What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » TROJAN

TROJAN
Author: Message:
TheFrank
Junior Member
**

Avatar
Why Are You Reading This :refuck:

Posts: 41
– / Male / –
Joined: Feb 2004
O.P. TROJAN
can anybody help me delete this DUMB trojan, that wont go away... the pic tells you what shows up at start-up, and i do what it says, and it still wont leave!!!

.bmp File Attachment: help.bmp (170.07 KB)
This file has been downloaded 268 time(s).

This post was edited on 05-30-2004 at 04:50 AM by TheFrank.
I Need To Get Rid Of MSBB.EXE!!!!!:|its driving me crazy...:P
05-30-2004 04:49 AM
Profile E-Mail PM Find Quote Report
Guido
Elite Member
*****

Avatar
Design is Safety

Posts: 4566
Reputation: 50
37 / Male / Flag
Joined: Dec 2002
RE: TROJAN
This might help:

http://securityresponse.symantec.com/avcenter/ven...ackdoor.sdbot.html

05-30-2004 05:50 AM
Profile E-Mail PM Web Find Quote Report
DJeX
Veteran Member
*****

Avatar


Posts: 1138
Reputation: 11
– / Male / –
Joined: Jul 2003
RE: TROJAN
That would help if the link worked...

Try this:

1. Get into DOS and delete the C:\WINDOWS\system32\windates.exe (Type del C:\WINDOWS\system32\windates.exe at the C:\ prompt)

2. Then restart back into Windows (You may get some invalid link or file not found messages come up but that’s normal since the Trojan has spread it self to the start up part of you computer.)

3. Check through your Win.ini for any line with the file name windates.exe. (If found delete it)

4. Save it then check the run portion of your registry for that file name. (Not recommended if you don’t know what you’re doing)


*This is just a rough instruction on some ways to get rid of it, so get creative. :)

<EDIT>
The link does work, just not on my computer :P
</EDIT>

This post was edited on 05-30-2004 at 06:09 AM by DJeX.
[Image: top.gif]
05-30-2004 06:07 AM
Profile PM Web Find Quote Report
Varish
Full Member
***

Avatar

Posts: 326
37 / Male / –
Joined: Apr 2004
Status: Away
RE: TROJAN
the link does work :S
[Image: sig.png]
05-30-2004 06:53 AM
Profile PM Find Quote Report
TheFrank
Junior Member
**

Avatar
Why Are You Reading This :refuck:

Posts: 41
– / Male / –
Joined: Feb 2004
O.P. RE: TROJAN
the link dont work, and i dont undertsnas the .ini file thing.... its complicated....:( and i have to fix it soon, cuz it keeps restarting my computer... and it wont go away!! i wish i could kill the ppl who make virus's and the ones who did virus's! i hate virus's and their makers!!!!!!!!!!!!
I Need To Get Rid Of MSBB.EXE!!!!!:|its driving me crazy...:P
05-30-2004 02:33 PM
Profile E-Mail PM Find Quote Report
Kryptonate
Veteran Member
*****

Avatar

Posts: 2874
Reputation: 23
38 / Male / –
Joined: Jun 2003
RE: TROJAN
what's your antivirus?
05-30-2004 02:36 PM
Profile E-Mail PM Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: TROJAN
quote:
Originally posted by Kryptonate
what's your antivirus?

Its avg :)

quote:
Originally posted by DJeX
The link does work, just not on my computer :P

in your run prompt type this (or copy and paste)
code:
notepad.exe %systemroot%\system32\drivers\etc\hosts

you should see the following in your hosts file
quote:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

if you see anything else, delete it, reason for that is this file is ment for redirecting websites.



In order to fix the issue try this. (The Trojan) CTRL+Alt+Del and End Program or Process windates.exe
Click on Start > Run > type msconfig then click ok
Click the Startup Tab
Uncheck windates.exe or windates

then click on Start > run > (copy and paste the next line) del %systemroot%\system32\windates.exe

and you should be ok

This post was edited on 05-30-2004 at 03:49 PM by matty.
05-30-2004 02:52 PM
Profile E-Mail PM Find Quote Report
Kryptonate
Veteran Member
*****

Avatar

Posts: 2874
Reputation: 23
38 / Male / –
Joined: Jun 2003
RE: TROJAN
Try to get windates.exe quarantained.

If this doesn't help:
1. Terminate the process (CTRL + ALT +Delete >> Processes >> windates.exe).

2. Go to Start >> Run >> regedit >> \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete any of the following values that you find, or any value that refers to the file, which is detected as the Trojan:

"Configuration Manager"="Cnfgldr.exe"
"System Monitor"="Sysmon16.exe"
"MSSQL"="Mssql.exe"
"Configuration Loader" = "aim95.exe"
"Internet Config" = "svchosts.exe"
"System33" = "%System%\FB_PNU.EXE"
"Configuration Loader"="cmd32.exe"
"Windows Explorer"="Explorer.exe"
"Configuration Loader"="IEXPL0RE.EXE"
"Configuration Loader"="%System%\iexplore.exe"
"Sock32"="sock32.exe"
"Configuration Loader"="MSTasks.exe"
"Windows Services"="service.exe"
"Registry Checker" = "%System%\Regrun.exe"
"Internet Protocol Configuration Loader" = "ipcl32.exe"
"syswin32" = "syswin32.exe"

Don't worry about programs needed by Windows to operate good. They don't appear on this list.

Close down the registry and it won't restart your computer anylonger and it won't be started when Windows boots.
05-30-2004 03:09 PM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On