|
Posted by SPG on September 1, 2006, 6:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> | Hi,
> |
> | Somehow a Trojan has got onto my PC.
> | It was downloading loads of viruses (Dialer mainly).
> |
> | I run Norton Internet Security, but that did not catch the installation
> of
> | the trojan. I does however catch the viruses as they are downloaded by
> the
> | trojan.
> |
> | I have ran AVG, which found Dialer.tg infected in a file called
> | DrInstall.exe and cleaned that, as well as some dodgy registry entries.
> | But, I am still seeing some wierd things like thousands of 0byte files
> being
> | written to windows\temp. These are normally names SOSxxxx.TMP (replace
> xxxx
> | with a random number) or TMPxxxx.TMP
> |
> | Now, I ran Trojan hunter tongiht also, that didn't find anything, bu
> tthere
> | is clearly something going on to keep creating these files.
> |
> | Can anyone point me to what might be the cause of this and how I can get
> | rid?
> |
> | Steve
> |
>
> Dialers are Trojans, not viruses.
>
> Start with the McAfee module in the below Multi AV Scanning Tool...
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
> Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
> site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
> Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
> or you can
> download the files and perform a scan in Normal Mode. Once you have
> downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
> Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
> to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
> Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
> comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Hi,
I did what you suggested. I tried running the scanners but I am getting a
16bit system error to do with not being able to find the temp directory
which actually exists and has full permissions set.
I then made a dos boot disk and booted to dos (ntfs) and run the DOSClean.
This ran all night and when I came back down this morning I had a black
screen and the system was non-responsive.
This morning I am still seeing thousands of these sosxxxx.tmp files being
created, although I have used the sysinternals process manager and found out
that the files are being creted via the CCAPP.exe which is a norton NIS
scanner, so Norton appears to be unable to detect what the torjan/virus is
that is causing this to happen.
Is there a way to find out what app is writing these files via NIS?
Steve
| 
XML site map