Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

FN-FORUM: Trojan troubles resolved!

date posted 11th November 2007 22:48

Hi all,

Just to say thanks for all the help.

I used hijack this to remove the offending file - hooray!

Carrie

Just for your information: (ie this is long and detailed)
it was

Win32.BHO.df

it instals a browser helper object - unlimited access to your machine.
it also installs a file in the system32 folder- (on every reboot.)

I could see the trojan in spybot, but avg anti spy and windows defender
both missed it.

Spybot said it had fixed it but it reappeared on every re-boot -
including those from safe mode, and where I crashed out of safe mode
(laptop - removed the battery) after doing the clean.

the browser helper tool BHOdemon couldn't see the BHO alledgedly
insalled- but i never use ie other than for testing my sites, and I had
repeatedly cleaned before.

Hijack this was the answer - it shows the bits of registry that used by
hijackers and gives you a report on all those values, it is not very
user freindly to start with, but with the information from spybot that
it was trying to load a file from the sytem32 folder you can work it out

spybot gives the filename loaded in - not auto run - sorry its gone now
- so I can't check.

any way it begins __c???.dat

I couldn't get windozexp (service pack 2) to see it let alone delete it
so it is still there.(could anyone tell how? please, del from the
command line didn't work.

I used hijackthis, to spot where the file was being loaded and removed
the entry.

AND IT WORKED!!!
3 days of hell trying to find out what to do. google was no help at all
and neither were any of the help forums.

I credit my fixing it to a lovely afternoon visiting a new windfarm site
in Watchfield, Wiltshire, where the first Big Green Gathering was held.
A friend of mine has invested £3000, (return in theory 9-12% pa long
term investment though. more projects happening in your area - this one
was a co-operative now closed - I think)


pub lunch, walked the dog, had interesting conversations, BLISS.

Carrie



PS [So sometimes it is good to be indexed by google.] if you got here
from there - don't use any of the sponsored links to help you they will
make your problem worse.
get hijack this and spybot and remove that entry - sorry I can't tell
you what it is (I didn't write it down) but it is below the autorun
section which is why I didn't spot it earlier, scroll down looking for a
file in the sytem32 folder starting with whatever spybot said it was
looking for - I couldn't see it any other way, and couldn't get winxp to
see it at all.

Messages by Day
November 30th 2007
November 29th 2007
November 28th 2007
November 27th 2007
November 26th 2007
November 25th 2007
November 24th 2007
November 23rd 2007
November 22nd 2007
November 21st 2007
November 20th 2007
November 19th 2007
November 18th 2007
November 17th 2007
November 16th 2007
November 15th 2007
November 14th 2007
November 13th 2007
November 12th 2007
November 11th 2007
November 10th 2007
November 9th 2007
November 8th 2007
November 7th 2007
November 6th 2007
November 5th 2007
November 4th 2007
November 3rd 2007
November 2nd 2007
November 1st 2007


Messages by Month
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000