Re: Trojan

Turn off system restore until you get rid of the trojan. When you can scan
your system and all is clean, then turn it back on.




"tom" <k@xxxxx> wrote in message
news:1QTOh.17906$tD2.3284@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Picked up a nasty when opening a web site the other day and can't seem to
shake it. Am using updated CA anti-virus but it allowed the infection even
though it recognizes it but can't rid my system of it. I routinely clean
out
history files and caches. I keep deleting files but it keeps recreating
them. It keeps re-establishing itself in the "start" menu in run/msconfig.
I
have to "end process" of an unusual numbered process in task manager every
time I re-boot. The files that it keeps replicating are in "C/Windows" and
was "norton exe" but has now become "winform exe". Have tried Kapersky,
Panda and CA on-line scanners but no luck. Below are the CA prompts I keep
getting. Any ideas? Tom G.

2007/03/29 11:30:24.656 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic
trojan.
Deleted
2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan. Deleted
2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.578 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic trojan.
Deleted
2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan. Deleted
2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan. Deleted
2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan.
2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan.
2007/03/29 11:31:23.343 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local





.

Relevant Pages

  • Re: Removing CoolWebSearch (spyware)
    ... do you have a good backup of your valuables? ... fear of taking the trojan along with them? ... dirty it's tons easier to clean a not-booted drive. ... stuff is safe and clean, ...
    (alt.guitar)
  • Re: Removing CoolWebSearch (spyware)
    ... without taking the trojan along with it? ... having to boot Windows on the same drive. ... dirty it's tons easier to clean a not-booted drive. ... Reload Windows from CD ...
    (alt.guitar)
  • Re: Klone Virus
    ... | A simple clean reinstall wiping all disks ... | case of a Trojan it's NOT sufficient to remove the Trojan, ... create "restricted user" accounts for EVERY user of the system, ... | except system administration. ...
    (microsoft.public.security)
  • Re: Question for all
    ... One way to clean the trojan horse off of the system is ... He is running Norton ... Want to chat instantly with your online friends? ...
    (Security-Basics)
  • Re: Trojan.Proscks, I cant clean, quarantine, or delete
    ... | My Norton A/V could not clean, quarantine the files, so it left them alone. ... | the virus as LOW theat, so I put the issue on hold. ... It is a Trojan and not a virus and it looks like the Trojan "trojanized" the legitimate ...
    (microsoft.public.windowsxp.security_admin)