Thread: a possible virus?
10-14-2003, 11:15 PM #1
a possible virus?
can anbody tell me what this extension does? basically my computer starts to reproduce a window and it produces faster than i can close them. i think this might be the culprit...any ideas?
here is the application:
10-15-2003, 12:06 PM #2
Looks like a worm/trojan or a backdoor program. Anything exe is potential virus or dangerous program. However tell me more about where this exe file is running? FOr example in startup? Msconfig? Running as a service. This file does not appear to be a regular windows file. Tell me more on this file.
10-15-2003, 01:50 PM #3Originally Posted by Sicilian30
10-15-2003, 06:33 PM #4
hey, i found out i have the w32.spybot.worm but how do i remove it?
10-15-2003, 06:53 PM #5VET
- Join Date
- Sep 2001
do you have an anti virus program ??
10-15-2003, 07:09 PM #6
yes i do
10-15-2003, 07:10 PM #7VET
- Join Date
- Sep 2001
will it not remove it ???
10-15-2003, 08:50 PM #8
You can download a stinger program from your anti-virus software's website usually.
A stinger would remove that worm.
10-16-2003, 02:33 AM #9
i tried the stinger from McAffee, anyways, i went through this long instruction how to remove it, if I post this response and it doesn't start multiplying, then i have successfully done it
10-16-2003, 02:33 AM #10
10-16-2003, 02:56 PM #11
yes, most trojan's are simple in nature well as far as removal. most backdoor trojan's I say Most, usually don't replicate, because they normally rely on one file to execute. Depending on how complex the programmer wants to make the trojan, determine's how it is used, and how it works.
10-16-2003, 06:04 PM #12
i had 54 infected files Sicilian! it sucked and when i went through a second scan after i thought i removed 4 more were infected, anyways, being a complete idiot with computers, i removed a server for WinMx that you were talking about, anyway, i removed it and reinstalled and still the same problem
10-17-2003, 01:02 PM #13
It might be Sub7 trojan...I know the guy that created it, but it doesnt have too many destructive purposes rather then editing the autoexecute file (which is VERY serious) especially if the string "Rundll user,exitwindows" is put into it. Or they can disable your keyboard permanently. If you have sub7 click start, run, type in msconfig, and click the startup and check for any randomly named EXE files, also check the services tab and see if there are any randomly named exe files like you mentioned in your first post. Good luck.
10-17-2003, 02:13 PM #14Originally Posted by hoss827
Now if you are referring to an exe file, which could potentially "auto execute", then the term is not autoexecute file. It is simply an executable file loading in as a startup item or as a service.
Secondly there is about 5-10 different version of this thing. I seriously doubt if this particular person knows who wrote the Sub 7 Trojan.
Fortunately, this particular trojan opens up a port and this particular virus does not load as a service. So looking for it as this person suggested will be a waste of your time. If you have an updated virus scanner, UPDATED BEING THE KEY WORD HERE, run it. I guarantee it will pick up the sub 7 basing the chance that it isn't something really new. If that is the case, virus programs will catch up with them in a day or so.
here is something to consider. If you indeed had a backdoor trojan as you mentioned, the simple fact is if the hacker was getting in, and if he did have control of your system, he could've literally done anything. Like delete a dll, ole, or even opened another vulnerbilty or port to tunnel back in. Fact of the matter is, most trojan's, require removal, THEN a patch to be installed to prevent hackers from getting back in and reinfecting your computer. symantec also makes removal tools for free downloads, so that you can clean your computer. Symantec has a very informative website, on just about every virus out there, all you have to do is search for it. they give you instructions on how to remove it, and in most cases points to the tool used to remove it.
Good luck here are some links to prove my point:
here are some free tools if you are infected with any viruses that may require you to run a patch to properly clean them. Most you have to run in safe mode.
******Oh by the way, I just read what kind of virus you had, here is a detailed website on how to properly clean it, sounds to me like you still are infected and did not get the virus completely out of the system. Follow these instructions verbatum and see if your problem is fixed. Here is the link:
10-17-2003, 02:51 PM #15
At least I know I'm thinking at the same level as a computer expert. I followed those directions a couple of days ago and I removed the virus. But about the Winmx problem....how do i fix that...i removed a file that had a zero value that had something to do with a socks proxy server...now I can't get on winmx.....Sicilian, if you want you can give me your email addy or we can keep corresponding like this...thanks for your help so far bro!
10-17-2003, 03:01 PM #16
I think I know your problem. Go into winmx, as if to open it, it may not connect. Then click on "settings", then outgoing TCP connections. click on "Don't use Socks Proxy (connect directly). That will probally do it. Sock Proxies are used when you have a firewall that wants to get out using secure socks proxy. Older firewalls and proxy's use this feature. ICQ uses socks on some Proxy servers etc.
If this does not work, PM me I will see if I can help you.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)