The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

i need help removing trojan horse virus

Posted 5/24/2004 10:50 AM
#746
User avatar

jenjen8180 Member

Date Joined Nov 2016
Total Posts: 3
i need help removing the trojan horse virus from my computer :confused:
Posted 5/24/2004 10:52 AM
#747
User avatar

jenjen8180 Member

Date Joined Nov 2016
Total Posts: 3
i need help removing the trojan horse virus from my computer
Posted 5/24/2004 8:43 PM
#749
User avatar

ebuddha Member

Date Joined Nov 2016
Total Posts: 9
OK, we need a little bit more info than this. How do you know you have a trojan? What is the name of the trojan? What kind of activity are you seeing to make you think you are infected? What kind of AV software are you running?


Download hijackthis https://tomcoyote.com/hjt/



Post your log file here, and I will help.



e-
Posted 5/24/2004 10:54 PM
#753
User avatar

jenjen8180 Member

Date Joined Nov 2016
Total Posts: 3
i have the norton antivirus and when i scan it it said that i had trojan horse virus. my computer is really slow it will not restart. i get all kinds of pop up about porn.
Posted 5/24/2004 11:10 PM
#755
User avatar

ebuddha Member

Date Joined Nov 2016
Total Posts: 9
Please download Hijackthis and post the log file. I will be able to determine if you have any malware currently running on your PC. You might also want to download CWShredder or Adaware. It sounds to me like your browser has been hijacked.
Posted 5/24/2004 11:13 PM
#756
User avatar

ebuddha Member

Date Joined Nov 2016
Total Posts: 9
If your PC will not start in normal mode try to boot into safe mode. The link below explains how to boot into safe mode.
https://www.laplink.com/support/kb/article.asp?ID=102
Posted 5/24/2004 11:15 PM
#757
User avatar

ebuddha Member

Date Joined Nov 2016
Total Posts: 9
The forums at https://forums.techguy.org are very helpful for identifing viruses, trojans, and browser hijacks.
Posted 6/24/2004 8:52 AM
#1239
User avatar

baldeagle Member

Date Joined Nov 2016
Total Posts: 2
i also have an unidentified trojan horse that has infected my master boot files.i tried to send an attachment of the log from hijackthis but was unable. any help would be greatly appreciated.
Posted 6/24/2004 12:49 PM
#1245
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Hey Bald eagle, :confused: have you scanned your drive yet to identify the virus? If not, do so then we can help for real try using bullguard that should find it if it don't take your logs and send them to [url=support@bullguard.com]support@bullguard.com[/url] if not already using it download it.

Eagle :smilewinkgrin:
Posted 6/25/2004 7:06 AM
#1265
User avatar

baldeagle Member

Date Joined Nov 2016
Total Posts: 2
downloaded bulldog and scanned. could not attach results but this is what it found:C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3DRM2FD\NOCHEAT[1].JAR=>DUMMY. CLASS INFECTED JAVA.TROJAN.EXPLOIT.BYTEVERIFY.

DISINFECTION FAILED

MOVE FAILED

also what is an i/o error? I have 14
Posted 6/25/2004 10:39 AM
#1268
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Hi, Eagle--


I have Windows XP in an 8-month old Dell 4600. I have Adaware and SpyBot but SpyBot cannot remove DSO Exploit's 5-file spyware so it stays in my system. I do not have a firewall though my web designer has been strongly urging me to down;oad ZoneAlarm.



On the virus side of things, I have had parser.class virus in my



C:\I386\XMLDSO.CAB



It's been there for many months. Some MSN techs have told me to ignore it and not to delete it because deleting it would harm my computer.



What would advise that I do?



Thanks.



levotb
Posted 6/25/2004 10:49 AM
#1269
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Hi, Eagle! (#2)


I forgot to add that either SpyBot or Adaware are corrupting my MSN 9 forcing me to uninstall MSN, then reinstall and within a few days, my Inbox is again corrupted, giving me the...



0x80aa41f4



...error message. Also, an MSN tech took me into the Registry and rooted out all MSN files, then had me reinstall MSN 9. I also uninstalled and reinstalled MSN Messenger. None of this did any good. I have reinstalled MSN 9 at least 10 times in two weeks.



Yours,



levotb
Posted 6/25/2004 10:58 AM
#1270
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Hi, Again, Eagle!

Sorry for the third post in a row. I forgot to mention that I have Norton 2003 running with all current updates.

And, I forgot to mention that I have been running the Adaware Deep Registry (Custom) scans the past two days, and it has found a lot of spyware. I deleted all but three of them--those that attacked to three HKEYs:

HKEY_CURRENT_USER:Sof...

HKEY_LOCAL_MACHINE:Soft...

HKEY_LOCAL_MACHINE:So...

Should I delete these too?

