|
Posted by 1234 on January 13, 2008, 12:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On Sun, 13 Jan 2008 00:13:45 -0800, 1234 wrote:
>
>>>
>>>| Hello,
>>>|
>>>| I have XP SP2 on an HP machine. I've been wanting to wipe it clean and
>>>| restore to original configuration, just haven't gotten to it.
>>>Yesterday
>>>| Ad-Aware found a list of items associated with WIN32.TrojanSpy.Goldun
>>>| (Folder, Regkeys, RegValues, File C:\info.exe).
>>>|
>>>| My first instinct had me gathering removal information. My next
>>>thought
>>>| was -- maybe this was a perfect time to format and restore.
>>>|
>>>| My question is this: Will Formatting and perfoming a Restore or
>>> Recovery to
>>>| factory settings wipe the Trojan as well? If not, what else would be
>>>| needed? Seems like a waste of time to attack and remove the intruder
>>>if
>>> it
>>>| will die in the formatting process anyway.
>>>|
>>>| I've been using a different machine to change any passwords used on the
>>>| infected one so none of them will be vulnerable. Is there anything
>>>else
>>> I
>>>| should be thinking of?
>>>|
>>>| Thanks for any thoughts. I'm out of my area here.
>>>| Ellen
>>>|
>>>
>>> If you were prepared to wip the PC, go for it.
>>> Wiping the PC (format & restore) will definitely remove this Trojan.
>>>
>>> --
>>> Dave
>>> http://www.claymania.com/removal-trojan-adware.html
>>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>>
>>>
>>
>> That is good news!
>>
>> A couple of the registry lines contains ACRORD32INFO.EXE. Does the
>> ACRORD
>> say that it came with Adobe Reader, or that it's just imposed itself on
>> that
>> Adobe entry? Others "flashcft" but I could not find the term anywhere in
>> English.
>
>
http://www.google.com/search?client=opera&rls=en&q=ACRORD&sourceid=opera&ie=utf-8&oe=utf-8
>
>> Lavasoft's Ad-Aware detected this Trojan. Is Ad-Aware a thorough remover?
>
> No, it is not, Multi-AV is a superiour tool. But 'wiping' HDD is a
> preferred course of action.
Thanks for the link. I had looked it up earlier, seems like a legitimate
part of a troublesome program. I'm still not sure if Adobe is the source of
the Trojan, or the way the Trojan is expressing itself (did I say that
right?). Just a curiosity.
More important to me: If I save Favorites, Mail Settings, Mail, Address
Books, etc., from the infected machine to a CD, in order to use them in the
"new" install, could they in any way "carry" the Trojan information and
reinfect? Seems like it's advised to save important data before killing the
Trojan -- I just want to know if any of the saved treasures (including
documents, spreadsheets, registry settings....) could be potentially
harmful.
Thanks so much for your help!
Ellen
| 
XML site map