Security Basics mailing list archives

RE: Trojan.Lodear.B/Trojan.Lodav.A

From: "dave kleiman" <dave () isecureu com>
Date: Tue, 15 Nov 2005 17:06:27 -0500

Joe,

You might try the following it is quite detailed:

---------snip----------
We would like to introduce visitors to an exciting and valuable new resource
available at CastleCops called the Malware Removal and Prevention procedure.
This procedure is designed to enable users to either partially, or fully
clean their systems without the direct aid of an expert. It provides
instructions on how to perform a series of antispyware, antivirus and
antitrojan scans, as well as, run a system cleaning utility. The generalized
scanners we recommend are intended to address a broad spectrum of malware
including adware, spyware, trojans, viruses, and browser hijackers. Soon it
will become standard practice for all HijackThis (HJT) posters to perform
malware removal before posting a HJT log. The ideas and suggestions of
numerous staff members have contributed to the development of the final
product. We even took a staff poll to decide on a name but such catchy
monikers such as "Purging the Parasites" and "Zapping the Crap' were
rejected in favor of the humdrum but more descript Malware Removal and
Prevention (MRP).

Malware removal and prevention procedure:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

More information about it (continued...):
http://castlecops.com/a6341-Malware_Removal_and_Prevention_Procedure.html

---------snip----------


And, if it is not successful you can utilize the CastleCops HJT forum.  Both
are free!!

Regards,


Dave



     -----Original Message-----
     From: Joe George [mailto:j.george () conservation org]
     Sent: Tuesday, November 15, 2005 14:50
     To: security-basics () securityfocus com
     Subject: Trojan.Lodear.B/Trojan.Lodav.A

     Hi all,

     I have a workstation that was compromised by the Trojan
     mentioned in the subject, after the end user opened an
     infected .ZIP file. I followed the instructions Symantec
     recommended.  I used their removal tool because I was not
     able to access the registry.  I also installed the
     UnHookExec.inf in an attempt to reset the
     shell/open/command reg keys, per the article.  I was still
     not able to access the registry.  I ran the removal tool
     several times in normal and in safe mode and each time it
     would detect and terminate the Trojan process running in
     explorer.exe.  Before one removal tool run, I ran
     Winternals Process Explorer, but nothing was found.  I ran
     two anti-virus scans but did not find anything after the
     initial detection.  Is there anything that I have not
     tried that someone can suggest? I'm about ready to run a
     repair on Windows, but not ready to rebuild, as I am
     concerned there maybe more workstations that have been
     just as compromised.

     Thanks in advance.

     --
     Joe George
     IT Janitor
     x349

Current thread:

Trojan.Lodear.B/Trojan.Lodav.A Joe George (Nov 15)
- RE: Trojan.Lodear.B/Trojan.Lodav.A dave kleiman (Nov 16)
- Re: Trojan.Lodear.B/Trojan.Lodav.A Brad Spangler (Nov 16)
- <Possible follow-ups>
- Re: Trojan.Lodear.B/Trojan.Lodav.A mjcarter (Nov 16)