Member Avatar for bluedos82

OS: Win 2K
Location: Various

Problem:
About a month ago, the virus 'download.trojan' was discovered on my campus. I went to every computer that had it and deleted it (safe mode, ran anti-virus, etc.) Here in the past week, I have had that pop up more and more. It is only on a few computers. These computers were exposed to the dreaded w32.spybot virus.

I talked to my head tech, and he said that it was one computer infecting many. I have my thoughts on which one it is, but then again, it could be more than one.

I have thought about taking those computers and formatting them all over again.

Might the previous virus have left a backdoor for this other virus to come in?
What might be a way to get rid of the darn thing once and for all?

Any Ideas?

  • 2 Contributors
  • 2 Replies
  • 123 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by bluedos82

Recommended Answers

All 2 Replies

Member Avatar for kc0arf

Hello,

I moved your thread into the Windoze Security forum...

We saw this one at work too, and it was pounding our network to a point that people could not print.

If you have what we had (bling.exe, o.exe, bl[1].exe) and found the registry keys with the word 'psYko' inside them, then you will also suffer the spread of this bug via the network. We had to do the safemode thing, and repair them as local admins, and also do a registry edit to all machines to RestrictAnonymous=2 instead of the default 0.

Before you do such a sweeping change to the registry, you better test it vigerously first. Leaping before swimming is unwise.

Best way to get rid of it? Linux. :) I hate to admit it, but XP with SP 1 or SP 2 were more difficult to keep clean from this thing than W2K. To stop the insanity, you may want to bugsniff and see what port this puppy is firing on, and if your network staff can block those ports to isolate IP segments.

Christian

Member Avatar for bluedos82

Thanks for moving it. I wasn't sure where to post.
I know that you say Linux is the way to get rid of it, but I am bound by a group of technicians that have to have Winderz.

Which keys did you edit? Just the ones that had the words psYko in them? Or... which ones?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.