MS AS and NAV05 hit by trojan

P

PVC

I have been trying to fix a laptop which has been hit by
something that stops Norton 2005 working and disables MS
antispyware. Have run Adaware, spybot, spy catcher,
Avast, AVG, CWS but can not fully get rid of it,
everytime I think I am there, it will hit again. It does
not hijack the browser as such, but when at my hompage
(Google) and you search on anything, it brings you to a
page which looks like a google search results page, but
is full of porn sites referals. Also desktop is replaced
with a black screen with "! Warning you are in danger"

Any one know what this is ?
 
R

Ron Kinner [MVP]

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Open it and Scan and Save Log then send me the log.

I'll give you a clue now:

Right click on an empty area of your Desk Top
Click on Properties
Click on Desk Top tab (may not be there depending on OS
and how you are setup)
Click on Customize Desktop button (may not be there
depending on OS and how you are setup)

" " Web tab
then UN-select anything that is selected in the WEBPAGE
box.
Click OK

It may come back right away but that's where the desktop
warning is coming from.

Ron

(e-mail address removed)
 
B

Bill Sanderson

I think it is likely that you have multiple critters, at least one of which
is a trojan. You need to be behind a firewall that controls outbound
traffic, or disconnect from the Internet as much as possible.

The only known trojan that targets Microsoft Antispyware so far is this one:

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.a.html

However, the behavior of also targetting NAV is not something I've heard
about this particular trojan, although others and other viruses have been
doing this for years.

Nortons defs as pushed by Liveupdate should have detected this one, but only
yesterday, as I recall--I think there were 2/10 by Intelligent Updater, and
2/16 pushed via LiveUpdate.

One approach might be to download the intelligent updater defs that are
current, restart in safe mode, and see whether you can then update Nortons
defs and run it. If you can scan with current definitions in safe mode, it
should be capable of cleaning this, I think.

Otherwise, you are going to need another cleaner. I don't recommend going
for an online scan at this point, but maybe Trend Micro's System Cleaner
would be appropriate:

http://www.trendmicro.com/download/dcs.asp

Get the Sysclean package at the above url.

Then get the latest pattern file zip from here:

http://www.trendmicro.com/download/pattern.asp

and place the unzipped result in the same folder as sysclean.

Restart in safe mode and run sysclean. If that isn't possible, pull the
Internet plug and run sysclean.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CWShredder not infallible? 2
Cleaning tips 1
LSA Shell & Infected, embedded Trojan horse Dropper.Agent.6.W 1
symantec identified as spyware by ms antispyware 5
Compatibility issue with MS Updates application and other questions 7
HELP: Three unknown services K.EXE, GXF.EXE and FRLCT.EXE - anyone any ideas? 23
Hijacking that can't be fixed???? 1
CWS Virus and Corrupt Notepad.exe 8

Top