Urgent - Backdoor Litmus removal

  • Thread starter Thread starter Budgie
  • Start date Start date
B

Budgie

AVG tells me I have the Backdoor Litmus trojan virus in a file called
c:\Program which is 44.5kb in size. However it will not move the file to the
Virus Vault.

How do I remove the virus?

Budgie
 
AVG tells me I have the Backdoor Litmus trojan virus in a file called
c:\Program which is 44.5kb in size. However it will not move the file to
the Virus Vault.

How do I remove the virus?

Budgie
Click to expand...


[ snip bullshit malformed .sig ]


<http://vil.nai.com/>


and then engage your noddle.



Regards,

Ian
 
| On Tue, 02 Dec 2003 11:55:49 +0000, Budgie wrote:
|
| > AVG tells me I have the Backdoor Litmus trojan virus in a file called
| > c:\Program which is 44.5kb in size. However it will not move the file to
| > the Virus Vault.
|
|
| <http://vil.nai.com/>
|
|
| and then engage your noddle.
|
Thanks - good site. So simple deletion is sufficient? There is no
traywnd.exe file on the machine.

Budgie
 
| On Tue, 02
Dec 2003 11:55:49 +0000, Budgie wrote: | | > AVG tells me I have the
Backdoor Litmus trojan virus in a file called | > c:\Program which is
44.5kb in size. However it will not move the file | > to the Virus
Vault.
|
|
| <http://vil.nai.com/>
|
|
| and then engage your noddle.
|
Thanks - good site. So simple deletion is sufficient? There is no
traywnd.exe file on the machine.

Budgie
Click to expand...


Should be. Litmus is tiny and as it's a trojan, it doesn't self-replicate
/ infect other files. Delete what you know you have reported as Litmus,
then run another scan to make sure. Preferably, download another AV
scanner (<http://www.complex.is/> is highly recommended[1]) and scan with
your normal AV and the newly downloaded one to make sure there is nothing
remaining. Litmus isn't "dangerous" as such.. not like a mass-mailing worm
might be.. although IIRC, it can be used to make a "botnet" for IRC which
can then be issued to commit DDoS attacks on hosts. Anyways, the cleaning
of Litmus is definitely one of the easier ones =)


HTH.



Regards,

Ian


[1]: No affiliation with F-Prot, just a happy user for many years.. but it
is a reliable scanner and the windoze trial version would be enough to
perform a "second opinion".. never know, you might even like F-Prot =)
 
[snippage]
[1]: No affiliation with F-Prot, just a happy user for many years.. but it
is a reliable scanner and the windoze trial version would be enough to
perform a "second opinion".. never know, you might even like F-Prot =)
Click to expand...

That's right Ian.

However, the trial version of F-Prot for Windows doesn't come with the
updater component (of course you can manually perform updates).

It's also worth noting for licensed *home* users (US $29.00)...

"Users who have bought F-Prot Antivirus for Windows
software product, the home user version, may install it on all
computers in their household that are used for personal purposes."

That's *all* folks.
 
| On Tue, 02 Dec 2003 14:44:22 +0000, Budgie wrote:
|
| Should be. Litmus is tiny and as it's a trojan, it doesn't self-replicate
| / infect other files. Delete what you know you have reported as Litmus,
| then run another scan to make sure. Preferably, download another AV
| scanner (<http://www.complex.is/> is highly recommended[1]) and scan with
| your normal AV and the newly downloaded one to make sure there is nothing
| remaining. Litmus isn't "dangerous" as such.. not like a mass-mailing worm
| might be.. although IIRC, it can be used to make a "botnet" for IRC which
| can then be issued to commit DDoS attacks on hosts. Anyways, the cleaning
| of Litmus is definitely one of the easier ones =)

Many thanks. Trojan appears to have disappeared, hopefully never to be seen
again!

Budgie
 
Budgie said:
Many thanks. Trojan appears to have disappeared, hopefully never to be seen
again!

Budgie
Click to expand...

Now if you could only make that sig disappear....
 
|
| Now if you could only make that sig disappear....
|

Don't think I can do that without eliminating it from e-mails as well, which
I don't want to do.

Budgie
 
Budgie said:
|
| Now if you could only make that sig disappear....
|

Don't think I can do that without eliminating it from e-mails as well, which
I don't want to do.
Click to expand...

oh yes you do... you just don't know it yet...

that certification sig is snake-oil, pure and simple... the mere
concept of it is intellectually dishonest (an anti-virus can't
guarantee there are no viruses present, it can only tell you when there
are viruses present) and by allowing that product to add that sig to
your messages (usenet and email) you're helping it to spread it's
anti-virus fairy tales to people who probably don't know any better and
might think start thinking that anti-virus software can actually make
that guarantee...
 
Back
Top