944,135 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Network Virus (trojan)
Ad:
Permalink
Jan 19th, 2005
0

Network Virus (trojan)

Expand Post »
OS: Win 2K
Location: Various

Problem:
About a month ago, the virus 'download.trojan' was discovered on my campus. I went to every computer that had it and deleted it (safe mode, ran anti-virus, etc.) Here in the past week, I have had that pop up more and more. It is only on a few computers. These computers were exposed to the dreaded w32.spybot virus.

I talked to my head tech, and he said that it was one computer infecting many. I have my thoughts on which one it is, but then again, it could be more than one.

I have thought about taking those computers and formatting them all over again.

Might the previous virus have left a backdoor for this other virus to come in?
What might be a way to get rid of the darn thing once and for all?

Any Ideas?
Similar Threads
Reputation Points: 56
Solved Threads: 0
Posting Pro
bluedos82 is offline Offline
588 posts
since Oct 2003
Permalink
Jan 19th, 2005
0

Re: Network Virus (trojan)

Hello,

I moved your thread into the Windoze Security forum...

We saw this one at work too, and it was pounding our network to a point that people could not print.

If you have what we had (bling.exe, o.exe, bl[1].exe) and found the registry keys with the word 'psYko' inside them, then you will also suffer the spread of this bug via the network. We had to do the safemode thing, and repair them as local admins, and also do a registry edit to all machines to RestrictAnonymous=2 instead of the default 0.

Before you do such a sweeping change to the registry, you better test it vigerously first. Leaping before swimming is unwise.

Best way to get rid of it? Linux. I hate to admit it, but XP with SP 1 or SP 2 were more difficult to keep clean from this thing than W2K. To stop the insanity, you may want to bugsniff and see what port this puppy is firing on, and if your network staff can block those ports to isolate IP segments.

Christian
Team Colleague
Reputation Points: 121
Solved Threads: 57
Posting Virtuoso
kc0arf is offline Offline
1,629 posts
since Mar 2004
Permalink
Jan 19th, 2005
0

Re: Network Virus (trojan)

Thanks for moving it. I wasn't sure where to post.
I know that you say Linux is the way to get rid of it, but I am bound by a group of technicians that have to have Winderz.

Which keys did you edit? Just the ones that had the words psYko in them? Or... which ones?
Reputation Points: 56
Solved Threads: 0
Posting Pro
bluedos82 is offline Offline
588 posts
since Oct 2003

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: xadssjt-a.offer
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Pls help with this HJT log





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC