also need help with trojan horse dropper small 5J

Discussion in 'malware problems & news' started by pampeerey, Aug 24, 2004.

Thread Status:
Not open for further replies.
  1. pampeerey

    pampeerey Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    4
    how did i get this thing? anyway, I have it but my windows 2000 doesn't have a system restore option (that I can find anyway) that I can disable. my free AVG keeps finding it and getting rid of it, but it keeps coming back... pleaes help!! (in some atgames.exe file that I can't find in a file search)

    (removed private email to prevent harvesting by spam bots - snap)
     
    Last edited by a moderator: Aug 26, 2004
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    AVG free seem to miss a lot these last few weeks, have you tried to run AVG in safemode?. You could try to run one (or more) of the free online-scanners, links to some of these in my signature. :)
     
    Last edited by a moderator: Aug 26, 2004
  3. pampeerey

    pampeerey Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    4
    after deleting with avg free several times, or something, the virus seems to be gone. have no idea what finally did it. but i would still like to know how i got it.
     
  4. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    That's good pampeerey, hopefully it's gone. BTW i would edit/remove your emailaddress if i were you. :)
     
  5. pampeerey

    pampeerey Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    4
    No help - it's back!!!!! what can I do to get it off (and what is safe mode?)o_O??
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi pampeerey,

    The System Restore feature is only available on WinME's and XP systems.

    There may be another file still on your system that is the culprit for causing the reinfection. First, empty your IE's Temporary Internet Files: Open Internet Explorer - >Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.

    Then empty the "contents" of your C:\Windows\Temp folder, and C:\temp folder (if you have one), and then empty your Recycle Bin.

    You can do another scan with AVG while in Safe Mode and see if it finds any other files besides the 'atgames.exe' file.

    I would also suggest you do a full system scan at one of these on-line virus scanners: Free Services

    Let us know how you do. :)

    Regards,

    snap
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you take the following steps:


    Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet.
    http://www.zonelabs.com


    Step 2. Download Stinger available here: do NOT run this YET.
    http://vil.nai.com/vil/stinger/


    Step 3. Turn OFF System Restore, this process depends on your operating system:


    Windows XP Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on the "System Restore"
    4. Place a tick in "Turn off System Restore on all Drives"
    5. Click OK
    6. Close and restart your system.


    OR


    Windows ME Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on "Performance"
    4. Click "File system"
    5. Click "Troubleshooting"
    6. Check "Disable system restore"
    7. Click on OK
    8. Close and restart your system.


    Step 4. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.


    Step 5. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up


    Step 6. Run a scan with “Stinger” the program you downloaded above.


    Step 7. Run a scan with your current Anti-virus program – MAKE SURE IT IS FULLY UP TO DATE with the latest virus signatures.


    Step 8. Run a scan with “Stinger” the program you downloaded above.


    Step 9. Reboot your system into normal mode.


    Step 10. Run a further online scan found here: http://housecall.trendmicro.com/


    When everything is clean, it is recommended that you turn System Restore back on.


    Step 11. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
    http://beam.to/spybotsd


    Step 12. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    Step 13. Install and run CWShredder available here:
    https://www.wilderssecurity.com/showthread.php?t=14086


    Step 14. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”.

    WEEKLY – check this is “Up to Date”.



    REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean…



    Now that your system is clean you may want to take a look here for further discussion on security and how to make your system that much stronger:

    https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

    and here for more:

    https://www.wilderssecurity.com/showthread.php?t=43117


    Hope this helps…

    Let us know how you go…

    Cheers :D
     
    Last edited: Sep 4, 2004
Loading...
Thread Status:
Not open for further replies.