Trojans

[Dexter Que]

I have run Symantic 2004 full edition and AVG try out edition, I ran
them 3 times and most times I came up virii and trojan free. The first
run of AVG told me I had a trojan. The program cleaned it up. But, I'm
still getting a popup message telling me I still have a trojan. What
gives? Please help me out and point me in the right direction to fully
cleane it out
Dexter

 

[Bill]

I have run Symantic 2004 full edition and AVG try out edition, I ran
them 3 times and most times I came up virii and trojan free. The first
run of AVG told me I had a trojan. The program cleaned it up. But, I'm
still getting a popup message telling me I still have a trojan. What
gives? Please help me out and point me in the right direction to fully
cleane it out

It would be helpful if you could advise as to what malware you are
referring to.

 

[Elco]

I have run Symantic 2004 full edition and AVG try out edition, I ran
them 3 times and most times I came up virii and trojan free. The first
run of AVG told me I had a trojan. The program cleaned it up. But, I'm
still getting a popup message telling me I still have a trojan. What
gives? Please help me out and point me in the right direction to fully
cleane it out
Dexter

Because the thing sits in a hidden map or folder.........
with a read-only attribute....
AVG cannot handle that.....
grtz......Elco

 

[Dexter Que]

I don't know at this time which malware I have. The next time the
message box opens I'll capture the info and post it here. Do you know
why I can't copy and paste from the dialogue box?

 

[Dexter Que]

This info is from a dialogue box that opens when running AVG.
Virus
Trojan horse Dropper.Delf.3.l

also says it is found in C:\temp\installer2.exe

 

[Dexter Que]

This info is from a dialogue box that opens when running AVG.
Virus
Trojan horse Dropper.Delf.3.l

also says it is found in C:\temp\installer2.exe, which doesn't appear
to exist

 

[Miles Fromier]

I have run Symantic 2004 full edition and AVG try out edition, I ran
them 3 times and most times I came up virii and trojan free. The first
run of AVG told me I had a trojan. The program cleaned it up. But, I'm
still getting a popup message telling me I still have a trojan. What
gives? Please help me out and point me in the right direction to fully
cleane it out
Dexter

AV programs can be reasonably expected to find known viruses (including worms), but where trojans are concerned it is a hit and miss
proposition. Some are very good at trojan detection while others really suck at it.

What "pop-up" are you referring to, and where is what finding what?

 

[xmp]

AV programs can be reasonably expected to find known viruses (including worms), but where trojans are concerned it is a hit and miss
proposition. Some are very good at trojan detection while others really suck at it.

What "pop-up" are you referring to, and where is what finding what?

IMHO, nav and avg suck at trojan detection (based on informal tests in
2003). if they couldn't catch the plain jane trojans i threw at them ...

michael

 

[Bart Bailey]

This info is from a dialogue box that opens when running AVG.
Virus
Trojan horse Dropper.Delf.3.l

also says it is found in C:\temp\installer2.exe

Try adding these two lines to your [Autoexec.bat]:
@DelTree /Y C:\WINDOWS\Temp
@MD C:\WINDOWS\Temp
Then re-boot
If you still have problems, do a find files for that [installer2] to see
if it's residing somewhere else, and kill it there too.

 

[Bart Bailey]

This info is from a dialogue box that opens when running AVG.
Virus
Trojan horse Dropper.Delf.3.l

also says it is found in C:\temp\installer2.exe

Try adding these two lines to your [Autoexec.bat]:
@DelTree /Y C:\WINDOWS\Temp
@MD C:\WINDOWS\Temp
Then re-boot
If you still have problems, do a find files for that [installer2] to see
if it's residing somewhere else, and kill it there too.

Oops, just noticed that his temp is in the C:\ root,
and not the windows subdirectory.
In that case, just delete the folder and don't bother to MD a
replacement.

