Trojan Attack

[speters]

'Am trying to remove what I understand to be a "Backdoor
Trojan" virus from my system. It seems to be, or be
related to, "svcinit.exe" in my C:\WINNT\system32
directory.

Norton AV2003 can't quarantine or delete it! I can't
delete, move, copy or rename it! My "Ad-aware" and "Zone
Alarm Pro4" didn't/can't block it either.

Any advise/opinions? Thx.

 

[Nimitt Jhaveri]

Congrats,

You have got a key logger in your machine. Removal is
going to be complicated but do the following:
1) Disconnect from all networks,
2) Kill the following process mannually (use the task
manager)
misete.exe
mite.exe
mitesvc.exe
mltcap.exe
uninstall.exe
capture.exe
svcinit.exe
mauto.exe
setenv.exe
message.exe
starrcmd.exe
wsys.exe
3) Search and remove the following files
starr_home_setup.exe.txt
wayd.chm
misete.exe
mite.exe
mitesvc.exe
mltcap.exe
uninstall.exe
capture.exe
svcinit.exe
mauto.exe
setenv.exe
message.exe
starrcmd.exe
wsys.exe
help.htm
slog.sys
whatsnew.txt
uninstall_starr.txt

This should mostly remove the key logger unless there is a
newer version to it.
Let me know if you require further help on this one.

Cheers

 

[Guest]

Thx! Is it related to "svchost.exe"?

-----Original Message-----
Congrats,

You have got a key logger in your machine. Removal is
going to be complicated but do the following:
1) Disconnect from all networks,
2) Kill the following process mannually (use the task
manager)
misete.exe
mite.exe
mitesvc.exe
mltcap.exe
uninstall.exe
capture.exe
svcinit.exe
mauto.exe
setenv.exe
message.exe
starrcmd.exe
wsys.exe
3) Search and remove the following files
starr_home_setup.exe.txt
wayd.chm
misete.exe
mite.exe
mitesvc.exe
mltcap.exe
uninstall.exe
capture.exe
svcinit.exe
mauto.exe
setenv.exe
message.exe
starrcmd.exe
wsys.exe
help.htm
slog.sys
whatsnew.txt
uninstall_starr.txt

This should mostly remove the key logger unless there is a
newer version to it.
Let me know if you require further help on this one.

Cheers
.

 

[Guest]

I got that backdoor.sinit too! I'm running xp-pro. Even following these instructions, it cannot be deleted, or quarantined. Norton AV detected it and cannot do anything with it. Looking for help before I spend the $39.95 to Symantec to have them help me delete it!

 

[Guest]

I just got rid of the Trojan Horse (backdoor.sinit). Symantec's website gave me instructions http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sinit.html . I had to try it several times but I think that I have it gone now. The trick seems to be that you need to catch the 'svcinit.exe' file located in C:\windows\system32 before it lauches. I opened Norton AV and scanned the svcinit.exe file. Of course it told me that the file was infected. I quaratined the file, then deleted it from the system. There were some registry changes from the website that had to be made. I re-booted and searched for the svcinit.exe file and could not find it. Good Luck!!