 |  |  |  |  |  |  |  |
Network Virus (trojan)
 |
OS: Win 2K
Location: Various
Problem:
About a month ago, the virus 'download.trojan' was discovered on my campus. I went to every computer that had it and deleted it (safe mode, ran anti-virus, etc.) Here in the past week, I have had that pop up more and more. It is only on a few computers. These computers were exposed to the dreaded w32.spybot virus.
I talked to my head tech, and he said that it was one computer infecting many. I have my thoughts on which one it is, but then again, it could be more than one.
I have thought about taking those computers and formatting them all over again.
Might the previous virus have left a backdoor for this other virus to come in?
What might be a way to get rid of the darn thing once and for all?
Any Ideas?
Location: Various
Problem:
About a month ago, the virus 'download.trojan' was discovered on my campus. I went to every computer that had it and deleted it (safe mode, ran anti-virus, etc.) Here in the past week, I have had that pop up more and more. It is only on a few computers. These computers were exposed to the dreaded w32.spybot virus.
I talked to my head tech, and he said that it was one computer infecting many. I have my thoughts on which one it is, but then again, it could be more than one.
I have thought about taking those computers and formatting them all over again.
Might the previous virus have left a backdoor for this other virus to come in?
What might be a way to get rid of the darn thing once and for all?
Any Ideas?
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
Hello,
I moved your thread into the Windoze Security forum...
We saw this one at work too, and it was pounding our network to a point that people could not print.
If you have what we had (bling.exe, o.exe, bl[1].exe) and found the registry keys with the word 'psYko' inside them, then you will also suffer the spread of this bug via the network. We had to do the safemode thing, and repair them as local admins, and also do a registry edit to all machines to RestrictAnonymous=2 instead of the default 0.
Before you do such a sweeping change to the registry, you better test it vigerously first. Leaping before swimming is unwise.
Best way to get rid of it? Linux.
I hate to admit it, but XP with SP 1 or SP 2 were more difficult to keep clean from this thing than W2K. To stop the insanity, you may want to bugsniff and see what port this puppy is firing on, and if your network staff can block those ports to isolate IP segments.
Christian
I moved your thread into the Windoze Security forum...
We saw this one at work too, and it was pounding our network to a point that people could not print.
If you have what we had (bling.exe, o.exe, bl[1].exe) and found the registry keys with the word 'psYko' inside them, then you will also suffer the spread of this bug via the network. We had to do the safemode thing, and repair them as local admins, and also do a registry edit to all machines to RestrictAnonymous=2 instead of the default 0.
Before you do such a sweeping change to the registry, you better test it vigerously first. Leaping before swimming is unwise.
Best way to get rid of it? Linux.
I hate to admit it, but XP with SP 1 or SP 2 were more difficult to keep clean from this thing than W2K. To stop the insanity, you may want to bugsniff and see what port this puppy is firing on, and if your network staff can block those ports to isolate IP segments.Christian
Thanks for moving it. I wasn't sure where to post.
I know that you say Linux is the way to get rid of it, but I am bound by a group of technicians that have to have Winderz.
Which keys did you edit? Just the ones that had the words psYko in them? Or... which ones?
I know that you say Linux is the way to get rid of it, but I am bound by a group of technicians that have to have Winderz.
Which keys did you edit? Just the ones that had the words psYko in them? Or... which ones?
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
|
Similar Threads
- Help Please!!!!!! I Think I Got A Virus/trojan/worm (Darwin, X11 and BSD)
- Virus/Trojan preventing startup (Viruses, Spyware and other Nasties)
- Virus or Trojan? (Viruses, Spyware and other Nasties)
- ABI Network Trojan Horse (Viruses, Spyware and other Nasties)
- Unable to get rid of Hacktool.rootkit virus(/Trojan) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: xadssjt-a.offer
- Next Thread: Pls help with this HJT log
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
