# Looking for help with some Trojan Viruses....



## captnigh (Jul 26, 2004)

These things are nasty - check this out---
I noticed my homepage was being reset to "blank" and I was getting all these pop-ups for spyware. I use spybot S&D at least once a week, so I'm wondering..... I update S&D, run a scan - - nothing.....
Run a complete scan on Norton - - nothing....
Scan using Trend Micro, Explorer crahes and now Norton detects a Backdoor Trojan.... So I disable System Restore and Re Boot in Safe Mode to do a full system scan with Norton and I still come up with zip, even though I have an alert from Norton on my screen!
So I do try a full system scan with Tren Micro and it comes up with two Trojans, uncleanable and all attempts to quarantine fail...
nasty....
I'm starting to think "format".....
Anyone have some advice?
Thanks in advance.....


----------



## Bob Hubbard (Jul 26, 2004)

What virus?

Also, see http://rustaz.com/writings/nonfiction/compcorner3.htm


----------



## captnigh (Jul 26, 2004)

One was identified as Trojan.AC and existed in a file .hppgledf.dll (that might not be the exact filename - I'm at work/my home rig is infected)  the other was identified as A Trojan.startpc(?) and existed in pom.dll - both in windows folders.......


----------



## Bob Hubbard (Jul 26, 2004)

ok, I did a search...that one's a *****....

http://www.cybertechhelp.com/forums/archive/index.php/t-33239.html

It's a bit on the 'advanced user' side....I'm looking to see if theres a simplier way....


----------



## Hagakure (Jul 26, 2004)

The best thing to do is run msconfig and disable all start-up items then reboot. This should stop the virus from being able to run.


----------



## Taimishu (Jul 26, 2004)

If you go to this site
http://www.bulletproofsoft.com/
you can download a free scan/removal tool.
It cleared my comp of trojans that adaware and spybot s&d missed

David.


----------



## captnigh (Jul 26, 2004)

thanks for the advice, guys.
I'm gonna try and fix this problem tonite....I'll let you know how it pans out.....
Hopefully I won't have to dump everything and re-install - I hate that....


----------



## captnigh (Jul 27, 2004)

I nailed the virus in pom.dll, but I can't get rid of Trojan AC...
Although Trend Micro and Norton alert that they detect a virus, (Trend Micro calls it Trojan AC, Norton calls it Backdoor Agent B) , scans by both find nothing......
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AC
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.html
Both sets of removal instructions (links above) are off....
I'm not able to find anything where they tell me to look in the registry....When I rename the "windows" subkey in - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
I wait, then change it back - I look in AppInit Dlls and there are no values listed.... I also can't find anything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I am posting this in hopes of someone being able to point out a mistake I might be making....any help would be appreciated.....


----------



## Taimishu (Jul 27, 2004)

Have you tried a search for the specific virus/trojan?
Sometimes there is a dedicated removal tool/process.
Its worth a try as some of these can be right pigs to shift.

David


----------



## captnigh (Jul 27, 2004)

I found and tried a fix tool for this particular virus, but it didn't detect a Trojan AC virus.... It's strange - as if, even though it's being ID'd as a Trojan AC virus, it's something else......


----------



## PeachMonkey (Aug 12, 2004)

This probably isn't what you want to hear, but many (most?) security professionals recommend that a machine that is so perniciously infected with a trojan have its critical data backed up to removable media, then be completely wiped and reinstalled, off the network, using safe media for OS, patch, antivirus, and anti-malware software.


----------

