Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IE Creating Trojans




  1. #1
    Join Date
    Feb 2003
    Location
    No where
    Posts
    445

    Default

    My firewall let me know that a program was trying to access the internet. It was called 32452.exe. I blocked it, not knowing what it was, and went on. Then the next time I launched IE, it did it again, but new numbers this time. So I searched around and found out they are in my profiles temp folder, in a folder called "delete.me". I did as the folder said, and deleted it. Next time I lauched IE it recreated the files, 4 of them, and tryied to access the internet again. Natually I blocked it again. I used The Cleaner (www.moosoft.com) to scan for trojans, but found none. So I just kept blocking them till I got annoyed, and decided to check to updates with The Cleaner. Downloaded 2 updates and scanned my Temp again, and they are trojans. It cleaned them, but IE still created new ones when I started it up. A full system scan came up with nothing. Im still getting the files. Has anyone seen this before? It happened after installing office 2003. I have heard it has a built in trojan to let M$ kill the drive or something. Is this true? Anyone know a solution?

  2. Default

    sounds like any number of trojans/viruses. If Antivirus wont take care of it (try www.avast.com for an a great free AV) then you're looking at a reformat.
    The FatGuy's Rig:

    <small>AMD 1600+ XP O/C'd to 1560 mhz // Thermaltake Volcano 7+ // Aopen AK77 Pro K266(A) Chipset O/C'd to 147 mhz // 256MB Elixir PC2100 DDR CAS2 // Visiontek GeForce4 Ti4200 O/C'd to 310/580 w/ Thermaltake HSU // SoundBlaster Audigy X-Gamer // WD205BA 20GB 7200 // Sony 52x/24x/52x // Linksys 10/100 NIC // ThermalTake 480w Butterfly PSU // Silver Windowed Aluminum Mid-Tower Case (Modded) // Vantec Nexus Fan Controller// Thermaltake 80mm Blower // 3xEvercool 80mm Fans // 2xBlue Cold Cathodes // 2xSound activated Blue Cold Cathodes // Dell 17" Monitor // Microsoft Trackball // Creative 5.1 Speakers</small>

    Come Crunch with TweakTown

    <img src="http://www.statgfx.com/statgfx/folding/?&username=FatGuy3&border=0,0,0&custom =0,0,255&label=0,0,0&header=255,0,0&st ats=0,0,255&trans=yes&template=fah_origina l&.jpg" alt="www.Statgfx.com" />

  3. #3
    Join Date
    Nov 2001
    Posts
    4,723

    Default

    I have to agree, it sounds like a malware has infected your system.
    Perhaps the online scan at http://www.spywareinfo.com/ can assist.

    SpyWareInfo also has a page of reccomeded software;
    http://www.spywareinfo.com/downloads.php?cat=av#av
    (note that Fatguy3's reccomendation appears on that page also)

    If you can at least track down what malware it is exactly, removal instructions should be readily available through a quick search of Google.

    Spybot Search & Destroy is still one of my favorite utilities for hunting down malware;
    http://www.safer-networking.org/
    The reason a diamond shines so brightly is because it has many facets which reflect light.

  4. #4
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    http://securityresponse.symantec.com...dware.lop.html
    you seem to have been hit by that ^
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  5. #5
    Join Date
    Nov 2001
    Posts
    4,723

    Default

    OH!
    I do hope not!
    lop is as heinous as they come:(
    The reason a diamond shines so brightly is because it has many facets which reflect light.

  6. #6
    Join Date
    Feb 2003
    Location
    No where
    Posts
    445

    Default

    Just as I figured, spybot came up with nothing but the usual cookies. The online scanner came up with nothing. My AV, panda Anti Virus, came up with nothing. Im not sure where to go next.

    Thanks for the help though guys.

  7. #7
    Join Date
    Nov 2001
    Posts
    539

    Default

    reformatting the drive fully might be your next step...:2cents:
    MSN Messenger - handy481@hotmail.com
    DC++ - handy481 :: Sweden Xperience :: BootCamp 02 :: Revolution xShare 01 :: Mp3Heaven

  8. #8
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    Quote Originally Posted by Dyck15
    Just as I figured, spybot came up with nothing but the usual cookies.
    did you use an updated spybot? updations are quite important as lop seems to have created havoc mostly in last few months.
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  9. #9
    Join Date
    Feb 2003
    Location
    No where
    Posts
    445

    Default

    Everything on my system is totally updated. Spybot, The Cleaner, Panda, everything. I Actually did a scan which found nothing, updated, then scanned again and found a bunch of junk, but none of it was lop.

    I dont think it is lop though, becuase I checked it out and my system doesnt match some of the technical details.

  10. #10
    Join Date
    Dec 2002
    Location
    Winnipeg, Canada
    Posts
    848

    Default

    Hey dyck15, remember, I warned you about the m03 (m zero three) trojan thats in office 2003. Thats what it does. Microsoft created that trojan for xbox first. Now they include it with office 2003 and future major software releases. It allows m$ complete access to the infected hd to snoop, change or delete at will.
    I also warned everyone else at tt on oct 22 as well but nobody listened. They thought I was crazy. Time to reformat. Stick with office 2000 or xp until there is a removal tool for the m03. Besides, 2003 is supposed to be incompatable with older versions, forcing everyone else to buy the mo3 trojan to stay compatable(lol).
    link to original post

    If you read the other thread, you will see the reactions they
    (asklepios and persian imortal) had.
    athlon xp-m@2456mhz(12x204)
    tt aquariusII liquid cooled/ arctic silver ceramique
    asus a7n8xe-dlx
    thermaltake xaserIII lanfire
    bfg 6800gt
    seagate sataII 250gb/seagate 7200rpm 160gb ide
    samsung dvdrw
    2x1024 kingston hyper-x pc3200/ windows xp pro sp3
    logitech mx518/ logitech wingman rumble
    2x samsung 955df 19"/ canon i960
    creative x-fi fatal1ty 64mb/ altec lansing 251-5.1
    mushkin 550w

    opteron 146 @ 2850 (10x285)
    DFI infinity nf4 ultra
    thermaltake tsunami dream -black
    seagate sataII 500gb
    evga 8600gt oc ssc edition
    samsung sata dvd-rw
    2x1024 ocz black
    logitech ifeel/ nec accusync 75f
    ocz fatal1ty 550w

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •