Ding Blang Trojan... need one minute of time please!

P

pc_tek

Guest
i got a bling dang trojan virus crap shit..bling blang ole son of a $%@#$%#%....hehehe

Ok, i just nee a flavor real quick. I need someone that know how to manipulate the registry and export 2 paths for me and attach them to the next thread. Here are the paths.... thanks!

these are incorrect...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Default web browser]
"StubPath"="C:\\WINDOWS\\System32\\iexpIore.exe ASC"

and ..

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Default web browser"="C:\\WINDOWS\\System32\\iexpIore.exe"

Sorry I know its the wrong forum category, but this one gets most read. After I get the info Ill have moderator delete thread.. thanks again!

PC-TEK
 
D

dylix

Guest
i dont have either of those in my registry.. i use xp pro..
 
P

pc_tek

Guest
funny....me too... maybe they are safe to delete...hehehe

Im still doing alittle more research... its that ding dang ole MINI OBLIVIAN trojan crap..

Thanks!
 
P

pc_tek

Guest
I need exactly the paths that are shown. I know what I posted is incorrect because they point to the virus file =)

Thanks lonman!
 

Lonman

Bleh!
Joined
2 Dec 2001
Messages
2,642
Originally posted by pc_tek
I need exactly the paths that are shown. I know what I posted is incorrect because they point to the virus file =)

Thanks lonman!
Well buddy... I AIN'T puttin' that trojan on here just to export those keys, lol. ;) :p
 
P

pc_tek

Guest
my mistake... i thought you said you had those paths.. do you or dont you?
 
P

pc_tek

Guest
lets say this.... errrr


I need to know what to replace the incorrect wording with. I need the correct paths!
 

Lonman

Bleh!
Joined
2 Dec 2001
Messages
2,642
Originally posted by pc_tek
my mistake... i thought you said you had those paths.. do you or dont you?
No, I don't have those paths, sorry.

I need to know what to replace the incorrect wording with. I need the correct paths!
My guess is they're safe to delete???
 

Qumahlin

OSNN Veteran Addict
Joined
6 Dec 2001
Messages
2,006
and this children is why we all should have an antivirus program installed :)
 

Khayman

I'm sorry Hal...
Political Access
Joined
6 Jan 2002
Messages
5,518
on my xp home i don't have those keys either, the Default web browser bits
 

Bytes Back

Ex Police Chief
Joined
20 Jun 2004
Messages
1,383
I may (or may not) have found what you want

Only thing is, its one level deeper

Anyway, I have attached a reg file to see if that helps. I've had to give a .bmp extension so just change it to reg.
 
P

pc_tek

Guest
Originally posted by Qumahlin
and this children is why we all should have an antivirus program installed :)

ehhhhhhhh.... no need for antivirus software! They are just reactionary for people that dont know any better. I caught this within an hour of install. You cant fix a virus until after one has been made. Its not like they find em before they are released :D


This is my second trojan in 3 years. This one happened to be attached to a port sniffer. Anyways, I deleted those keys... trojan is all clear! It was the mini oblivian trojan.

Just search it out in registry and delete any keys it contains except for the SHELL key, just remove the "iexiore.exe" at the end.

Then delete the iexpiore.exe in the system32 dir.

Thats it! No harm.

And NO i still will never run an antivirus program! :D Besides.. most AV software wont catch trojans:D
 
P

pc_tek

Guest
OK... now that i got rid of it and verified I got rid of it by rebooting. Im the curious type I wanted to know exactly where I got it from.


It was a file I downloaded from Kazaa. A program called "SuperScan Port Scanner.exe". So with that said, stay away from this port program.

Hope this helps!
 

Lonman

Bleh!
Joined
2 Dec 2001
Messages
2,642
I'm curious, if you don't have AV software running, how did you know you had a trojan?
 
P

pc_tek

Guest
Originally posted by Lonman
I'm curious, if you don't have AV software running, how did you know you had a trojan?

Im good...LOL Actually I go through my msconfig startup a couple of times a day because I do a ton of installing and removing and ensure everything is cleared out. I saw a couple IE files in my startup group that didnt look right. Then I got curious, I had my firweall turned of, so I saw what ports were opened and I saw 6668 port opened with a program called something wierd like "lkdyrvh.exe" so that caught my attention. So I looked at my processes and saw this running... so i killed it immediately. Then started searching it out with www.google.com.

Turns out because I verified from which program it came from It was only active for less than a half hour. YAH!

Im a proven fact that just alittle bit of knowledge helps out alot.:D
 

Qumahlin

OSNN Veteran Addict
Joined
6 Dec 2001
Messages
2,006
had you had norton or most other anti viruses up to date...it would be caught before you ever installed the program...and yes anti virus programs do catch viruses before they are updated, they have built in heuristics to see common virus behaviors

and also they do catch trojans too, so far anti vir has never let me down...If you really don't like anti virus programs do what I do...disable the auto protect...just let it scan programs you run for the first time and downloads, that way there is no slow down from it scanning everything and your always safe :)
 
P

pc_tek

Guest
Originally posted by Qumahlin
had you had norton or most other anti viruses up to date...it would be caught before you ever installed the program...and yes anti virus programs do catch viruses before they are updated, they have built in heuristics to see common virus behaviors

and also they do catch trojans too, so far anti vir has never let me down...If you really don't like anti virus programs do what I do...disable the auto protect...just let it scan programs you run for the first time and downloads, that way there is no slow down from it scanning everything and your always safe :)

NAAAAAAWWWWW!!! LOL still dont want it! hehehe
 

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Threads
61,997
Messages
673,412
Members
5,590
Latest member
AntonioPR