Installing good Antivirus is excellent practise and I would highly reccomend using Kaspersky Labs AV (www.kasperskylabs.com) Probably the best AV on the market!
This will NOT guarentee infection as all AV's can only scan for what it knows so by installing some Anti-Trojan Software is good practise as well.
An excellent piece of software for this is TDS-3 (http://tds.diamondcs.com.au/)Removal Instructions for the backdoor you currently have on your machine can be read here;
http://vil.nai.com/vil/content/v_99813.htm
Hope this helps
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
