Hidden Trojan.. anyone help out?

NightTrain

NightTrain

VIP Member
Aug 29, 2003
1,425
87
83
Wasilla, Alaska
Well, I've been gone most of the Summer, and I've got a trojan on this machine at home.

I'm running XP Pro, AVG anti-virus, Spybot S&D and Adaware.

AVG says I'm clean.

Adaware says I'm clean.

Spybot tells me I've got 5 entrees of DSO Exploit, and it can't remove them, even when I tell it to go ahead and run at next startup.

Then, after roughly 15 minutes of inactivity, I get a message from windows:

Virus
Trojan horse Downloader.winshow.AT detected at C:\System Volume Information\_restore{7BF9A251-DD3O-488D-BF66-BAE458F9ACEA}\RP187\A004958.dll

I'm reluctant to rip out that .dll file in that System Volume Information area... as I've had very bad experiences with doing such things in the past. I'm surprised that AVG isn't detecting it, unless the message itself is a bogus message.

XP Pro is fighting my attempts to access the System Volume Information, I've already turned off the 'hide system files' and the like under Tools, but it's still telling me to go away when I try to open it although it's visible now.

Any ideas?
 
The DSO exploit is nothing to worry about. As far as the trojan is concerned try this; click on start, programs, acessories, system tools, system restore, and turn it off, allowing XP to delete all previous restore points (they already contain the trojan). Now reboot and turn system restore back on. Let me know if this helps.

Also never delete a dll or ocx unless you are absolutely sure there are no dependencies.
 
XP Pro is fighting my attempts to access the System Volume Information, I've already turned off the 'hide system files' and the like under Tools, but it's still telling me to go away when I try to open it although it's visible now.
Click to expand...

This is due to the security permissions of the folder. It is set by window to system, meaning only the OS has access to it, not even the administrator.
 
Thanks, guys.

Forgot to post that I tried what Eric suggested right before I walked out the door on my way back down here... running short on time as usual. Worked like a charm! Once XP dumped the SVI files, she's clean as a whistle!

My guess is that the SVI files are kept isolated from all other programs, which makes sense if you have a virus running rampant through the rest of your machine. That way, you have an uncorrupted set of files available to reload with. Am I on track?

Again, thanks for the help fellas!
 
Get a mac!
Click to expand...

You mean the one with : 2 all beaf patties, special sauce, lettuce, cheese, pickles, onions, on a sesame seed bun ?????
 
Another way to go is to go into the registery and try and delete the offending little item from there. If you need a hand let me know
 
That is a registry key, not a file. Post the exact error and I will tell you what you should do. DON'T go playing around in the registry by yourself, you can cause programs to stop working as well as windows itself.

Once you post the exact error I can tell you step by step how to resolve it, SAFELY. Never just delete entries because someone tells you too. Unless that person is a programmer and understands COM object registration and threading models, they can do more harm than good.
 
eric said:
That is a registry key, not a file. Post the exact error and I will tell you what you should do. DON'T go playing around in the registry by yourself, you can cause programs to stop working as well as windows itself.

Once you post the exact error I can tell you step by step how to resolve it, SAFELY. Never just delete entries because someone tells you too. Unless that person is a programmer and understands COM object registration and threading models, they can do more harm than good.
Click to expand...


That is exactly why I left it ALONE. The others were approved by my brother-in-law who is an expert. This one was found after he left. I will get the exact info in a second, I'll pm it ok?
 
You must log in or register to reply here.

notebook offer

< Previous Thread

Anyone know what X-Box game this is?????????

Next Thread >

Similar threads

Dayton3
Carson Tower-a genre bending story
Replies
8
Views
5K
Dayton3
Dayton3
Paulie
The Iranian Oil Bourse, The Undersea Cables Being Cut, and What it Means for Us
Replies
6
Views
1K
Paulie
P
pegwinn
Can someone help me out here?
Replies
2
Views
559
pegwinn
P

Latest Discussions

1srelluc
U.S. expected to sanction IDF unit for human rights violations in occupied West Bank
4 5 6
Replies
100
Views
417
toomuchtime_
T
IM2
Zone1 A perfect depiction of the history black/white relations in the USA (pt.2)
Replies
9
Views
124
crossbody
crossbody
Sixties Fan
Stop Antisemitism
186 187 188
Replies
4K
Views
71K
Sixties Fan
Sixties Fan
rylah
Zone1 Islam- Arab Imperialism
48 49 50
Replies
983
Views
16K
Sixties Fan
Sixties Fan
BrokeLoser
What did our founders really mean when they said “general welfare”?
90 91 92
Replies
2K
Views
66K
zaangalewa
zaangalewa
View more…

Forum List

Back
Top