Search Results

Search found 156 results on 7 pages for 'trojan'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/7 | 1 2 3 4 5 6 7  | Next Page >

  • Cleaning a proxy/phishing trojan from Windows XP computer

    - by i-g
    I am trying to remove an interesting trojan from a Windows XP computer. It manifests itself as a phishing page (screenshot linked) that appears after the user tries to log on to eBay. So far, I haven't found any other web sites that are affected. As you can see, the trojan intercepts browser connections (all installed browsers are affected) and injects this phishing page. The address looks like it's ebay.com, but HTTPS verification doesn't work (no lock icon or green bar in Firefox.) At some point, Trojan.Dropper appeared on the computer. I removed it with Malwarebytes Anti-Malware. Although it reappeared several times, it seemed to be gone after I booted into Safe Mode and did a full system scan with MBAM. Now, however, a different trojan has appeared on the machine; I suspect it was installed by Trojan.Dropper. So far, MBAM, Ad-Aware, and Spybot S&D have been unable to remove it. I've looked for it in the HijackThis log but haven't found anything conclusive. Has anyone run across a trojan like this before? Where would I start looking for it to remove it manually? Thank you for reading.

    Read the article

  • How do I know if I managed to completely remove an undetected trojan?

    - by ubuntuisbetter
    I catched a trojan that uses explorer.exe to reproduce itself in case of deletion of its autostart entry or main exe file in Programs/x. It had already tried to contact a suspicious server over explorer.exe, blocked that via my firewall. I: Removed the autostart entries from the registry Looked through my services if there was anything suspicious Deleted the trojan from Programs/ Went through System Volume Information to find a 2 month old explorer.exe and replaced the possibly infected one. There are no suspicious processes running now anymore (no duplicate explorer.exe) and nothing wants to connect this trojan owners sever either. I checked my system with several anti-malware programs too. What the trojan did: Started a second explorer.exe Always when I deleted the main trojan exe file it was reproduced (by the second explorer.exe) Always when I deleted the autostart entry it was reproduced by the explorer.exe too. When I terminated the suspicious explorer.exe, which used only half as much memory as the less suspicious one from Windows, a strange thing that I know from the computers in my Informatics class happened: A window popped up in the top left of my explorer-less desktop, titled "Personal settings for ... are ..." that obviously copied some files. Then both explorer.exes started again and the trojan was everywhere again. What did the trojan actually do to get explorer to rescue it? Is my PC clean of this newish trojan now? What are the other locations I should check for the trojan? The trjoan doesn't seem very high-level, could it have changed other system files or is the autostart entry vital for it? Thanks in advance, Your trojan paranoid friend (Getting linux in a week)

    Read the article

  • Explorer hijacked by a trojan

    - by hsdb
    I managed to catch a newish trojan that my Anti virus program wasn't able to detect. I'm usually not that bad at technical stuff regarding computers but I really don't know what to do with this one anymore. The trojan somehow managed to get my Windows to recover it every time I try to remove it by deleting it's exe (called some weird name located in Programs "asdza/saddasn.exe" (example only)). It also sets an entry in my autostart. It starts a second explorer.exe and tries to connect to some server obviously trying to steal data. (glad I still have my firewall) How can I get rid of this trojan, I really need help. It is new and probably unrecognized by all major virus scanners.

    Read the article

  • Getting rid of a trojan. SVCHOST question

    - by MasterPeter
    My antivirus keeps notifying me of a trojan. svchost.exe keeps creating some 'drivers' (.sys files in the drivers directory under system32 of my Windows XP installation) each of which is marked as Bubnix.AB trojan. The antivirus fails to remove many of the files as they are immediately used by svchost (I presume). How do I find out which service is the culprit? Why can't the antivirus effectively rid me of this plague? Also, how many svchost processes is it normal to have running at any one time? I am using Win XP SP3, and ESET NOD32 antivirus.

    Read the article

  • Trojan infection help please

    - by brandon
    Hey, I was browsing some websites and somehow obtained a trojan through some sort of silent download. Google Chrome started acting funny and wouldn't load web pages and neither would internet explorer. Only Firefox worked. I rebooted my computer and as usual logged into my email account as well as my bank account online completely forgetting about the infection. Could my information have been sent to the person or people or wrote the trojan? I downloaded Zone Alarm and took care of the issue, I'm just worried about when I absentmindedly logged into my email account and bank account online while I was infected.

