weird goings on

7aken

hey board,
bout 3 weeks ago i ended up wiping my harddrive because of a strange trojan as far as i can guess....
it started with me downloading and running a program called the cleaner from moosoft.com its designed to hunt out trojans that might slip past av's. as i was using norton2005 at the time (fully up to date) i wasnt expecting to find anything. i was wrong. after about 10mins 'the cleaner' told me it had found something and asked me if i wanted to remove it. i let it get on with deleting which turned out to be a very bad idea. somehow the trojan executed and started doing funny things to my system, starting with the destruction of the registry. it completely digested norton2005 and mcafee personal firewall. in the end the only option left was to shut down the system. i recovered important data and used erd commander to examine what damage was caused. most of the registry had been chewed up, along with just about everything else. the only signature it left was a file called wdejawta.sys i cant find any referenc to this file online anywhere.

anyway, sorry for the long post, anyone ever come across this before?

Capt'n Midnight

Mac daddy wrote:

if you read the charter you will know were to post - this forum is discussions about exploits.

run adaware, spybot IN SAFEMODE!!, post the hijack this log file

Read the stickies here and on windows and on computers - all known malware removal tools are in there.

a windows app => try the windows forum

Also try google / but many viruses rename themselves to hide
Also it could be junk they installed themselves

If the registry is broken then a reinstall of windows probably won't fix it.
Systemrestore/Clean install of window.

7aken

Originally Posted by Mac daddy
if you read the charter you will know were to post - this forum is discussions about exploits. is it not an exploit i wrote about?

run adaware, spybot IN SAFEMODE!!, post the hijack this log file good point

Read the stickies here and on windows and on computers - all known malware removal tools are in there. im not looking for tools/apps , if anything im telling people to avoid this one (ie- the cleaner by moosoft)

a windows app => try the windows forum

Also try google / but many viruses rename themselves to hide
Also it could be junk they installed themselves ive searched the web to no avail, was only curios to see if anyone had met this 'exploit' before

If the registry is broken then a reinstall of windows probably won't fix it.
Systemrestore/Clean install of window. i mentioned that i wiped the harddrive


this was obviously a trojan, which by definition is an exploit, so i assumed this would be the correct place to post

puzzles

This could be a number of tojans - the reason you can't find a reference to the root file is - its name is randomly generated - a bin dump of the file (if you still have it?) should help in ID'ing the baddie.

Question - are you the kind of person that would be specifially targeted? i.e. high net worth/sensitive job role/pissed a hacker off recently?

If not then - reinstall, and do it in the most paranoid manner considitant to what you use the machine for =

i.e. if you don't store the kind of data you would be happy giving to a complete stranger on it - then no major harm done.

If you do, then move the data offline.

7aken

dont think it was anything that sinister, pissed no-one off (recently anyway). i dont get what you mean when you say

puzzles wrote:

i.e. if you don't store the kind of data you would be happy giving to a complete stranger on it - then no major harm done.

If you do, then move the data offline.

move what data offline? (i mentioned that this was three weeks ago and that i've already wiped the hdd)

thanks for the input so far guys