RE: How to get rid of two trojans

["Halverson, Chris" <chris.halverson () encana com>]

Remember he did state that he had win 2k pro
http://www.perfectdrivers.com/howto/msconfig.html this gives you the
msconfig utility for win 2k

-----Original Message-----
From: Hamish Stanaway [mailto:koremeltdown () hotmail com] 
Sent: Monday, July 05, 2004 11:23 PM
To: vi () vizo com; security-basics () securityfocus com
Subject: RE: How to get rid of two trojans


Hi there VI,

Have you had the chance to look into the registry (specifically in the run 
keys), and see if either of the trojans have made strange entries in there? 
If you are a bit afraid of editing the registry, using the "msconfig" GUI 
might be a little more user friendly.
If you find that there are registry entries, restart in safe mode (pressing 
F8 during preliminary boot up), and check that the trojan(s) haven't found a

way to run (pressing ctrl + alt + del & looking for the trojans in the 
running processes) - if they have then close them, remove the registry 
entries (or uncheck them in MSconfig), delete any trojan related files (but 
be sure to check they arent critical windows files!) and you should have no 
further problems.
If you do, drop me a line and we can look into things a little further.

Warmest of regards,

Hamish Stanaway

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Owner/Operator
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com




> From: "VI" <vi () vizo com>
> To: <security-basics () securityfocus com>
> Subject: How to get rid of two trojans
> Date: Sun, 4 Jul 2004 12:25:27 +0300
> MIME-Version: 1.0
> Received: from outgoing3.securityfocus.com ([205.206.231.27]) by
> mc10-f29.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 5 Jul 2004

> 21:16:12 -0700
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 
> A0D28237004; Mon,  5 Jul 2004 22:25:12 -0600 (MDT)
> Received: (qmail 21330 invoked from network); 4 Jul 2004 09:20:07 -0000
> X-Message-Info: 6sSXyD95QpWe7S8jobhZikHnkX3GnGVB
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Message-ID: <20040704092212.12944.qmail () mail2 securityfocus com>
> X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> Thread-Index: AcRhqJVVrlfkoSoRRFyJgeHTgK/Ixg==
> Return-Path: 
> security-basics-return-29129-koremeltdown=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 06 Jul 2004 04:16:12.0976 (UTC) 
> FILETIME=[F9333B00:01C4630F]
>
> Hi All,
>
> AVG free edition shows two trojans; IRC. Backdoor.SdBot.29.T, and
> Proxy.6.AG
> kjhbb.exe and gfhhr.exe in system32 folder but it cannot clean them. Of
> course deleting the files is no cure, because they come up again anad 
> again.
>
> Trend Micro housecall and Norton AV 2003 does not even show them.
>
> I could not find any mention of them in Symentec Web site.
>
> Can anybody help in getting rid of them.
>
> BTW, the OS is W2000 pro, and the latest patches are applied.
>
> Regards,
>
> VI
>
>
>
> -----------------------------------------------------------------------
> ----
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the 
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------------
-
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------