Trogan Horse Virus

nivrip said:
Mucks, I hope you don't think I'm being a smart ass, but I've been following this thread and I notice that you use the word "rouge" (in this quote and earlier). Is this the French word for red with some meaning I don't understand or is it simply a misspelling of the word rogue. I'd be interested to know. Thanks in anticipation.
I can't spell for toffee ... but if rouge is a word for red, then I got it half right ... :D

I should have wrote ... rogue. :thumb:


:user:
 
Thanks for that.I know that rogue items come up sometimes in SpybotS&D in red and I wondered if rouge was some code word.

At least you can spell toffee.
 
I've briefly logged on to say still having problems with this trogan generic4syj virus. I keep deleting it but it still gets back. even when I'm not connected to the internet explorer keeps trying to open. Also I've fixed
O20 - Winlogon Notify: des082 - C:\WINDOWS\SYSTEM32\des082.dll



O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\hgdaab.dll",realset

But when I scan again they are still there. Any suggestions?
 
OK, now I see a Trojan by name we have to get our hands dirty ... ;)

If you do not feel confident in doing any of the procedures below ... STOP ... and tell me now. :thumb:

You will have to turn off System Restore, to do that ...

Click Start
2 Right-click My Computer, and then click Properties
3 On the System Restore tab, tick the box Turn off System Restore or Turn off System Restore on all drives. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
4 Click Apply.
5 When you see the confirmation message, click Yes
6 Click OK

Next, you will need to start in Safe Mode ... press F8 at boot time ... if your unsure how to do this, let me know.


Once in safe mode we need to edit the registry ... to do that ;

Click Start / Run
type regedit in the run box
click OK

Before we do anything else, we need to backup the registry. ;)

Go to File / Export
Give the file a name
press OK


Now the hard part ... find each one of the following reg keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrenVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  1. In the right pane, delete any value that refers to a file that was detected during the scan.
  2. Exit the Registry Editor
Done, reboot ...

I must stress once more ... editing the registry can feckup your system really easily ... only carry out these destruction's if you are confident in doing so.

Trojans are not easy for any program to eliminate ... You could go and try all the on-line scanners and you may get lucky and find one that can delete this nastie.

good luck

:user:
 
I just noticed ... the Forum software is putting a blank in the words CurrentVersion ... there is no blank space in those words


:user:
 
Right!!

I have just read though this and I think I could have a go tomorrow evening when I've time to really concentrate on it. One thing I'm a bit unsure about is
  1. In the right pane, delete any value that refers to a file that was detected during the scan.
Do you mean the hijack scan or AVG scan?

Thank you for all the help so far, hope I can get this sorted tomorrow. :wave:
 
Meluk said:
Right!!

I have just read though this and I think I could have a go tomorrow evening when I've time to really concentrate on it. One thing I'm a bit unsure about is
  1. In the right pane, delete any value that refers to a file that was detected during the scan.
Do you mean the hijack scan or AVG scan?

Thank you for all the help so far, hope I can get this sorted tomorrow.
happywave.gif
any of them ... hgdaab, des082 or even the trojan by name ... they shouldn't be there in those registry keys.

:thumb:

Did you give Spy Sweeper a try ?


:user:
 
Hi there

I tried Spy Sweeper but again I have to subscribe before it will get rid of it. Will just have a look about to see if anything else will sort it out before I'll have a go at what you advised me.

:nod:
 
Meluk said:
Hi there

I tried Spy Sweeper but again I have to subscribe before it will get rid of it. Will just have a look about to see if anything else will sort it out before I'll have a go at what you advised me.

nod.gif
Pardon ? ... you did download the new 5.5 Beta version, it is fully functional and will remove anything it finds ... :thumb:

oops, sorry, forgot, I had an invite to 'trial' it out, it ain't on public download. :o

I would suggest you actually buy one or the other ... Spyware Doctor or Spy Sweeper ... they ain't free 'cos they do a better job than any of the others.

You can have a go at my manual attempt to eradicate your 'problem' but I cannot guarantee it will be successful

:user:
 
Good Morning

Just to let you know I think my problem is sorted, without doing anything drastic! I think the problem was due to this des082.dll file, it seemed to be an add-on so when I disabled it the pop ups and the trojan virus didn't appear again.

I have ordered Spyware Sweeper to make put my mind at rest incase it does happen again.

Thanks
 
Back
Top