Ding Blang Trojan... need one minute of time please!

Discussion in 'Windows Desktop Systems' started by pc_tek, Jan 26, 2002.

  1. pc_tek

    pc_tek Guest

    i got a bling dang trojan virus crap shit..bling blang ole son of a $%@#$%#%....hehehe

    Ok, i just nee a flavor real quick. I need someone that know how to manipulate the registry and export 2 paths for me and attach them to the next thread. Here are the paths.... thanks!

    these are incorrect...


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Default web browser]
    "StubPath"="C:\\WINDOWS\\System32\\iexpIore.exe ASC"

    and ..

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Default web browser"="C:\\WINDOWS\\System32\\iexpIore.exe"

    Sorry I know its the wrong forum category, but this one gets most read. After I get the info Ill have moderator delete thread.. thanks again!

    PC-TEK
     
  2. dylix

    dylix Guest

    i dont have either of those in my registry.. i use xp pro..
     
  3. pc_tek

    pc_tek Guest

    funny....me too... maybe they are safe to delete...hehehe

    Im still doing alittle more research... its that ding dang ole MINI OBLIVIAN trojan crap..

    Thanks!
     
  4. Lonman

    Lonman Bleh!

    Messages:
    2,642
    Yes, incorrect. Do you want a whole tree or something that you can sift through? If yes, which ones.
     
  5. pc_tek

    pc_tek Guest

    I need exactly the paths that are shown. I know what I posted is incorrect because they point to the virus file =)

    Thanks lonman!
     
  6. Lonman

    Lonman Bleh!

    Messages:
    2,642
    Well buddy... I AIN'T puttin' that trojan on here just to export those keys, lol. ;) :p
     
  7. pc_tek

    pc_tek Guest

    my mistake... i thought you said you had those paths.. do you or dont you?
     
  8. pc_tek

    pc_tek Guest

    lets say this.... errrr


    I need to know what to replace the incorrect wording with. I need the correct paths!
     
  9. Lonman

    Lonman Bleh!

    Messages:
    2,642
    No, I don't have those paths, sorry.

    My guess is they're safe to delete???
     
  10. Lonman

    Lonman Bleh!

    Messages:
    2,642
    What trojan is it?
     
  11. Qumahlin

    Qumahlin Moderator

    Messages:
    2,006
    and this children is why we all should have an antivirus program installed :)
     
  12. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    on my xp home i don't have those keys either, the Default web browser bits
     
  13. Bytes Back

    Bytes Back Ex Police Chief

    Messages:
    1,383
    Location:
    Kernow
    I may (or may not) have found what you want

    Only thing is, its one level deeper

    Anyway, I have attached a reg file to see if that helps. I've had to give a .bmp extension so just change it to reg.
     
  14. pc_tek

    pc_tek Guest

    ehhhhhhhh.... no need for antivirus software! They are just reactionary for people that dont know any better. I caught this within an hour of install. You cant fix a virus until after one has been made. Its not like they find em before they are released :D


    This is my second trojan in 3 years. This one happened to be attached to a port sniffer. Anyways, I deleted those keys... trojan is all clear! It was the mini oblivian trojan.

    Just search it out in registry and delete any keys it contains except for the SHELL key, just remove the "iexiore.exe" at the end.

    Then delete the iexpiore.exe in the system32 dir.

    Thats it! No harm.

    And NO i still will never run an antivirus program! :D Besides.. most AV software wont catch trojans:D
     
  15. pc_tek

    pc_tek Guest

    OK... now that i got rid of it and verified I got rid of it by rebooting. Im the curious type I wanted to know exactly where I got it from.


    It was a file I downloaded from Kazaa. A program called "SuperScan Port Scanner.exe". So with that said, stay away from this port program.

    Hope this helps!
     
  16. Lonman

    Lonman Bleh!

    Messages:
    2,642
    I'm curious, if you don't have AV software running, how did you know you had a trojan?
     
  17. pc_tek

    pc_tek Guest

    Im good...LOL Actually I go through my msconfig startup a couple of times a day because I do a ton of installing and removing and ensure everything is cleared out. I saw a couple IE files in my startup group that didnt look right. Then I got curious, I had my firweall turned of, so I saw what ports were opened and I saw 6668 port opened with a program called something wierd like "lkdyrvh.exe" so that caught my attention. So I looked at my processes and saw this running... so i killed it immediately. Then started searching it out with www.google.com.

    Turns out because I verified from which program it came from It was only active for less than a half hour. YAH!

    Im a proven fact that just alittle bit of knowledge helps out alot.:D
     
  18. Lonman

    Lonman Bleh!

    Messages:
    2,642
  19. Qumahlin

    Qumahlin Moderator

    Messages:
    2,006
    had you had norton or most other anti viruses up to date...it would be caught before you ever installed the program...and yes anti virus programs do catch viruses before they are updated, they have built in heuristics to see common virus behaviors

    and also they do catch trojans too, so far anti vir has never let me down...If you really don't like anti virus programs do what I do...disable the auto protect...just let it scan programs you run for the first time and downloads, that way there is no slow down from it scanning everything and your always safe :)
     
  20. pc_tek

    pc_tek Guest

    NAAAAAAWWWWW!!! LOL still dont want it! hehehe