Trojan problem- can't get rid of it

[RadioSouth]

Great to see this new forum. I've got an issue for the last week but didn't want to post on other Batlabs categories due to this being off-topic but I guess it's on topic in this forum. Guess I'll be the 1st to post here.
I'm not very computer literate, just enough to squeak by (barely). I'm sure people have had worse 'trojan' problems than I have here, this one's with the computer. Here's the problem: I rountinely run a McAfee virus program provided thru AOL. On the routine run the other day I get a message stating there's an infected file Name: ld825f.tmp Trojan name: Downloader-AQW I go to the McAfee menu and this item cannot be cleansed or deleted so I quarantine it. Every time computer is booted up and I run McAfee I'm detecting a Trojan by the same name but a different file name. They all appear in the System 32 folder. Other names I've detected are ld8c51, ldc51, ld851e.tmp, ld2e4.tmp, id6c4c.tmp and it's always the same situation can't cleanse or delete so I quarantine them but somethings replicating. I submitted these Trojans to McAfee's AVERT system hoping to get some assistance but so far Nada. Anyone have a clue on this ? Happy New Year to all.

[wavetar]

Yeah, trojans can be a real pain in the arse. Although updated anti-virus softwares can usually detect them, they usually do a crappy job of handling them. Have you tried any spyware tools? They generally do a much better job of getting rid of trojans. I recommend AdAware...it's fast, it's free, and it usually does the job. You can download it here.

Once you install it, be sure to use the 'update' feature first so it'll have the latest definitions in it's database. Then run the scan. Allow it to fix whatever it finds & you should be good to go.

I'm assuming you haven't done the above. Let us know how it goes, or if you already did it.

Todd

[bnn121]

RadioSouth,

1) Get rid of MacAfee...if you can and install AVG free version or purchase NOD32 Antivirus.

Also...take a look at this page

http://www.members.shaw.ca/pccruiser/ar ... pyware.htm

It’s a bit lengthy...but has everything you need to fix your problem...Are you using a software based firewall by chance? Something like zone alarm or sygate? If not you really should...a lot of these virus, Trojans and malware...install on your system and call home...A software based firewall can allow you to control all your incoming and outgoing connections

[kf4sqb]

Computer/Technical Assistance? Cool! Glad to see this forum added.

RadioSouth, I have to agree with bnn121. MacAfee is total junk. So is Norton, for that matter. Go visit Grisoft's website here, and download and install AVG. Totally free, unless you are using it for a business or something. Private home use is free, unlimited lifetime updates. I know of instances where fully updated copies of both Norton and MacAfee missed several viri (isn't that the plural of virus? ), but AVG nailed them. I will also highly recommend AdAware. Good luck!

[kb0nly]

Another vote for AVG.. I like it so much that i purchased it after using the free one for a while. Yeah i know, could have stayed on the free one, but i figure those boys need some cash to keep it going.

I used to have Norton, had it ever since the mid 90's, and i used it on my computers and all of my customer's computers. But as of lately i have really got sick of them. Ever since the 2004 version there has been a huge hit on system resources, it really drags the computer down and hogs memory and cpu cycles even when its not doing much of anything and just running in the tray. The next thing that has always annoyed me, you buy the latest version for $59.95 at Wally World and you only get a one year subscription update! Then at the end of the year its pay up or move on. You can do a clean uninstall of Norton and reinstall it and get another year free, as long as you do so BEFORE it expires. When it expires it sends a notice to them that CD Key so and so has expired. From that point on you have a 50/50 shot of reinstalling and getting another year free. Been there done that!

McAfee has always been horrible. It's not as user friendly in my opinion, and the protection is lousy. I have seen it miss some very common infections.

Best bet, get AVG free and scan away. http://www.free.grisoft.com You will probably be amazed how much crap it will find on a system that has been running any length of time on the internet while being protected by another AV solution.

If your using the McAfee or Norton Internet Security and your worried about a firewall get Sygate Personal Firewall, it's all i use from now on. I have really been won over by its protection. You can download a free version of it. HOWEVER.. There is a big problem that has me really pissed off. Symantec, yep those BD's that made Norton, bought out Sygate's software. For now it's still a good option, but they are discontinuing the product line because it's going to be used by Symantec to better their firewall.

Zone Alarm is another good free and full version paid firewall, but i have had far too many issues with it to use it myself, or recommend it without saying "try at your own risk". I had it for a while and kept having random problems with it blocking one program or another which had already been set to always allow. I had to delete the entire programs list and start from scratch every few days for some unknown reason.