Yours,

levotb
Posted 6/25/2004 12:26 PM
#1271
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
:freaked: One at a time, baldeagle you could go into regedit and delete the file if not familiar find some one who is and let them look but you can get rid of it there. i/o errors is short for input/output errors.
eagle :smilewinkgrin:
Posted 6/25/2004 12:36 PM
#1272
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Hey levotb,

No don't delete the .cab files, if you remember how the tech from MSN ran you thru regedit do that again, yes you can delete all the spyware, the virus is probably coming back thru system restore. after disinfecting do a disk clean then shut the system restore down, and restart, you get to restore thru control panel,performance and maintenence, basic info. on your computer, you will see the tab click on it and check the box that says turnoff restore, hit apply ok then restart. you could try bullguard they have a built in firewall, and it's way better than norton(sorry)

Eagle :smilewinkgrin:
Posted 6/25/2004 7:37 PM
#1276
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Thanks, Eagle but I need you to walk me thru regedit in trying to locate DSO Exploit (which is probably under a different name as I cannot find it in Search files and folders).
Posted 6/26/2004 12:29 PM
#1278
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
hey levotb,

you probably won't if you used the application for search that in XP. To get to the one I'm refering to got run,click it in that window type in regedit, then hit ok.your regedit should come up. then you go to the edit key, click on that a drop down should appear scroll down to the word find and click. when the window appears,type in the name of the file and click ok that will begin the search. When and if the files are found, you delete them. :nono: And once again NEVER DELETE A .CAB file.

Eagle :smilewinkgrin:
Posted 6/26/2004 12:32 PM
#1280
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Levotb, forgot to tell you the file name that you type in the window will be exploit.
Posted 6/26/2004 12:39 PM
#1284
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Hi, eagle--




Thanks for the walk thru. I'll let you know what happens. Worst case scenario? I'll have to reinstally XP...Regedit--here I come!

levotb
Posted 6/26/2004 12:57 PM
#1285
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
May the gods and those who think they are AKA Microsoft smile upon you . :tongue:

Eagle :smilewinkgrin:
Posted 6/26/2004 1:14 PM
#1286
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Eagle--

Okay, I did as you presribed in regedit. All that came up was the Messenger file "open", with a sub file named "SessionManager" with a "+" to the left of it--no yellow question marks or yellow triangle errors shown. In the box to the right (under SessionManager, I assume) is the following:


(Default) REG_SZ (Value not set)

Should I delete this????

Thanks. levotb
Posted 6/26/2004 1:30 PM
#1287
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Hi, Eagle--

ANother issue I am having is my MSNIE is corrupted and I have had to reinstall it 12 -13 times over the past two weeks (!). The yellow triangle appears and won't go away, signifying corruption of my Inbox/MSN. The error message is:

0x80aa41f4

I have gone to Google and cannot find a Windows error message even close. What can you suggest? The other error it has shown in recent months is:

0x80072efe

..but this one hasn't shown up for awhile. The 0x80aa41f4 is THE problem right now.

Thanks!

levotb
Posted 6/26/2004 2:43 PM
#1288
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Levotb, :confused: I think this is slightly above my head, if your using bullguard take your scan logs and send them to [url=support@bullguard.com]support@bullguard.com[/url] if not try it free for 60 days, could not hurt. One other thing PM Petria That one works for bullguard and can help tremendously. sorry I could'nt help much but where in the daylights were you in your os any way? let me know how this turns out OK?

Eagle :smilewinkgrin:
Posted 6/26/2004 3:22 PM
#1289
User avatar

levotb Valued member

Date Joined Nov 2016
Total Posts: 19
Thanks, Eagle--

Yeh, I spent an hour just trying to find 0x80aa41f4 at Google and no luck.

Will do. No, actually, I followed your regedit/edit just as you said, and typed in "DSO Exploit". Perhaps I should have typed in the HKEYs that are corrupted. There is still one...

HKEY_CURRENT_USER: Software...

that Adaware catches with each scan, but I am afraid to delete/remove it. SO, I leave it. Should I remove it? This is something different than the DSO Exploit, I believe.

levotb
Posted 6/26/2004 5:54 PM
#1293
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
:freaked: Danger will robinson,

I really don't know but, try deleting it, what's the most that can happen reinstalling your OS? :idea: In reality that's why you can't find it in your OS, it's Spyware so delete it. have you downloaded bullguard yet? If adawre keeps catching it then it's posing as a .dll file but actually a cookie. Kill it, strangle it blow it up, and have fun. let me know if it works.

Eagle :smilewinkgrin: :smhair:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, May 16, 2022, 7:13 AM (GMT +2)
There are a total of 61,972 posts in 13,696 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,681 registered members. Please welcome our newest member, EndlessWonder.
84 Guest(s), 0 Registered Member(s) are currently online.