Some NOT CLEANABLE trojans with TrendMicro.

[Ulisse]

I have just made an online scan with TrendMicro antivirus and it has
found 3 not cleanacle trojans, they are:
TROJ HMAILHACK.B
TROJ ISTBAR.EM
HTML MHTREDIR.AD
Are they renomined? How can I get rid of these trojans?
What can I do please?
thanks

bye Ulisse

 

[Will Dormann]

I have just made an online scan with TrendMicro antivirus and it has
found 3 not cleanacle trojans, they are:
TROJ HMAILHACK.B
TROJ ISTBAR.EM
HTML MHTREDIR.AD
Are they renomined? How can I get rid of these trojans?
What can I do please?
thanks

Trojans are, by definition, uncleanable. Delete them.

 

[David H. Lipman]

You can remove them with the TrendMicro Sysclean utility using the following directions...

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt291.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave




| I have just made an online scan with TrendMicro antivirus and it has
| found 3 not cleanacle trojans, they are:
| TROJ HMAILHACK.B
| TROJ ISTBAR.EM
| HTML MHTREDIR.AD
| Are they renomined? How can I get rid of these trojans?
| What can I do please?
| thanks
|
| bye Ulisse

 

[joke0]

Hi,

Ulisse:

What can I do please?

Delete Internet Explorer's temporary files.
I guess it's in 'Tools' > 'Options'

 

[optikl]

I have just made an online scan with TrendMicro antivirus and it has
found 3 not cleanacle trojans, they are:
TROJ HMAILHACK.B
TROJ ISTBAR.EM
HTML MHTREDIR.AD
Are they renomined? How can I get rid of these trojans?
What can I do please?
thanks

bye Ulisse

No Trojan is "cleanable", my friend. Delete the MoFo.

 

[cquirke (MVP Win9x)]

Ulisse wrote:

Trojans are, by definition, uncleanable.

This is true, in that the files are 100% malware.

Delete them.

Careful with that ax, Eugene! Because there may be a dependency on
the trojans that cannot be fixed after they are deleted, I'd first
rename them away before deleting them.

Trouble is, if you do that (or delete, for that matter) while the
trojan is active, it may react punitively.

In addition, Windows itself may update internat settings references to
the files so that they are still integrated after they are renamed
away. In some settings, Windows will still use the files even if
you've renamed them to an invalid file name extension.

For this reason, it's safest to do this trial-of-rename from outside
the HD-based OS. Easy on FATxx, less easy but possible in NTFS
(Bart's PE boot CDR, drop HD into another XP PC)

---------- ----- ---- --- -- - - - -

On the 'net, *everyone* can hear you scream

 

[David H. Lipman]

Alright CQuirke -- A Pink Floyd phan !

Dave



<snip>

| Careful with that ax, Eugene! Because there may be a dependency on

<snip>

 

[Roger Wilco]

Trojans are, by definition, uncleanable. Delete them.

Whether or not a trojaned program file is cleanable depends on how (or if) it was modified in the first place. Many are
not modified and so cannot be unmodified, but there is no definition that I am aware of that defines trojans as uncleanable
as you suggest.

 

[Dave Budd]

Whether or not a trojaned program file is cleanable depends on how (or if) it was modified in the first place. Many are
not modified and so cannot be unmodified, but there is no definition that I am aware of that defines trojans as uncleanable
as you suggest.

Bzzzt.
The definition of a trojan is that it's a complete program in its own
right, not a modification of an existing one.
They may, of course, do all kinds of things to /other/ files once they
get in and run, but the actual trojan is just a program you don't want
and should be deleted.
I find it wise to have a copy of LSPfix.exe from Bill at cexx.org on
hand, though.

--
Post presented in its original aspect ratio of 1.78:1 - scrollbars at
the sides of the screen are normal in this format. This high-definition
digital message was created on a run-of-the-mill PC from the restored
35mm negative. To further enhance it, many grammar and spelling errors
and other inaccuracies have been removed using the DB EBD-TC system.

 

[Claude Balls]

The definition of a trojan is that it's a complete program in its own
right, not a modification of an existing one.

Virus: A program that attached itself to an existing files and
replicates.

Trojan: Malware disguised as a benign program or file designed to
cause problems by those who execute them. They do not replicate on
their own.

 

[Webster72n]

When are they going to learn to really appreciate what you are doing here?
Soon - I hope!

Harry, old and learned 'the hard way'.

 

[Roger Wilco]

Bzzzt.
The definition of a trojan is that it's a complete program in its own
right, not a modification of an existing one.

No, most definitions for trojan make no reference to whether or not the program is a modified version of a preexisting
program or a 'built from the ground up' malware file. If it does something else (instead of or in addition to) what the user
is lead to believe it does - it is a trojan. The 'complete program' that you mention is usually a differentiating characteristic
between the type of 'virus' that infects program files and the type of 'worm' that uses a host machine rather than just a host
process. This type of worm creates program files instead of using preexisting ones. Peeps always have a tendency to prefer
definitions for malware that exclude other types of malware, but this is not really how these things are defined.

They may, of course, do all kinds of things to /other/ files once they
get in and run, but the actual trojan is just a program you don't want
and should be deleted.