And when it comes to adware and spyware you just can't beat Adaware for a freebie scanner! Some of the others i have and use are Pest Patrol and Spy Sweeper. I have tried many many programs of this nature and those are my top three by far.

I am very very happy to see this addition to the Batboard. Computers and radios go together like peas and carrots, and since we are on the computer to be here, only since i can't seem to get DSL connected to my brain yet, it has a good reason for being here.

Happy New Year!

Scott

AKA: The Computer Doctor

[Tom in D.C.]

Here's another vote for AVG. I think it's the only way to go these days.

It found a trojan dialer (Ugh!) the first time I ran it.

[RadioSouth]

Thanks for the responses. Yes, both the programs I got from AOL
(McAfee and AOL's Spyware/Adware) have the latest updates. McAfee detects it but can't eliminate it and AOL's Spyware/Adware doesn't detect it. I'm also subscribing to AOL's FireWall service but in light of how poor these other 2 are working I'm now wondering how effective their Firewall
is. I'll try AVG and report back. Thnaks again !

[commtek]

AOL=spyware no matter what their commercials say. My daughter used to use their IM client, and all she got was spyware. Since I put the Trillian client on, and with the same IM and surfing habits, no spyware.
I like the AVG, but Norton Corporate is good. too. Not bloated like their home product. I also recommend Spybot and the Microsoft antispyware products. Currently using Zone Alarm for the firewall, but that is getting bloated. Looking at Kapersky to replace it.

[wavetar]

Yes, Norton Corporate Edition is excellent and is what I use on my computers...great virus protection without the HUGE system bloating of the Professional Edition. You don't even know it's running.

AVG & Avast! are also excellent free alternatives. I have also used Pest Patrol Corporate & it's awesome for spyware...too bad it isn't free like AdAware. Spybot S&D is also a great free alternative for Spyware.

Todd

[kd5wyu]

Another good tool that hasn't been mentioned is Spyware Blaster from http://www.javacoolsoftware.com/spywareblaster.html

This will prevent a lot of the spyware/foistware/malware from being installed at all.

I also highly recommend that users move away from IE and OE and look into Firefox and Thunderbird. They are much less vulnerable to drive-by installs of spyware.

Naturally, you should also keep up with your Windows updates.

-b-

[alex]

Another vote for Norton Corporate Ed. Been using that for years - I think I forget if I told Todd to buy it or not - but it's running on 2 networks I used to manage, plus the company that I now work for uses it as well. Exceptional protection, without the annoyances of the actual "end user edition" that I have seen with other people.

I think you have to buy a 5 pack, but I think it's around $100, and you should renew every year.

-Alex

[RadioSouth]

Oh well, Strike One AVG didn't detect it. I searched the Norton site and they're apparently aware of this Downloader-AQW trojan. They tell you to download the latest update and that will handle it. Well it didn't, detects it just as before but can't clean it. I found it can be deleted only after being quarantined but another just pops up in it's place. If I do a
re-format using the recovery discs does this usually kill a pesky trojan ?

[kf4sqb]

I'm truely suprised that AVG didn't find it. I wonder if you are having a problem like I've had before. I had my copy of AVG report that a stealth boot virus was on every floppy disk I put in the drive, even a brand new disk out of a sealed package.

Todd, I've also tried Avast!, but had problems with it. I installed the software, and the latest update for it, with AVG already installed and running (both companies say this will work fine). Within 30 seconds of installing the updates in Avast!, AVG reported a virus in the folder that Avast! resided in. It appearantly came in with the update file. Sounds real secure, huh?

[kcbooboo]

I've been using Avast for over a year now on several machines. Never had a problem with it. I've had friends send me infected files and it found them every time. These same files slipped right past McAfee.

I will say that I've only run one AV program in the machine at a time, wherever possible. Of course, it's impossible to completely remove any Symantec products without going through tons of manual deletions, and then you still have some remnants.

Several things I like about Avast: it runs in the background continuously (McAfee always wants to schedule itself to run); as it comes out of the box, it checks all e-mail accounts and all files, so there's very little configuration required; it updates itself routinely and automatically; tech support via e-mail is immediate, accurate, and useful; and of course the cost - free.

Bob M.

[kb0nly]

Did you fully update AVG before scanning? I know the Trojan your talking about, see it all the time, and AVG finds it and removes it no problem.

