Win32.trojanrunner.yab.200 trojan

Discussion in 'malware problems & news' started by PhiloVance, Jun 3, 2003.

Thread Status:
Not open for further replies.
  1. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi PhiloVance,

    That trojan is in the Windows XP System Restore area, so it can not be cleaned up by the usual methods (such as telling your AV/AT to delete it, or deleting it directly yourself). You must cycle System Restore to have it empty out the contents safely.

    Note that this will remove all the current restore points you have on your system, so, you won't be able to roll back your configuration until you have restarted System Restore and it has saved new restore points.

    The procedure for why you need to do this and how to do it is documented pretty well here:

    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

    On the upside, if that is the only place this malware was found, then you may never have really been infected. System Restore could have just saved a copy of the original exe file that contained the trojan... One time when I was just testing with the eicar test virus, XP's System Restore saved a copy of it so that I kept getting alerts when I did full system scans. It was kind of funny, but, also educational in how this can happen.

    Here's a local copy of the error message image you linked to (below).

    Best Wishes,
    LowWaterMark
     

    Attached Files:

  3. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
    Hey, thanks for your quick reply. I'm printing the symantic doc now and will be removing the trojan soon. I'll let you know the results. :)
     
  4. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
    A bit of confusion:

    After I turn off system restore, do I then reboot, then turn it back on? Thanks.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi PhiloVance,

    Yes. Rebooting clears out all the old Restore Points.
    Then turn System Restore back on.
    Recommended to make one Restore Point manually after scanning to see if everything is clean.

    Regards,

    Pieter
     
  6. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
    Ok, turned restore points off, rebooted, then turned them on.
    Ran a complete virus-scan and got no hits.

    Hope all is clean.

    Thanks to all who assisted.

    PV
     
Loading...
Thread Status:
Not open for further replies.