st.exe. Trojan..

Discussion in 'malware problems & news' started by Strawberry, Nov 4, 2004.

Thread Status:
Not open for further replies.
  1. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    I've been looking around these forums and found about 2 posts about this thing... Im a begginer to this stuff, Norton keeps telling me I have this everytime i open my WINDOWS folder. and that it cannot delete it.. it once did but it came right back. I dont know what to do. I found it today in my windows folder and i tried to look at the properties, and what in the world was it, but the norton warning kept coming up! I..

    *Ran disk cleanup
    *Deleted Temporary Internet files
    *Ran norton
    *Cleared recycling bin.

    I know its not enough, but i need instructions on how to get rid of this :oops: o_O
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  3. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    thanks for your reply, i havent downloaded hijack this, but is it worth it, or does it put anything on your computero_O :doubt:
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If you go through each and every step without missing one, I'm pretty sure you will be able to clean your system.

    Hijack This is a tool for experts to see what is going on with your system...

    Hope this helps...

    Cheers :D
     
  5. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Ill stay away from Hijack This i am not an expert, alright this is what i did so far.

    *Ran computer in safe mode
    *Downloaded and ran ad-aware
    *Down loaded and ran SB
    *Emptied Recycling bin
    *Deleted Temporary Internet files.
    *Downloaded and ran "STINGER" (its still scanning)


    whats shellmon.exe?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You're doing good, just make sure to run each and every step, and if this fails you will need to download HijackThis and post the log at one of the forums listed in that link, so an expert can help you with it...

    Shellmon is part of AOL, more info can be found here: http://www.liutilities.com/products/wintaskspro/processlibrary/shellmon/

    Cheers :D
     
  7. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    oh ok thanks, i also ran ewdio security suite :)
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you run Norton in "Safe Mode yet?

    Have you run Spybot Search and Destroy?

    Have you run AdAware?

    These are all very important steps...

    Keep going, it is a long but thorough process..

    Cheers :D
     
  9. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    something is seriously wrong with norton, my gosh. Just a minute ago the virus alert error popped up like maybe um, 70 TIMES? but it when away.

    Have you run Norton in "Safe Mode yet? No, I'll do that now...
    Have you run Spybot Search and Destroy? yes

    Have you run AdAware? Its still scanning. 40 process running, 440 objects found,
    ..
    this is getting me angry! lol but i guess its my fault :'(
     
  10. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    wait a minute!! how do you run norton in safe mode?! :oops:
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    We’ll get you sorted ;) :D


    You will probably have to go to Start> All Programs and click on Symantec/Norton and run a scan from there, it can be done, I just don’t run Norton myself…

    Cheers :D
     
  12. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    is there anyway to stop the errors?

    ad aware scan is done, but i dont think i can stick around for the stinger, and ewdio scan that has been scanning for 2 hours, and is only on 51%


    heres another error, lets count shall we? Hey only 4 clicks this time. :D
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Are you running scans simultaneously?

    You should run each step in the order provided, and then move onto the next, and most steps should be run in Safe Mode.

    Cheers :D
     
  14. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    gr, you mean im not supposed to run them at the same time?

    i cancelled the stinger


    =(

    Shall we try again tomorrow? I didnt do the steps in order, i ran the programs after the safe mode because i forgot to print out the directions! :'( :mad: :(
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, yes, one step at a time, or you will slow your system to a crawl. We can try this again tomorrow, if I'm not here, someone will be able to help you. I'll ask the Moderators to look out for your postings in this thread...

    Cheers :D
     
  16. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Thanks alot :)
     
  17. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    hey i tried again today guys, but i didnt use EWIDO, i used TDS. It detected the trojan's folders, i deleted the notebook.com's. Can I delete the TrojanDownloader.Win32.Small.oc, TrojanDownloader.Win32.Small.oc Dropper, ETC?


    Is there anyway to unlock a folder?

    Thanks =D
     
  18. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    And my username is Strawberry 2 because i cannot get into my old one for some reason... :ninja:
     
  19. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Yes you can delete those, if it says file locked access denied, it means its in use.

    Booting into safe mode can help, as only the necessary processes will run, to do this go to START>RUN>type MSCONFIG>go to boot>put a tick in SAFE>restart, you will now restart in safe mode.

    Try running TDS-3 in safe mode, if that does not get rid of them post back.
     
  20. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    I just got finished running TDS-3 in safe mode.
    It detected "Dual Extentions" Python 2.2.1.EXE and st.EXE
    I deleted them both, just to be on the safe side, what should i do to make sure it is gone?


    Thanks Sweetie(*)(*) and Blackspear! :)
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Strawberry and Strawberry2 ;) :D Just run through each of the steps again, do not go to another step without completing the step you are currently on...

    Once you are clean, then we'll need to get your security up to spec so this doesn't happen again.

    Let us know how you go.

    Cheers :D
     
  22. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Thanks for your help guys, im so stupid!

    St.exe wont come back when i start the computer back up, or restart it?
     
  23. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    by the way,

    C:/54f48f5093bb39088ccsd47786/spuninst.exe

    ..that folder is locked when i do safe mode and normal mode, what IS THAT?!
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Being that you deleted it, it shouldn't, however it is really important to got through each of those steps, one by one, and the whole process 3 times...

    Cheers :D
     
  25. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Not ONE error from norton! and i figured out what the other locked files were, umm the windows service pack files.

    When i grow up i wanna be like you guys!!! (SMART)
    (im 13)
     
Loading...
Thread Status:
Not open for further replies.