May have a remote access trojan

July 8, 2010 at 02:03:23
Specs: Windows XP
Dell D400 Laptop w/ 2GB of RAM. My yahoo email account was used recently to send spam out to some old email addresses, most which had bounced. Had the PC checked for anything that might not belong on it and only found some type of tool bar. Had my passwords changed on my various accounts.

See More: May have a remote access trojan

Report •

July 8, 2010 at 02:10:06
mmm - boot with a knoppix or ubuntu dvd (linux variants on dvd); go to and run their freebie "housecall" utility.

Allow it to do a full scan; and "anything" it quarantines locally on the drive - delete.

Then reboot as per norm and see what etc.?

Perhaps also run a local full scan (with installed anti-virus util) and also the trend scan too - both in safe-mode - using the installed OS to get on-line. If you go this route - disable system restore until absoultely sure system is clean. Once clean - reboot; re-enable system restore... and both free .ISO downloads; save too a hard-drvie; burn to dvd; boot with that dvd etc...

Report •

July 8, 2010 at 02:14:36
Thanks. I'll give that a try. Results will be posted when complete, which will be sometime tomorrow.

Report •

July 8, 2010 at 06:08:50
Ths linux dvd approach often - but not always... - resolves such problems. Worth to give it go regardless...

And some suggest may have a similar freebie on-line scan; which if so the suggest you use that one also. Not having gone there - can't comment from personal experience...

Report •

Related Solutions

July 9, 2010 at 00:18:43
I located a few rescue cd's. One of them is a Knoppix based f-prot cd for malware and hard drive recovery. It has the ability to download updated malware signature files off the internet or use a usb thumb drive with the signature files preloaded. That will work for me as I won't have access to the internet on this laptop with Linux running. The hardware requires wrappers for the networking to work under Linux. I was not able to get my network hardware to work correctly under safe mode and ended up running housecall in regular mode. It did find a trojan called RogueAV CLNAV4. the file name was audioapp.exe. Housecall was able to quarantine the file. I have AVG installed on this laptop and tried to run the command line scanner in safe mode. Was not able to complete the scan as the screen would not activate after the lid was shut. Ended up rebooting. Will rerun that scan later. Will now see about getting the updated f-prot signature files now and reboot with the cd.

Report •

July 9, 2010 at 00:22:29
Forgot to mention, the cd image links can be found at the link below.

Report •

July 13, 2010 at 02:27:18
I did a bit more investigating this problem and I am no longer
concerned about there being any type of malware on my
laptop that was responsible for what happened on my Yahoo
email account. I checked some of my other accounts that are
accessed from this laptop and found n osuspicious activity on
them. I did change the passwords on them just as a
precaution. I found various forums all over the net with people
indicating that at least four different email systems user
accounts were compromised. The systems were AOL,
Hotmail, Gmail, and Yahoo. I only have email accounts with
Gmail and Yahoo. My gmail account so far has had no spam
sent from it and I access this account far more often than I do
my Yahoo account. I found an article that is indicating that a
complex distributed cracking network is being used to guess
user names and passwords via a web service authentication
system. Based on the types of error messages that are
returned tells the crackers if they have a valid user name and
then if they have a valid password. In short they have found a
backdoor for a brute force crack on user accounts.

link to article on the cracking:


link to blog where I found the link posted:

Report •

July 13, 2010 at 02:38:43
Looks like the links I posted are not working. here are the links
without http:// added. They will need to be copied and pasted to

Report •

Ask Question