Help - how do I get rid of this Trojan

Discussion in 'malware problems & news' started by thebluerabbit, Jun 13, 2004.

Thread Status:
Not open for further replies.
  1. thebluerabbit

    thebluerabbit Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    7
    Location:
    Liverpool, England
    A Virus Scan with AVG revealed a trojan/backdoor described as 'Trojan Horse IRC/Backdoor/SdBot.27.BK' in 'C:WINDOWS/SETTINGS22/LSRV.EXE'. Following the scan, I receive constant pop-ups telling me about the trojan and advising me to use AVG to deal with it. However, AVG refuses to deal with the file.

    Does anyone know what all this means? What do I have to do to deal with it?

    Please help!
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. thebluerabbit

    thebluerabbit Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    7
    Location:
    Liverpool, England
    Thanks for the suggestions - unfortunately they have not worked. They identify the trojan, but won't remove it because it is in a protected file.

    It is described as a Trojan Horse IRC/Backdoor.SDbot.27.BK in the C/WINDOWS/SYSTEM32/LSRV.EXE file.

    What can I do?
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    ok,

    Follow the instructions here,

    https://www.wilderssecurity.com/showthread.php?t=15913

    then post your HijackThis log in the hijack cleaning forums with a full description of your problem and one of the experts will give u recommendations on how to clean out this Malware.


    snowbound
     
  5. Tomb23

    Tomb23 Guest

    if 'lsrv.exe' is running as a process in task manager you can try to stop it and then remove lsrv.exe file.
     
  6. pointyears

    pointyears Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    2
    Before learning of more sophisticated methods, I found that changing the extension of a bad ".exe" file to ".txt" turns an executable file into a text file which will not execute. This is also true of ".dll" files that are protected, as well. This is a "quick fix" that works only until the same evil file is reloaded onto your computer at a later time, however.
     
  7. fuskitzo

    fuskitzo Guest

    I have exactly the same problem... :(
     
  8. fuskitzo

    fuskitzo Guest

    The second piece of advice didnt work either as HiJack is disabled by the Trojan :'(
     
  9. 4A6F4A6F

    4A6F4A6F Registered Member

    Joined:
    Dec 23, 2003
    Posts:
    34
    try this, rename your hijackthis program file or just reboot in safe mode of windows and then scan again with your av program
     
  10. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
  11. raiden1701

    raiden1701 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2
    I have the same problem with this virus except mine seems very weird. I just finished formatting and I put on windows. The only things I installed were my Nvidia drivers and then Norton Anti-virus. I was only connected to the internet for about 50 sec. before I installed Norton. About 1 minute later Norton detected thins virus. How could I have got this virus so quickly on a pure windows format and install? When I search for the lsrv.exe file, I can't find it anywhere, even after selecting to view all folder hidden and system files. I looked where Norton told me to look but there is nothing there.
     
  12. phillyphil

    phillyphil Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    3
    Hey Raiden,

    An infection like the one you mention can happen JUST that fast. No, it wasn't your files or Windows install that were infected, as soon as you connect to the internet, if you have no firewall running (turn on the Internet Connection Firewall--ICF--for the easiest solution), and have not installed all current Windows Updates, you will likely get infected within minutes, as diferent crapware will enter through unpatched holes in XP. I know what you're thinking; ok, so HOW am I to update Windows if I can't get online? One way is to download all the patches (obviously on another computer that is updated) from Microsoft--that is a true pain. Another is to order their Security Update CD, which is free, but is only up to date through February of 2004. In theory, a firewall SHOULD protect you and allow you to download these updates straight from the Windows Update website, but I don't know how well this works in practice. There are also ways to "slipstream" a brand new XP install (have the updates installed as you install your brand new copy of XP), but I haven't tried it. You could search here or Google for more info. Any other differing opinions than mine are welcome...
     
  13. raiden1701

    raiden1701 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2
    Thank you very much Phillyphil, I will try those suggestions!
     
Loading...
Thread Status:
Not open for further replies.