Trojan

Discussion in 'malware problems & news' started by Jeff, Nov 5, 2003.

Thread Status:
Not open for further replies.
  1. Jeff

    Jeff Guest

    I have the backdoor Trojan called msrexe.exe .. Any ideas on how to get rid of it would be greatly appreciated
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi Jeff,

    First of all, how do you know you have an infection? I'm guessing your anti-virus told you, so what do you use and did it give the actual Trojan name (not the name of the infected file)?

    There are a few Anti-Trojan products available and you could use a free evaluation of one which will help you clean your system. TDS-3 or Trojan Hunter would be good for scanning your system and finding all the pieces of the infection. Take a look at this page for links and more information:

    http://www.wilders.org/anti_trojans.htm

    If you install and scan with one of these, you could come back and tell us what it found and we could advise you further from there.
     
  3. Jimfish4us

    Jimfish4us Guest

    Sub 7 most lkely, but ... do a google search and take your pick.
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    That is a default SubSeven trojan name, so just install TDS and it will definitely be able to find it

    http://tds.diamondcs.com.au

    Update the databases too in case you have something else
     
  5. Third_Eye

    Third_Eye Registered Member

    Joined:
    Nov 17, 2003
    Posts:
    7
    hi jeff

    if u think that ur having a bockdoor trojan virus then the first thing u shud check for is the registry entries and the ini files which are run after booting of the system. the trojans most often make themselves auto load at startup. the things u must check are : -

    1-) Autostart Folder Methode :-

    The Autostart folder is located in C:\Windows\Start Menu\Programs\start
    and any file put there will start automatically when windows start

    2-) Win.ini Methode :

    open the win.ini file and if you found
    [windows]
    load= trojan
    run= trojan
    NullPort=None
    BaseCodePage=1256
    so your PC is batched and you have trojan , so delete anything after the "="
    sign

    3-) System.ini Methode :

    Same as win.ini file .. open up system.ini
    if you find shell=Explorer.exe trojan.exe , the trojan will start after
    explorer start
    and as your desktop is an explorer , so it will start every time windows
    start

    4-) The registry methode :

    Registry is often used in various auto-starting methods. Here are some known
    ways:

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Info"="c:\directory\Trojan.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Info"="c:\directory\Trojan.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    "Info"="c:\directory\Trojan.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
    "Info="c:\directory\Trojan.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Info"="c:\directory\Trojan.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Info"="c:\directory\Trojan.exe"

    - Registry Shell Open

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

    A key with the value "%1 %*" should be placed there and if there is some
    executable file placed there, it will be executed each time you open a
    binary file. It's used like this: trojan.exe "%1 %*"; this would restart
    the trojan.
     
Loading...
Thread Status:
Not open for further replies.