Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

trojan horse

  • 20-07-2006 6:19pm
    #1
    pm.
    Registered Users, Registered Users 2 Posts: 2,147 ✭✭✭


    hi, my neighbour asked me to look at his computer, its only a few months old and he went online with it without any anti virus or his firewall on :eek: i got rid of most of the virus on it but i cant delete ( WIN32 SDBOT -GEN22 ) when i go to Internet explorer all i get is Microsoft blank, i used avast av to get rid of most things and spy bot, i also ran avast before windows started, what should i do :confused:


Comments

  • #2
    Nick_oliveri
    Registered Users, Registered Users 2 Posts: 2,497 ✭✭✭Nick_oliveri


    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=12411

    This gives a list of directories and files that this virus might be named as.

    Do you know what file is infected? If so, go to that directory and delete it manually.

    If this fails try invoking Safe Mode by pressing F5 or by pressing F8 and selecting it from the boot menu when you start the computer. Then do a virus scan and delete the infected file.

    Do not go online with this pc until the file is deleted. Have the antivirus definitions for this pc been updated recently? Obviously it can find this virus, but there may be others that its not picking up.


  • #3
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Run antivirus in safe mode also and check the Startup tab in msconfig (start->run and type msconfig in the box).


  • #4
    christophicus
    Registered Users, Registered Users 2 Posts: 3,969 ✭✭✭christophicus


    I had a trojan not too long ago and among other things i tried all of the above things. In the end what worked for me /even after using regcleaners and what not was AVG free edition. I just did a normal scan and it detected 15 different hazerdouse files ,while a fully up to date norten only found 1 !


  • #5
    MunsterCycling
    Registered Users, Registered Users 2 Posts: 4,864 ✭✭✭MunsterCycling


    NOrton ahhhh, there's a reason the O is capitalised!


  • #6
    TomCo
    Registered Users, Registered Users 2 Posts: 2,528 ✭✭✭TomCo


    Sometimes a virus will change permissions in the registry so you can't delete the file, if that happens you have to run regedit when logged in as admin and give yourself the relevant permissions.


  • Advertisement
  • #7
    pm.
    Registered Users, Registered Users 2 Posts: 2,147 ✭✭✭pm.


    Ruu wrote:
    Run antivirus in safe mode also and check the Startup tab in msconfig (start->run and type msconfig in the box).

    ok but what do i look for in the startup tab ? also ctrl alt delete wont work :confused:


  • #8
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    pm. wrote:
    ok but what do i look for in the startup tab ? also ctrl alt delete wont work :confused:

    You could check for something suspicious, something that shouldn't be there. You will notice anti-virus scanners and other things there, post a screenshot (Prt Scr button, paste into MSPaint and save) and one of us will have a look here.


  • #9
    pm.
    Registered Users, Registered Users 2 Posts: 2,147 ✭✭✭pm.


    Ruu wrote:
    You could check for something suspicious, something that shouldn't be there. You will notice anti-virus scanners and other things there, post a screenshot (Prt Scr button, paste into MSPaint and save) and one of us will have a look here.

    thanks for the help ruu, but i cant get Internet explorer to work, all that comes up is Microsoft blank, i tried run it in safe mode logged on as administrator and did an av run it found 3 viruses, but when i logged on as the normal user they where still there.


  • #10
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Did it put them in quarantine or remove them do you know?


  • #11
    pm.
    Registered Users, Registered Users 2 Posts: 2,147 ✭✭✭pm.


    Ruu wrote:
    Did it put them in quarantine or remove them do you know?

    when it finished the scan it found 3 virus then i pressed delete.


  • Advertisement
  • #12
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Disable System Restore if its running and restart into safe mode, scan again and then see if theres any difference.


  • #13
    trojaneater1
    Closed Accounts Posts: 93 ✭✭trojaneater1


    Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

    ok
    kill these processes first.
    cnfgld32.exe
    hdvcxa.exe
    navasvc.exe
    operserv.exe
    plug-in.exe
    rectumunet.exe
    systemroot+\system32\lshosts32.exe
    systemroot+\system32\yahoomsgr.exe

    run regedit:
    Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\yahoo instant messengar, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\yahoo instant messengar, delete it and reboot the machine immediately.

    Remove these files (if present) with Windows Explorer:
    cnfgld32.exe
    hdvcxa.exe
    navasvc.exe
    operserv.exe
    pictures.pif
    plug-in.exe
    rectumunet.exe
    systemroot+\system32\lshosts32.exe
    systemroot+\system32\yahoomsgr.exe

    get back to me and tell me how you got on........................


Advertisement