    Read the article

  • Does VMware_ThinApp_4.0.3_169725.msi contain Trojan.Win32.Vapsup in it? [closed]

    - by Joe
    Today I ran a full system scan using Online Armor++. It detected Trojans in the installer. I have had this installer on the computer for many months and I do not remember if I ever installed it on this PC or not. For some reason I unpacked the installer with 7zip though. I was probably going to attempt to make it portable. Anyway so I had the installer in a folder, and another folder next to it with all of the installers files unpacked. The VMwareVS.cab file that was extracted from the installer, also had its files extracted into another folder. This was all done many months ago. OA++ did not detect the installer itself as as Trojan VMwareVS.cab, but it did detect 4 of the files that I had unpacked as Trojans. Here are the details of what the scan detected on my PC today. Note: I uploaded these files to VirusTotal....the Ikarus and A-squared engines(the engines from Online Armor++) are not detecting anything. But some of the other engines are detecting the same Trojan that OA++ detected(Trojan.Win32.Vapsup). C:\Downloads\VMware_ThinApp_4.0.3_169725.msi [This file was not detected by the Virus Scan as infected] CRC-32: 50189335 MD5: 9e32e3272d2637fb6e0759a604879e6f SHA-1: 19ef5a6d586ddcc5b9222ba57b0f14159655f3f8 C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS.cab [This file was not detected by the Virus Scan as infected] CRC-32: d3a9694a MD5: ddc278a8fe0a25486277d9800e6af85a SHA-1: 456b731c8b6fdb7a1d7bcff3d1fbe9df58ccc73a Online Armor++ Virus Scan Results: Detected Trojan.Win32.Vapsup.vee!A2 C:\Downloads\VMware_ThinApp_4.0.3_169725\Binary.ThinstallProcess CRC-32: 4888b13c MD5: 4884cb4622278c0835b9a5dcd2ae0473 SHA-1: ed879ae65147805dd69e1355c17df814b9d434ce Detected Trojan.Win32.Vapsup.vef!A2 C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\AppSync.exe CRC-32: fd20b378 MD5: cbdcdd590f7ffc52b6ce68fa11f2bda4 SHA-1: aebf685e02d6693df9eaa92c67dc5746792b5ecf Detected Trojan.Win32.Vapsup.veg!A2 C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\logging.dll CRC-32: 8adee5d5 MD5: 56ff9b83f58ba8eacb6e939aa4759bf0 SHA-1: b52fa38765a25fe6a2c4f60d76545a4dd64904eb Detected Trojan.Win32.Vapsup.vek!A2 C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\thinreg.exe CRC-32: 423c5652 MD5: c436feff8d9096e7475c84a6bca6096c SHA-1: 685b84af796132ce144aacd6ff23379e17ddf1a7 Are these files indeed infected by this Trojan, or is it just a false positive? Does anybody have the same version of the original installer, who could find out if the Checksums of the installer and unpacked files match? Should I be worried about whether this Trojan has spread and infected my machine? Thanks in advance for any help!

    Read the article

  • DNSHost.exe trojan found, now after fix, no one can print

    - by Matt Dawdy
    What started today as an inability to get to the internet (but people could get in just fine), morphed to we realized that the DNS Server wasn't working, then we figured out that we had a trojan called DNSHost.exe (spybot.rl I think), and we disabled its service entry and deleted the offending file and all registry keys told to use by the Trend Micro site. Now, we can get on the internet, but the printer being served by this machine (called server2) cannot be printed to from any client machine on the network. We get the error "The RPC Server is unavailable". I'm assuming that this is related to the DNS issue we had earlier, as we were able to print just fine until this fun happiness started this morning. Anyone have any solid suggestions? Windows Server 2003 R2 SP2, and the client machine are all Windows XP SP2.

    Read the article

  • Trojan Horse Generic.15.apnz Virus Impossible to get rid of?!

    - by DaveDev
    Hi Guys I'm new to this forum so I'm unsure whether this is the right place for a question like this. I have a Trojan Horse infection that lives in memory and seems to be impossible to get rid of. I've tried a vew AntiVirus products (Norton, Windows Essentials & AVG Free) all to no avail & I've recently tried a few bootable antivirus solutions I found here: http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ Kaspersky Rescue Disk 2008 (failed - it wouldn't even load the UI, is there a newer one out there?) F Secure Rescue Disk (Updates & Scanner ran, found 10 infections, said it was going to delete or repair them, but didn't get rid of them) Avira found a load of infections but it froze when I tried to interact with the UI after the scan. Every time I run these I'll load Windows after & run AVG, and it still finds Trojan Horse Generic.15.apnz (in Services.exe) & Trojan Horse Generic.16.ARSU (in svchost.exe) Is anyone familiar with a virus like this? Can anyone suggest how to approach a solution? Thanks Dave

    Read the article

  • Wirenet : découverte du premier trojan Linux/Mac OS X interplateforme de vol de mot de passe

    Wirenet : le premier trojan Linux/Mac OS X interplateforme De vol de mot de passe Doctor Web, l'éditeur russe d'antivirus, a annoncé l'émergence du premier Trojan Linux/OSX interplateforme de vol de mot de passe. Par l'utilisation d'un backdoor, le malware au nom de code BackDoor.Wirenet.1 arrive à transporter les données de l'utilisateur vers un serveur de contrôle situé à l'adresse 212.7.208.65. Les données récoltées comportent les touches de claviers tapées à l'image d'un keylogger et les mots de passe des utilisateurs enregistrés dans les navigateurs Opera, Firefox, Chrome et Chromium et dans les applications Thunderbird, SeaMonkey et Pidgin. L'AES (Advanced Encryption...

