oo crap...

Discussion in 'Windows Desktop Systems' started by mike09, Jan 8, 2003.

  1. mike09

    mike09 Moderator

    Messages:
    531
    Location:
    Washingtonville , New York
    i did a norton scan and it found a trojon. the thing is i dont know if i opened the file. is there any way i can tell if i opened the file
     
  2. mike09

    mike09 Moderator

    Messages:
    531
    Location:
    Washingtonville , New York
    the virus was called PWSteal.Trojan
     
  3. First of all make sure the virus is gone.

    I use my Roxio GoBack history logs to see what happened when it happened. It has helped me from making many of the same mistakes twice.
     
  4. mike09

    mike09 Moderator

    Messages:
    531
    Location:
    Washingtonville , New York
    i ran a scan and i deleted all the files that were infected. im pretty sure i got the virus cause i went to the symantec website and i did everything it told me to.
     
  5. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia
    and then

    If you had infected files , this means the virus was active. You must have executed the original file for this to have happened. Dunno how you got it, but this is what it does (or has done to you)

    When executed, the PWSteal.Trojan.D performs the following actions:

    1. It drops itself into the \Windows\System folder as the Molecule.exe and Molecule.dll files.
    2. To enable itself to run at startup, it adds the value

    Molecule Molecule.exe /logon

    to the registry key

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    3. It installs hook procedures into a hook chain to monitor the system for any keyboard and mouse messages. The keyboard and mouse hook procedures process the messages and pass the hook information to the next hook procedure in the current hook chain. This permits the PWSteal.Trojan.D to intercept any key strokes and any text on the screen.
    4. The Trojan drops the intercepted information into a temporary file and sends it out to the virus author's anonymous email address.


    A good thing you caught it, bad that NAV did not catch it while running in the background, and that you needed to scan you disc fir it. Are you using up to date antivirus software and definitions? You might want to give AVG a try. It is free!

    Oh, did I mention it is FREE!!!

    FREEEEEEEE

    FREEEEEEEE

    \gotta go
     
  6. mike09

    mike09 Moderator

    Messages:
    531
    Location:
    Washingtonville , New York
    yes. i have an up to date 2002 NAV with all the definitions.im gonna go through the removal process (just in case u know) well thanks for the help guys.
     
  7. koko

    koko Got Root?

    Messages:
    577
    Location:
    Columbia, S.C.
    avg rocks! been using it for several months and it's great.

    best of all, it's free!
     
  8. Burpster

    Burpster Guest

    i always run a trojan scanner as well as AV just for a little extra protection

    btw a couple whitehats i know have been strongly recommending Mcafee AV home edition 7 as the best AV out at the moment
     
  9. also if you have some sort of firewall make sure you know what everything is that connects to the internet, so that way youll know noone can connect to your computer.