PDA

View Full Version : Help with Trojan Hunter................


Cozumeldiver
February 3rd, 2004, 03:22 PM
I just ran Trojan Hunter and found these are they all bad ? I had it clean the actual trojans.

Found possible trojan file: C:\Program Files\GroksterSupport\GroksterSupport.exe (SDBot) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found possible trojan file: C:\Program Files\LimeShop\LimeShop.exe (SDBot) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found possible trojan file: C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe (SDBot) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found trojan file: C:\System Volume Information\_restore{0146B196-FB8A-4FA6-9170-4B12E2B93B15}\RP591\A0069739.exe/02m9Uwr.exe (TrojanDownloader.Optimize.100)
Found possible trojan file: C:\System Volume Information\_restore{0146B196-FB8A-4FA6-9170-4B12E2B93B15}\RP591\A0069739.exe/02m9Uwr.exe (SDBot) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found trojan file: C:\System Volume Information\_restore{0146B196-FB8A-4FA6-9170-4B12E2B93B15}\RP593\A0070093.exe/WhNeu.exe (TrojanDownloader.Optimize.100)
Found possible trojan file: C:\System Volume Information\_restore{0146B196-FB8A-4FA6-9170-4B12E2B93B15}\RP593\A0070093.exe/WhNeu.exe (SDBot) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found trojan file: C:\WINDOWS\ARUpdate.exe (TrojanDownloader.ARU.100)
Found possible trojan file: C:\WINDOWS\system32\cbiuninstall.exe (Suspicious: UPX-packed file in Windows System folder) ***(What's a possible trojan file?) ***(Submit for analysis...) ***(Add to ignore list)
Found trojan file: C:\WINDOWS\system32\H@tKeysH@@k.DLL (KLog.HotkeyHook.100)
Found trojan file: C:\WINDOWS\system32\H@tKeysH@@k.DLL (KLog.HotkeyHook)
Found possible trojan file: C:\WINDOWS\system32\xmforgert.exe (Suspicious: UPX-packed file in Windows System folder) ***(What's a possible trojan file?) ***(Submit for analysis...) ***

Cozumeldiver
February 3rd, 2004, 04:47 PM
Nevermind. Decided to download Boclean and let that monitor for future hacker intrusions. Great site though and some good advice posted here. Thanks.

Pieter_Arntz
February 4th, 2004, 03:36 AM
Hi Cozumeldiver,

Seeing that a lot of the found malware was found in your Restore Points (making them worthless) I would advise you to disable System Restore, reboot and re-enable System Restore.
Do a full scan until you are satisfied you are clean and make a manual Restore Point.

More information about dis- and enabling System Restore for Windows ME can be found here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239

The same article for Windows XP can be found here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Regards,

Pieter