    Read the article

  • How do I find information about a particular trojan? "W32/Smalltroj.XVGT", as reported by Norman

    - by Lasse V. Karlsen
    I tried checking the Norman antivirus page, Virus-descriptions, but sadly it seems Norman has intentionally obfuscated their search results (I tried clicking on W, and it seems they just list viruses with a W somewhere in the description, instead of more typical, all viruses with a name starting with a W.) Is there a common virus-list somewhere, or is it as I suspect, every antivirus manufacturer is free to come up with their own identification tags for each virus? Several "vshost32.exe" files, related to Microsoft Visual Studio 2008, has been quarantined on our server today, probably related to a test-deployment of some internal software. Some developer machines that have grabbed that latest version of our program has also had the same files quarantined. Now, these files should not have been deployed in the first case, so I'll be looking into that, but whenever any developer now builds a program locally and attempts to debug, the same file is placed in the build output directory, and promptly quarantined. Does anyone have any clues as to how I can go about verifying this before I pointedly ask the antivirus software to go take a hike on this particular virus? Edit: I've copied one of the quarantined files manually to a machine over the network that doesn't have antivirus installed, and compared the file on that machine with a local copy (on that machine) of the vshost32.exe template file, and they're bit-for-bit identical. I guess this is a false positive. I still would like to know if it would be possible for me to verify this in any other way though, since next time such a trojan might be reported in a compiled file that we won't have a pristine copy of.

    Read the article

  • How do I properly check if a program is a virus/trojan in VMware?

    - by acidzombie24
    How I should check if a program is a virus in VMware? Some programs I do need admin ability to install and it makes sense. But how do I know if it's doing more than I want? Some thoughts are: How many processes open when I launch the application What is added to the startup tab in msconfig If any services are added. That's pretty much all my ideas. Even if it does something I recognize I wouldn't know if it's necessary or not. What are some rule of thumb? -Edit- What about registries, can I use that information to help? Maybe have a scanner tell me if the application I just used has messed with sections (like bootup) it shouldn't have?

    Read the article

  • Win 7 firewall won't turn on, nor the McAfee firewall. Hit by "Win 7 Anti-virus 2012" trojan. Removed, but a downed firewall is a lasting legacy

    - by PhxTitan
    I caught the Trojan right away, I think, but both my McAfee & Win 7 (x64) firewalls are not able to be engaged/turned on now. MS Error Code 0x80070424 when attempting to turn on Win 7 firewall. No viruses. Swept it with McAfee AV, Malwarebytes Anti-Malware, Microsoft malware removal tools. Followed Microsoft's three courses of alternative actions they posted for instructions for getting the Win 7 firewall back up and on. Nothing. Same error code. The post just said see MS support if those fixes failed. So I removed McAfee altogether. Still Win 7 (professional version) firewall won't come on; and clean of detectable bugs. And I'm fully updated with MS Windows 7 updates as well, which is no longer automatic, that too a legacy of the trojan bug I think. Any thoughts on how to get the Win 7 firewall operational??? And auto updating reengaged?

    Read the article

  • Can Windows Essentials Remove the JS/Alescruf.C Virus from a Windows PC?

    - by jmort253
    A colleague just visited a site which had been hacked by the JS/Alescruf.C trojan virus, which infects HTML via embedded JavaScript. Windows PC's are infected by visiting the site. If my colleague has Windows Essentials, which detected and removed the trojan, is there anything else that he needs to do to make sure the virus is no longer active? Windows Essentials detected the trojan within seconds of visiting the site, and he's running a full system scan to see if it still detects anything.

    Read the article

  • Can Windows Essentials Remove the alescruf.c Virus from a Windows PC?

    - by jmort253
    A colleague just visited a site which had been hacked by the alescruf.c trojan virus, which infects HTML via embedded JavaScript. Windows PC's are infected by visiting the site. If my colleague has Windows Essentials, which detected and removed the trojan, is there anything else that he needs to do to make sure the virus is no longer active? Windows Essentials detected the trojan within seconds of visiting the site, and he's running a full system scan to see if it still detects anything.

    Read the article

  • Week in Geek: BlackHole RAT Trojan Targets Mac OS X Edition

    - by Asian Angel
    This week we learned how to change window transparency in Windows 7 with a hotkey, backup web-based email accounts using Thunderbird, “temporarily halt autorun, enable Android’s power control, & securely wipe CDs/DVDs”, “block text messages, prioritize Wi-Fi connections, & revitalize a Windows 6 phone”, learned what Bitcoin the virtual digital currency is, and more. Photo by Jessica Lucia. Latest Features How-To Geek ETC Learn To Adjust Contrast Like a Pro in Photoshop, GIMP, and Paint.NET Have You Ever Wondered How Your Operating System Got Its Name? Should You Delete Windows 7 Service Pack Backup Files to Save Space? What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? How To Make Hundreds of Complex Photo Edits in Seconds With Photoshop Actions Sync Your Windows Computer with Your Ubuntu One Account [Desktop Client] Awesome 10 Meter Curved Touchscreen at the University of Groningen [Video] TV Antenna Helper Makes HDTV Antenna Calibration a Snap Turn a Green Laser into a Microscope Projector [Science] The Open Road Awaits [Wallpaper] N64oid Brings N64 Emulation to Android Devices

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7  | Next Page >