Clusterheadaches.com Message Board (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
New Message Board Archives >> Jan-Mar 2004 >> Wrong fucking board.......
(Message started by: jonny on Mar 28th, 2004, 5:00pm)

Title: Wrong fucking board.......
Post by jonny on Mar 28th, 2004, 5:00pm
I posted this on the wrong board

Here it is.

How to get rid of these  

Trojan horse Downloader.Turown.C

Trojan horse Downloader.Turown.A

I've tried  

Stinger
AVG
Norton
Spybot
Trojan remover
Trend micro security
Webshredder
Adaware

AVG picks it up but does nothing with it, just fucking tells me it's there.

Title: Re: Wrong fucking board.......
Post by wsnyder on Mar 28th, 2004, 5:03pm
Go back to the other board. I posted a reply.

Bill

Title: Re: Wrong fucking board.......
Post by fubar on Mar 28th, 2004, 5:04pm
http://www.computercops.biz/modules.php?name=Forums&file=viewtopic&p=117244

help maybe?

Title: Re: Wrong fucking board.......
Post by Superpain on Mar 28th, 2004, 5:17pm
try spysweeper...

You can goto webroot.com and check it out.
If you buy it, it comes with a subscription service that updates weekly. It works very well.

Title: Re: Wrong fucking board.......
Post by t_h_b on Mar 28th, 2004, 7:01pm
This one should get it, too:

http://www.pandasoftware.com/activescan/

Or download TrojanHunter here:

http://www.computercops.net/downloads-cat-6.html




Title: Re: Wrong fucking board.......
Post by Rock_Lobster on Mar 28th, 2004, 8:03pm
You are going to have two problems...

First...Turown gets into your system like STDs get into a $10 crack ho... it is all over the place... quite invasive.

Second... it is really rare.  It is not a netsky or a mydoom.  Therefore all the great minds of the anti world are not working on a cure.  

As suggested, go with TrojanHunter and ActiveScan and spysweeper.  Great as they are though, the Turown variants are nasties on planet trojan... real biatches.

If those do not do the trick, the cure being suggested out there, if you are not an uber-tech or have first hand access to an uber-tech for 4-5 hours, is to backup your important files then wipe your system with a fresh install.  Yes, that blows.

Rok

Title: Re: Wrong fucking board.......
Post by Rock_Lobster on Mar 28th, 2004, 10:37pm
Know that if you are running XP or 2K then your uber-geek does not need to be local... it can be a close trusted buddy, such as someone you know on this board with said skillz.

You can get them on the horn, then they can talk you through how to your configure your system and drop your firewall enough for them to log in remotely and fix you right up.

Make sure it is someone you like enough that if they hose your system you are ok with that.  Nasty stuff you got there.

Wrokk Robstah

Title: Re: Wrong fucking board.......
Post by brain_cramps on Mar 28th, 2004, 10:44pm

on 03/28/04 at 22:37:15, Rock_Lobster wrote:
Make sure it is someone you like enough that if they hose your system you are ok with that.  Nasty stuff you got there.

Wrokk Robstah


Sounds like a job for the Wrokk.

(can't say as i want a chance at screwing up jonny's computer ;) )

Let us know how it goes,
grant      ;;D

Title: Re: Wrong fucking board.......
Post by Mark C on Mar 29th, 2004, 12:19am
Nasty critter there jonny....where you been?!  ;;D

Looks like this nasty likes to reside in the "System Restore" section of your HD. Disable this handy fuction and then run the removal tool. To disable Restore in WinXP and 2000 look here (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam) and for WinME look here (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?Open&src=sec_doc_nam&docid=2001111912274039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=).

Then use one of the many on-line scans provided or maybe even AVG can get to it once you disable Restore.

Per Tony Klien, an "uber-geek" if there ever was one...
"It's just because your Restore folder is protected, and Antivirus software is unable to modify its contents.
You'll need to flush that folder:

1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check Turn off System Restore.
5. Click Apply, and then click OK.
6. Restart the computer.

All data, including your virus, will be purged from the restore folder.

7. Run your antivirus once more.

After rebooting, re-enable System Restore. "

Look here. (http://ispcops.com/postp114168.html)


More information on System Restore can be found here. (http://www.spywareinfo.com/forums/index.php?showtopic=18913)

I am concerned how you got this bug...an open port maybe? I know you are "always-on" broadband so it is possible your firewall is not plugged up. Go here (http://www.dslreports.com/scan) and do a port scan and see if you got holes in your wall dude.

For a really good read on how to prevent such infections, again by uber geek Tony Klien look here. (http://www.computercops.biz/postlite7736-.html)

If you like REALLY nasty bugs....

Quote:
Most infected computers will have to be rebuilt from scratch unless their owners instead decide to buy new ones

Look here (http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanEE%2edb&command=viewone&id=6&op=t) for a read on the "Witty (http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html)" worm. It is expected to die quickly because it destroys it's host.....not your average script kiddie stuff.

Let me know how it goes King,
See ya,
Mark

Title: Re: Wrong fucking board.......
Post by Root on Mar 29th, 2004, 2:05am
From the looks of it. All things being equal. What with the trouble and all that you have to go trhough over this. Might I suggest a different tactic. That should prove  more beneficial in the long run.

FTP://limestone.uoregon.edu/pub/linux/fedora/core

My personal preference is BSD, but for the "average" user that appears to me to be the best all around solution to most of the current problems.
Your milage may differ ofcourse.

Best of luck. Be careful out there. [smiley=smokin.gif]

Title: Re: Wrong fucking board.......
Post by cootie on Mar 29th, 2004, 10:33am
I've read to run Stinger succesfully you 'have' to disable systems restore cuz virus's hide in there and it won't find them. But if you do that you will not be able to go back beyond the date you did it to restore anything you muss up now or later. Hope you got rid of yer bugs by now Pam

PS: I had to buy a new PC recently cuz my mine peuk'd a motherboard furball. Anyhow....I went to onea the small private owned computer stores and lots of people were walkin in with there pc's and the guys hook em up out back to scan for virus's and remove them for them for small fee. Did it while ya wait too. I got to stand around and watch em for a while.....interesting ! They had all sorts of high tech shit to do it and software. Mite be an option ta think about if anyone else gets stuff they can't get rid of.

Title: Re: Wrong fucking board.......
Post by wsnyder on Mar 29th, 2004, 2:14pm
PC Magazine is offering this today in their email:

http://www.pcworld.com/downloads/file_description/0,fid,8171,tk,hsx,00.asp

Bill

Title: Re: Wrong fucking board.......
Post by jonny on Mar 29th, 2004, 6:49pm
I want to thank all you folks, It aint fixed but I now know alot more than I did and I have been hanging out over at the computer cop website. Im sure they will be able to help me out.

Thanks again....You all ROCK!!!!

........................jonny

Title: Re: Wrong fucking board.......
Post by Opus on Mar 29th, 2004, 9:46pm
Kirk!,
  Get in here and tell root how it is really done.

Ummmm, must be busy upgrading to the 2.6 kernel.

Well I'll give it a try,

No problem,
Just insert your copy of Fedora core 1, reboot,
and all will become clear.

Jonny, nothing on symantic, man you in trouble!

Do you have a hardware firewall such as a broadband router,
If not run to the store quick.
With the sudden attack of computers through their software firewalls I am thinking of removing the one on the windoze box, or better yet installing knoppix to the hard drive and telling my wife win98 was recalled.

Opus/Paul



Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.