Sunday, September 17, 2006  

[Trojan!]

I'm pissed. Actually, very pissed.

My rig's infected with a Trojan, and I'm not sure what it is, hence I cannot remove it. I have NAV 2005 installed, and this afternoon the auto-protect feature caught three Trojans on my hard drive. If my auto-protect was turned on, how did they get onto my hard drive in the first place?

Anyway, two of them were deleted without much fuss. One of them could not be deleted, and access to it was blocked. I didn't think much it'd cause any trouble, since access to it was blocked.

Boy, was I wrong.

What happened next was a blur. I can't remember exactly what I did, but here's the current situation:
  1. There will be a ton of msvcrt.exe processes when I boot up. I killed them off one by one, I think there were 19 of them.
  2. Win XP is behaving funny...Some of my shortcuts for Windows Explorer will tell me they can't open (null), but still opens Windows Explorer anyway.
  3. My task bar's fucked. Volume Control is no longer shown, and some of my icons have changed colour, two are invisible. They're still there, they still take up space. They're just a solid grey. Hence, "invisible".
There may be some other problems which I've yet to discover.

I tried following Symantec's suggestions on removing Infostealer.Banker.B (this is what NAV thought it was...I have a feeling it might be wrong) in safe mode, didn't work. None of the registry strings that I'm supposed to delete are in my registry to begin with. And I can't start any applications at all when I'm in safe mode. I can't start msconfig, so I was actually stuck in safe mode for a while, until I thought of a way to modify boot.ini while in safe mode. I couldn't run NAV in safe mode neither, I think the Trojan's still alive in safe mode, blocking NAV from being executed or something. If I could run a manual scan in safe mode, I might just be able to track the Trojan down and delete it.

Aragh.....Anyone has any ideas what can I try now? What I'm doing now at each start-up is just basically kill all the msvcrt.exe processes and try to do my work as per-normal.

^^^ by Locksley @ 9:35 PM. 4 comments.
[Read Comments] [Post Comments]

[Comments]

Try this:-
http://www.bleepingcomputer.com/tutorials/tutorial101.html
If still cannot, tell me, I'll pass you SAV 10 Corporate Edition. :P
I do this often on user's machine.

What's the name of the Trojan by the way?

^^^ posted by Anonymous Anonymous @ Mon Sep 18, 05:02:00 PM.

Try this too:-
http://vil.nai.com/vil/stinger/

^^^ posted by Anonymous Anonymous @ Mon Sep 18, 05:14:00 PM.

I'm running Stinger now. Now sure if it'd find anything, since it only recognises 55 virus/trojans/malware.

NAV says the name of the Trojan is Infostealer.Banker.B. But I have a feeling it's wrong. I read the page that described what it does. What's wrong with my rig right now sounds nothing like what's mentioned.

^^^ posted by Blogger Locksley @ Mon Sep 18, 07:53:00 PM.

Eh, I'm not using Norton 2006 so not sure, but so far SAV 10 CE catches all the Infostealer thingy...

^^^ posted by Anonymous Anonymous @ Mon Sep 18, 10:28:00 PM.

[<---Back to Main]
RSS
Tweet tweet!
Broken for now. :( If anyone knows of a good way to display tweets without using Twitter's awful looking widgets, please let me know. Preferably something that allows me to retrieve my tweets in plain-text format.

What's this about?
Anything and everything under the sun. I write about my day, my thoughts, things I see in public, things to get off my chest, or sometimes just some senseless rants that make sense only to me.

About Me
30 year old male. Always with too many ideas in his head and too little time. For my 15 minutes of fame, I want to be a guest on the Late Show with David Letterman.

Interests
Movies, TV, cycling, computers, planted tanks, cherry shrimps, P2P legal issues, Manchester United, WWE, TNA, UFC, etc...

Disclaimer
Best viewed @ 1280*1024 or above. Views are expressed are mine and mine only, and are not meant to offend or influence anyone. Designed for readers with a sense of humour. If you can't laugh at yourself, you probably won't like my style of humour.

Archives
2003
December
2004
January
February
March
April		 May
June
July
August		 September
October
November
December
2005
January
February
March
April		 May
June
July
August		 September
October
November
December
2006
January
February
March
April		 May
June
July
August		 September
October
November
December
2007
January
February
March
April		 May
June
July
August		 September
October
November
December
2008
January
February
March
April		 May
June
July
August		 September
October
November
December
2009
January
February
March
April		 May
June
July
August		 September
October
November
December
2010
January
February
March
April		 May
June
July
August		 September
October
November
December
2011
January
February
March
April		 May
June
July
August		 September
October
November
December
2012
January
February
March
April		 May
June
July
August		 September
October
November
December
2013
January
February
March
April		 May
June
July
August		 September
October
November
December
2014
January
February
March
April		 May
June
July
August		 September
October
November
December
2015
January
February
March
April		 May
June
July
August		 September
October
November
December
2016
January
February
March
April		 May
June
July
August		 September
October
November
December
2017
January
February
March
April		 May
June
July
August		 September
October
November
December