trojan virus..

Reply

  #1  
Old 07-03-02, 07:55 PM
kaybyrd's Avatar
Member
Thread Starter
Join Date: Feb 2002
Location: N.W. MS.
Posts: 1,774
trojan virus..

a friend of mine just found out she had a virus on her computer, reformatted the drive and re-installed off her installation disk. the virus is back, and she is running norton virus protection. it didn't pick it up.

where else can you get these virus'? i've heard that some installation discs that you purchase off the shelves can contain virus' as well as those installation discs (distribution) that come with your computer. is all this possible, or am i missing something here.

kay
 
Sponsored Links
  #2  
Old 07-04-02, 12:41 AM
Member
Join Date: Dec 2000
Posts: 1,019
An infected disk is one possibility. There are a few trojans that store code in CMOS or affect the BIOS itself. So, even if the disk is fdisked and formatted the virus comes back. A virus can be stored in printer memory also. These types are rare. Two likely sources are internet browsing and installing software from an infected disk. [Boot disk, sharing a disk with a friend. like that].

A virus replicates itself. A trojan does not. Some virus checking programs detect trojans; others do not. I have forgotten the site, but a torjan database exists on the web. It lists many torjans, their payload, and points to removal methods or sites.
 
  #3  
Old 07-04-02, 12:56 AM
kaybyrd's Avatar
Member
Thread Starter
Join Date: Feb 2002
Location: N.W. MS.
Posts: 1,774
i will let her know, and also search for the posts you mentioned.

Thanks!

-kay
 
  #4  
Old 07-04-02, 08:24 AM
Member
Join Date: May 2001
Location: Carol Stream, IL
Posts: 338
More likely the trojan hid itself in the MBR sector of the hard drive. A simple reformat only does the data sections of the hard drive. Also, the virus could of stayed in RAM memory so that if you didn't reboot . The other precaution to take is setting your boot disk to read only so that the virus can't infect the floppy your using to clean the virus.

Other possible explanations. The virus came in a e-mail and after reformating the person accessed the same e-mail off the server. Personal data that was backuped onto something else had the virus in it. The virus is actually on a floppy disk that the user continues to use.
 
  #5  
Old 07-04-02, 10:22 AM
kaybyrd's Avatar
Member
Thread Starter
Join Date: Feb 2002
Location: N.W. MS.
Posts: 1,774
she did mention that it makes her machine do weird things and...the more she reboots her system the worse it gets. that would mean cmos or bios, correct? or maybe the MBR area..she did mention ... here's what she posted in the Chats/Whines forum:

[size=1]Big problem..

It started over amonth ago and have no idea where it came from...

also it's a trojan type virus, so I think protection wouldn't have been much help...lol

Seriously tho,
I had the C Drive re-formatted (read-wiped out) - and deleted the registry keys for the virus. Also used some hard-core deletion programs.

IT CAME BACK...

My friend actually jumped in his chair when it did...frightening. And Norton did NOT pick it up....

Anyhow. not hurting my computer, just annoying.
[/size]
2000 mentioned that a trojan doesn't replicate itself. what does it do?

-Kay
 
  #6  
Old 07-04-02, 01:08 PM
GwyniChaela
Visiting Guest
Posts: n/a
Hello!!

As you can tell by my avatar, I am the one with the computer issues.......oops. Crap. I hate my dependency on these things!!


Anyhow. I have been having my best friend do some work on it and here's what he said.

He needs to know how to delete a hidden systems file (he thinks - as far as he can tell).

He has fdisked and reformatted, and deleted registry keys. He has done everything he can think of. The file doesn't exist in DOS. (or in any other file search.) It IS in my System Config startup menu. And it reboots itself every time I reboot - even if I clear it out of the startup menu. So, I am trying to reboot as little as possible until I can figure it out - if I can.

When it does reboot, it regenerates itself as a 10kb exe file. With a randomly generated file name. I can go in and delete the files and keep it from affecting my computer while it's running. Or so it seems. I haven't had any problems with it in the past few days. But I also haven't re-booted!!!!


let me know what you think...please????

THANK YOU
 
  #7  
Old 07-04-02, 06:46 PM
BSB's Avatar
BSB
BSB is offline
Member
Join Date: Mar 2001
Location: GB, WI
Posts: 782
Try going to http://www.infosyssec.org/infosyssec/ down towards the bottom is an area where you can scan for trojans. Or you can do a search for the name and see what help is out there.

Brian
 
  #8  
Old 07-05-02, 11:00 AM
Member
Join Date: Jan 2002
Location: Chicago
Posts: 1,915
I had something like that also... and after 2 hours of trying I gave up and reinstalled. When doing that, make sure you start the computer up with the Winows CD, start the computer with CDROM support, then go to fdisk, and delete the partition you need (if only one, the better). Then reset the MBR, recreate the partition, format, then install Windows. After which time you should install your AV program, update it, and then install the programs you want. My sister's computer had a virus similar to this, the AV would find it, delete it, and then it will regenerate after reboot. It will show up in Msconfig and the registry, but clearing it will simply add another entry. Reloading was the only solution that worked, and I did try.. It took me 4 hours to install Windows and her programs back up She got that virus through an email, and the AV she had didn't find it. I've noticed that so far McAfee finds the most viruses compared to any other program.
 
Reply

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread
Display Modes