That depends on the specific trojan involved, but this is usually correct. You should be careful though, a downloader trojan
in the startup folder could have downloaded and executed its target file the first day and then deleted the downloaded file
once the new program was installed, and then on a subsequent download another different program gets installed - if the
programmer had seven programs he wanted installed he may have had a guardian program running to detect any interference
such as you attempting to delete the downloader. You shouldn't assume that because the AV says it is a "Trojan" that it is
safe to 'just delete' the file. As far as cleaning modified program files goes - many will say it is always better to replace than
it is to clean even if a cleaning is possible.

I can't remember the exact malware, but there was a worm that modified windows media player to become a downloader
trojan - it wasn't a parasitic modification (lost its original function), but it caused a download and execution of foriegn code
whenever a media file was chosen (double-clicked). If it had been a parasitic modification it might have been cleanable by
removal software and yet still have been a trojan by definition.

 

[Roger Wilco]

Virus: A program that attached itself to an existing files and
replicates.

Boot sector viruses don't attach to files - so that definition falls short of the mark.

Trojan: Malware disguised as a benign program or file designed to
cause problems by those who execute them.

This is good, it allows non-program files (like HTML) to be included. It is important to include containers as trojans 'cause
so many are - they 'pretend' to be harmless data files and yet contain malicious code destined to be executed on some of
the systems they arrive at.

They do not replicate on
their own.

What else they do (or don't do) is irrelevent, the industry looks at a malware and it fails to qualify as a worm or virus so they
call it a trojan. One way a malware can fail to meet the worm or virus criteria is non-replication. This does not mean trojans
don't replicate, it only means that if it does they will call it a worm or virus instead of a trojan even though it still meets the
definition.

 

[Bart Bailey]

Bzzzt.
The definition of a trojan is that it's a complete program in its own
right, not a modification of an existing one.
They may, of course, do all kinds of things to /other/ files once they
get in and run, but the actual trojan is just a program you don't want
and should be deleted.

What happened to the definition;
"Trojan = a deceptive vector ploy"
you know, where some file presents itself
as other than what ultimately crawls out the horses ass?
It would be a cyber equivalent to the spoken variety of
misrepresentation (bullshit) commonly employed by politicians,
preachers, and salesmen.

....of course with graciously accommodating "support" applications like
IE/OE* on board, there's no need for deception at all.

~~~
Once upon a time,
it was normal to use the bundled IE/OE that came with your system to
just happyclick about the information superhighway,
but nowadays it seems a bit perversely sadistic, not to mention
irresponsible, as a connected netizen.
~~~

*IE/OE - Microsoft's I-Net worm handler plugin for Windows

 

[Bart Bailey]

What else they do (or don't do) is irrelevent, the industry looks at a malware and it fails to qualify as a worm or virus so they
call it a trojan. One way a malware can fail to meet the worm or virus criteria is non-replication. This does not mean trojans
don't replicate, it only means that if it does they will call it a worm or virus instead of a trojan even though it still meets the
definition.

There seems to be more notoriety placed on the term "trojan" than on
"worm", in the fear based sales stratagem, maybe because in the nebulous
minds of customers, you have to look up to see a trojan, and down to see
a worm.

 

[kurt wismer]

Whether or not a trojaned program file is cleanable depends on how (or if) it was modified in the first place. Many are
not modified and so cannot be unmodified, but there is no definition that I am aware of that defines trojans as uncleanable
as you suggest.

maybe you should look at your own terminology... a 'trojaned program'
and a 'trojan' are not the same thing...

a 'trojaned program' is one (as you suggest) that was modified to make
it into a trojan... outside of viral infection, that almost never
happens (and when it is viral infection we generally don't talk about
it being a trojan)... as such, the trojan horse programs one encounters
in practice are of the uncleanable variety that will is talking about...

 

[kurt wismer]

(e-mail address removed) says... [snip]

Whether or not a trojaned program file is cleanable depends on how (or if) it was modified in the first place. Many are
not modified and so cannot be unmodified, but there is no definition that I am aware of that defines trojans as uncleanable
as you suggest.

Bzzzt.
The definition of a trojan is that it's a complete program in its own
right, not a modification of an existing one.

a modified program is a complete program in it's own right... existing
programs can be converted into trojans...

and the definition of a trojan is just a program that does something
the user doesn't want as well as or instead of the function the user
thought the program performed...

 

[null]

There seems to be more notoriety placed on the term "trojan" than on
"worm", in the fear based sales stratagem, maybe because in the nebulous
minds of customers, you have to look up to see a trojan, and down to see
a worm.

Hey Bart! Ya wanna try out a cool tool? Check this out:

http:/home.epix.net/~artnpeg/D-BROWSE.ZIP

It's now in "advanced Beta", closing in on V1.0


Art
http://www.epix.net/~artnpeg

 

[Bart Bailey]

Hey Bart! Ya wanna try out a cool tool? Check this out:

http:/home.epix.net/~artnpeg/D-BROWSE.ZIP

http://home.epix.net/~artnpeg/D-BROWSE.ZIP

Just a minor correction for the happyclickers out there wondering what
that old curmudgeon Art has done to their remote server locator. ;-)

It's now in "advanced Beta", closing in on V1.0


Art
http://www.epix.net/~artnpeg

Thanks

 

[null]

http://home.epix.net/~artnpeg/D-BROWSE.ZIP

Just a minor correction for the happyclickers out there wondering what
that old curmudgeon Art has done to their remote server locator. ;-)

Heh. Moz didn't have any trouble with the single slash. Keeps away the
IE idiots


Art
http://www.epix.net/~artnpeg