You have to run the updater a few times after installing until it says there is no updates available, reboot, and then check for updates again until it says nothing is available.

You should also look for and manually remove the registry entry that is launching the trojan at boot, then reboot the computer and scan, your chances are better of cleaning an infection if the virus is not running when doing so!

A registry entry is created to ensure the trojan is launched at startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\explorer\run

"wininet.dll"="mscornet.exe" (name of the executable may vary)

During execution a series of coded HTTP communications takes place with one of the remote sites, during which additional executables are downloaded, installed, and run on the next boot. It's a never ending cycle! It's also best to disconnect the computer from internet services will trying to remove the infection, otherwise if it's running in the background it will be downloading the next batch of infections!

If you use cable or DSL disconnect the network cable, etc. If your using dialup disconnect the phone line because it may attempt to dial out on its own at any time.

[RadioSouth]

I'm pleased to report the problem has been corrected. Yesterday after downloading and installing the AVG I then checked for updates and I was told I was up to date. After booting up today I got a message from AVG stating definitions were not up to date. Well I did the update and pow a
virus was detected, it was a different name than the one that had been dogging me but after this had been cleansed that insidous trojan was gone. Funny thing is after this full scan was done and the one virus was cleansed about 10 minutes later I got a message from the AVG resident program stating it found a Trojan which was then cleansed. I ran McAfee, AOL Spyware, and AVG again to be sure and yesiree a clean computer!
Thanks to all that helped !

[kb0nly]

AVG Strikes Again!

[kc7gr]

Heck, I was impressed enough with AVG to buy a five-user network license.

McAfee and Symantec have no place on any system in any network I run!

Keep the peace(es).

[WB6NVH]

This is water under the bridge at the moment, but you will you find that most of the free virus programs such as the online ones or the ones your ISP offers as a party favor will not remove the "Downloader" file (which I believe is actually a worm rather than a trojan, although there are about 25 variations with that name.)

This may be because part of the problem is that the files created are locked so that you can not delete them in Windows, and the other being mainly that the major anti-virus companies want you to pay for the feature of actually deleting the things. Which has caused some people to wonder who is really writing all these trojans and viruses in the first place.

I removed it from my system by first manually going into the C:\ drive and then deleting all the files which McAfee identified as the trojan/worm/whatever on the list they give you. However, about 6 of them would not delete. I then re-booted in DOS and used the attrib / command to remove the locks and then deleted them in DOS. You can find more info on DOS commands elsewhere so I won't go into them here.

A firewall should protect you from these in the future. I have had perfect results with Zone Alarm but then it depends upon the operating system and lots of other variables. W98 does not work with Zone Alarm, but then W98 doesn't have open ports either (unlike W2000, which will pick up a worm within about 5 minutes of connecting to the web if you don't have a firewall.) Zone Alarm works great with W2000 but it takes awhile to tweak it to where it runs without operator intervention.

I hear if you buy a Mac you will not have any of these issues to worry about...

[kb0nly]

Some of the free versions are crippled in that matter, however, AVG is not!

They don't cripple the free version at all, the only thing that i know of is they don't allow you to set custom scan schedules, that's the only annoyance with the free version.

Otherwise they let it just speak for itself! And if you buy it you only have to go in and input the serial you paid for and your free version is upgraded when it updates.

And yes, if i had a mac i wouldn't have to worry about viruses, but i wouldn't have to worry about half the stuff i do on a daily basis because the software does not exist for the mac anyway! Sorry, a mac is a nice machine, and it has it's place, but not in my needs.

[kcbooboo]

The older (version 2.xx) Zone Alarm is working just fine on my Win98SE systems. The latest memory-hogging version, that you probably have to pay a little bit for, was too much of a drain on Win98 systems and I just stayed with something that worked. Not many products on the market today will support stuff that Microsoft no longer provides updates for, i.e. Win9x, but us few remaining die-hards like the leaner, smaller, simpler systems.

Bob M.

[kb0nly]

Another good 98 firewall is Sygate, they do have a free version but it's going to be gone soon.

Symantec bought Sygate to improve their NIS firewall. Which ticks me off since the Symantec firewall is such crap and Sygate is such a good product that i currently use.

[va3wxm]

I've been running ZA on my W98SE system since getting DSL four years ago. Works very well.

The latest version is just plain bloated crapware.

I'm also connected through a router with NAT enabled so that helps a little bit.