General discussion

Locked

Virus or Trojan

By robby ·
I am trying to remove either a Trojan or a Virus from a clients computer. They are running XP Home w/Nortons 2003 AV. In Windows Task Manager the process(es) running are Ynu10vj.exe and Lbf38.exe. Every time I end process it returns with either a different name (Yak3x9EP/Bsbjbh6.exe) and is using usually around 80% of CPU. I cannot download the updates to Windows XP while on line and Norton's returns No Viruses Found. Did a search through the Registry and found no matches. What is running? Tried a search through Symantecs site, no joy. Somebody must have run across this before. I removed 178 spyware instances (Search & Destroy) and cleaned the cookies as well as history. Someone point me in the right direction.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by pierrejamme In reply to Virus or Trojan

Not much to go on. Are you turning off restore when you scan, see:http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Here are a few other things to check.
Look in msconfig and see if something strange is in startup or remove startup altoghether and reboot to see if it stops.

Look in the hosts file and make sure it looks like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


Try SpySweeper from www.Webroot.com, it will find things that Adaware and SpyBot Search and Destroy don't.

Collapse -

by robby In reply to

Poster rated this answer.

Collapse -

by Chris910 In reply to Virus or Trojan

Try downloading a tool called HijackThis. it is best to download it from a site like www.cnet.com as several of the browser hijacks have incorporated stuff to keep you from going to the home site www.spywareinfo.com/~merijn/. Be Careful using this tool it can also remove good stuff. there are forums where you can post the output from the program and people will help you figure out what needs to be removed.
Good Luck.

Collapse -

by robby In reply to

Poster rated this answer.

Collapse -

by rindi1 In reply to Virus or Trojan

You can try to boot into safe mode and the remove the Virus from Autostart from there. If that doesn't help, you can try creating a emergency boot disks with NAV on another, virus-free PC, make them read only an then boot your affected PC with those disks and try cleaning it that way. I'm not sure it the boot disks of NAV can write to ntfs partitions, though. Chack on the Symantec site for help on that.

Markus

Collapse -

by robby In reply to

Poster rated this answer.

Collapse -

by DSC In reply to Virus or Trojan

Malware has progress into a formable tool to be used by script kiddies in attacking your system. By using spyware programs to gain access or root services. You should be aware if you had deleted that many spyware instances from the computer, you have a trojan, which supplies or rebuilds the malware when it can not access the net to do it. You must opt for a cut off point for these instances. Dos based virus scanner, remove directories from program files which are spyware, and clean registry. Hard task to do, not all anti-spyware programs will clean the computer at the point it has reached. You next option is to re-do the entire system, if you can't stop the instances from occuring by using an dos based approach. Have your client to invest into disk imaging software, get a good disk image from a safe installation point, and re-image the drive back to normal, if it occurs again. This is a session of lessons learned.

Collapse -

by robby In reply to

The truest answer. And the one I already knew

Collapse -

by Gh0ztALArM In reply to Virus or Trojan

A trojan is a virus, if im not mistaking. if it was me? log off internet if any, restart pc, do the 3 key soulute "ctrl alt del" find the program your looking for, and do a search on it. when it pops up, click the secondary mouse button on it, and select "open containing folder" it should be on top. Try to delete the folder and such "but stop the processes first"

Collapse -

by robby In reply to

Poster rated this answer.

Back to Security Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums