|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
July 25th 04, 05:30 AM
|
|||
|
|||
Trojan Horse Downloader
hello all,
I've recently had a trojan in my system that is really confusing me. I shut-off system restore, and rebooted into safe-mode. I deleted the file through my Anti-Virus, but when i restarted my pc the next day the same Trojan was there again. It doesnt actually excute itself, but the file downloads itself somehow. I've looked for information on it but i cant find away to get rid of it for good. Please help me. The name of it is Trojan horse Downloader.Agent.AL. It's always in "C:\Temp\BDL74125.exe". Thanks Lance Cook 
|
| Ads |
|
#2
July 25th 04, 05:30 AM
|
|||
|
|||
|
Trojan Horse Downloader
Found this in a news group. Try this....thanks to Tellco. The program he
mentions is Hijack This! which can be found at http://www.merijn.org/. ------------------------------------------------------------- Ok, first disable the System Restore feature in Windows XP (you can re-enable it again once your system is clean). Here's a link on how to do this: http://service1.symantec.com/SUPPORT...rc=sec_doc_nam Next, make sure all browser and all Windows Explorer windows are closed, then run "Hijack This!" and have it fix these entries: O4 - HKLM\..\Run: [SPELL32V] C:\WINDOWS\System32\SPELL32V.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_42.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab When done, reboot your system and bring it up in "Safe Mode" (F5 or F8 when starting Windows). At this point make sure Windows is configured to see hidden files and folders. Here's a link on how to do this if needed: http://service1.symantec.com/SUPPORT...sv=&osv_ lvl= While in "Safe Mode", find these files and delete them from your system: C:\Windows\bdlj4126.exe C:\WINDOWS\System32\SPELL32V.exe When finished, reboot your system again and bring it back up in normal mode. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start - Run - type in MSCONFIG - click OK. Once everything is enabled, run "Hijack This!" and post a new log to this thread so I can verify that we got everything. "Lance Cook" wrote in message ... hello all, I've recently had a trojan in my system that is really confusing me. I shut-off system restore, and rebooted into safe-mode. I deleted the file through my Anti-Virus, but when i restarted my pc the next day the same Trojan was there again. It doesnt actually excute itself, but the file downloads itself somehow. I've looked for information on it but i cant find away to get rid of it for good. Please help me. The name of it is Trojan horse Downloader.Agent.AL. It's always in "C:\Temp\BDL74125.exe". Thanks Lance Cook
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
