Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Trojan?

Options
  • 20-09-2002 7:58am
    #1
    Patrick
    Registered Users Posts: 197 ✭✭


    I downloaded a file from kazaa - 120mb or so and noticed it was named "whatever.zip.exe" so I was suspicous obviously. My curiosity killed me though. I just had to run it. After double clicking a dos box opened for a second and then closed. I then deleted this .zip.exe. Now I wondering if I'm infected with a trojan? I have got a trojan scanner off the net but it can't find any infected file. It detects that port 5000 is open however. I have read that this could be harmless and only for XP's Plug and play Parser. I'm going to try and setup a linux firewall to monitor suspicious connections hopefully if I find the time over the weekend. Is there any way I can be sure this XP machine has no trojan?


Comments

  • Options
    #2
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    You have most likely recieved one of the viruses that floats around the gnutella network on Windows machines.

    Some people think that record companies have invented these viruses to fill the gnutella network with spurious matches of a search.

    Par example I do a search in gtk-gnutella for
    "Some song by Massive Attack" and I get results like
    "Some song by Massive Attack.zip"
    "Some song by Massive Attack.exe"
    "Some song by Massive Attack.zip.exe"
    "Some song by Massive Attack.rar"

    These are all symptoms of the same virus infecting a Windows machine that is on the gnutella network and propagates via the gnutella network.

    In short once you ran the executable you infected your computer with (most likely) the same virus that shows all of those spurious entries when you search the gnutella network.

    You will have to get and or update your virus protection to get rid of this, else you will be spreading that virus throughout the gnutella network et al baby.

    EOF.


  • Options
    #3
    daveirl
    Closed Accounts Posts: 14,483 ✭✭✭✭daveirl


    This post has been deleted.


  • Options
    #4
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    Well those are Windows clients and umm since I don't use Windows.

    In any case it is still the case you have a virus that is propigated by via a peer to peer network (most likely anyway).

    I suppose it could be the worlds first beneficial Trojan.............


  • Options
    #5
    daveirl
    Closed Accounts Posts: 14,483 ✭✭✭✭daveirl


    This post has been deleted.


  • Options
    #6
    deimos
    Closed Accounts Posts: 210 ✭✭deimos


    Well 120mb is a pretty large trojan.....

    I would just check all the possible places in the registry where it could be booted from(i could tell you their adresses, but i dont have winblowz). I think it was HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current\Run

    also check autoexec.bat for boot time viruses and check the system.ini and the win.ini for anything else suspicious.

    Get some anti virus!

    gnewtellium is also a fire sharing program for linux.


  • Advertisement
Advertisement