@DelTree /Y C:\Temp

 

[Sara]

I have run Symantic 2004 full edition and AVG try out edition, I ran
them 3 times and most times I came up virii and trojan free. The first
run of AVG told me I had a trojan. The program cleaned it up. But, I'm
still getting a popup message telling me I still have a trojan. What
gives? Please help me out and point me in the right direction to fully
cleane it out
Dexter

I think your AV programs are not too good at detecting these things. I used
TDS-3 (trial) it was good but I now use Trojan Hunter. got lots of good info
here http://www.anti-trojan-software-reviews.com/

Sara.

 

[Buffalo]

In Message-ID:<[email protected]> posted on Sun, 26 Sep
2004 18:14:37 -0400, Dexter Que wrote: Begin

This info is from a dialogue box that opens when running AVG.
Virus
Trojan horse Dropper.Delf.3.l

also says it is found in C:\temp\installer2.exe

Try adding these two lines to your [Autoexec.bat]:
@DelTree /Y C:\WINDOWS\Temp
@MD C:\WINDOWS\Temp
Then re-boot
If you still have problems, do a find files for that [installer2] to see
if it's residing somewhere else, and kill it there too.

If you use the lines above in your AutoExec.bat, you may have problems
installing new programs that require a reboot to finish.
Reason: the temp files they need will be deleted before they can be
used to finish the install program.

 

[Bart Bailey]

In Message-ID:<1lV5d.119617$MQ5.72450@attbi_s52> posted on Mon, 27 Sep

If you use the lines above in your AutoExec.bat, you may have problems
installing new programs that require a reboot to finish.
Reason: the temp files they need will be deleted before they can be
used to finish the install program.

I've found that even if you leave them in there permanently, that new
installations will occasionally give an invalid path error on reboot,
but will otherwise install OK. They use a run once cleanup of the temp
after the installation is already done. The only time I've ever had a
problem is with an application called RegCompact that uses the temp to
store HKU data for importation, and I usually delete the whole autoexec
file during that and replace it later.

 

[Robert de Brus]

X-No-Archive: Yes

In xmp <[email protected]> typed
|| Miles Fromier wrote:
||
||| |||
|||| I have run Symantic 2004 full edition and AVG try out edition, I
|||| ran
|||| them 3 times and most times I came up virii and trojan free. The
|||| first
|||| run of AVG told me I had a trojan. The program cleaned it up. But,
|||| I'm
|||| still getting a popup message telling me I still have a trojan.
|||| What
|||| gives? Please help me out and point me in the right direction to
|||| fully
|||| cleane it out
|||| Dexter
|||
|||
||| AV programs can be reasonably expected to find known viruses
||| (including worms), but where trojans are concerned it is a hit and
||| miss proposition. Some are very good at trojan detection while
||| others really suck at it.
|||
||| What "pop-up" are you referring to, and where is what finding what?
|||
|||
||
|| IMHO, nav and avg suck at trojan detection (based on informal tests
|| in 2003). if they couldn't catch the plain jane trojans i threw at
|| them ...
||
|| michael

Gee, that was helpful.

 

[James Egan]

I've found that even if you leave them in there permanently, that new
installations will occasionally give an invalid path error on reboot,
but will otherwise install OK. They use a run once cleanup of the temp
after the installation is already done. The only time I've ever had a
problem is with an application called RegCompact that uses the temp to
store HKU data for importation, and I usually delete the whole autoexec
file during that and replace it later.

You must be talking about win9x since there isn't a deltree in winxp
(incidentally you might use rmdir /s /q). On my xp box these days any
file called autoexec.bat in the root directory is zapped automatically
at startup before running. Not sure if that's just since SP2 has been
installed.


Jim.

 

[Bart Bailey]

You must be talking about win9x since there isn't a deltree in winxp
(incidentally you might use rmdir /s /q). On my xp box these days any
file called autoexec.bat in the root directory is zapped automatically
at startup before running. Not sure if that's just since SP2 has been
installed.


Jim.

My basic XP-pro box (no SPs) isn't connected to the net, just used for
its multimedia flexibility, so I haven't done much poking around inside
its system. I didn't realize that there wasn't an autoexec though, but
do have to use a different boot2dos startup config to dump a ghost image
than what works for 9x. I use the one from an ME installation.
And yes, it's the 98SE system that gets examined for net borne anomalies
on a fairly regular basis.