A Trojan Question

[Vila]

A friend of mine over at CZ ran into a tricky Trojan and I told him I'd ask you guys about it since odds are one of you wrote it. (Or do I think to highly of you guys?!)

From:        Death Stalker      posted Sunday, May 04, 2008 3:52:39 AM 
The last few days I have been literally running my virus sweeper non-stop to get rid of the effects of a Trojan Horse that appeared. My sweeper seems to be doing the job getting rid of it but it has filled my Fonts folder with literally tens of thousands of Movie, Program, and Game names. It has been five days and it is only on the letter S but so far I have seen movies like Sin City, programs such as various DVD converters, and games such as Star Wars Battlefront.

If I go into my actual Fonts folder they aren't there but is there a faster way of getting rid of all this?

You can read his origional post here: http://www.cryptozoology.com/forum/topic_view_thread.php?tid=25&pid=568190

[Zazen]

The fonts folder is called a shell extension. When you open it up it doesn't show you files like every other folder, rather it processes a friendly list of installed fonts and shows them to you in a nice way. If he has a file in there thats setting off his antivirus it won't show up unless it's a font. If he uses the command line he can see and delete the real files.

Is this problem hampering his quest for bigfoot?

[MattGSX]

You're probably giving us too much credit. I don't think that many people on here actually write trojans/viruses for anything other than informational purposes.

Tell your friend to quit opening files like "pthc PRIVATE UNDERAGE MP4.wav" and his problems shouldn't persist.

[mr_doc]

It sounds to me like you need to perform a low level format on your hard drive.

[trevelyn]

It sounds to me like you need to perform a low level format on your hard drive.

yeah, just backup what you need and get rid of everything - start fresh.  I have been using tools like CleanUp!, Symantec Endpointe, Webroot, HijackThis, etc. and have been getting good at virus removal.  The only virus i haven't been able to remove is FakeAlert which somehow runs even during SafeMode - Hijacks windows message balloons saying "YOU HAVE A VIRUS THRET CLICK HERE TO REMOVE ALL VIRUSES!" etc. most of the time if it takes more than 2 hours fr removal i suggest to the person to reinstall.

[trevelyn]

i got a grip on virus removal from work (thats a bulk of what i do now) and wrote up a paper for virus removal that seems to do well with everyone, so far.

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

hope that helps reduce frustration of a lousy OS.

[CerealKiller]

sounds like you need the help of TORJAN MAAAAAAAAN!!!

[Tachyon]

^Belongs in a thread about Onion Networks

[Nod]

I'm disappointed. I thought this question was going to have a bunch of people hidden in it that would take over my fort and kill everyone in their sleep.

[rogueclown]

I'm disappointed. I thought this question was going to have a bunch of people hidden in it that would take over my fort and kill everyone in their sleep.

i'm not sending anyone after you.  i don't want you to die in your sleep. <3

i sent my hidden armies after....ummm...i'd say, but that would spoil the fun!

[Zazen]

i got a grip on virus removal from work (thats a bulk of what i do now) and wrote up a paper for virus removal that seems to do well with everyone, so far.

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

hope that helps reduce frustration of a lousy OS.

My magic formula for getting rid of that crap is:

-Run sysinternals' autoruns.exe or whatever other tool you like for enumerating everything that runs on startup.
-Write down the full file path of everything that looks like garbage. Don't bother trying to remove the startup entries. Any halfway decent malware will fight back and waste your time, plus if you make a mistake it's hard to put it back the way it was.
-Boot off of anything that lets you access the file system (windows CD in recovery mode, dos-ntfs on hirens, or whatever) and move the offending files to C:\temp to take them out of the picture. Safe mode isn't good enough for this.
-Boot up and the bad stuff won't be running. Get rid of any residual damage, including those now-orphaned startup entries that are probably generating errors about missing files. If you accidentally removed something important just move it back where it belongs and reboot. If there's still crap running, start over and be a little more liberal about what you call garbage.

Works every time for me, and without the need to install 31 flavors of antivirus tools. It's relatively quick too since you don't need to do scans or actually fight against programs while they're running.

[MelloKira]

i got a grip on virus removal from work (thats a bulk of what i do now) and wrote up a paper for virus removal that seems to do well with everyone, so far.

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

hope that helps reduce frustration of a lousy OS.

My magic formula for getting rid of that crap is:

[trevelyn]

updated:

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

I find new tools all the time, the method i use works 9 times out of 10. 

[Zazen]

updated:

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

I find new tools all the time, the method i use works 9 times out of 10. 

1. Enter the machine in Normal Mode (not Safe Mode) if possible.
2. Enter the system in Safe Mode (F8 at Boot and select) with Networking.
3. Run clean-up applications
4. Run Scumware/Malware removal tools
5. Run “heavy duty” antivirus clients
6. Run Trojan removal tools
7. Defragment hard drive
8. Reboot (for the final time) and test.
9. If no luck after this methodology It may be wise to simply backup some data* and reinstall the Operating System.

Holy crap that's a lot of scans! Are you billing customers on an hourly basis?

[trevelyn]

updated:

http://weaknetlabs.com/texts/pdf/windows-antivirus.pdf

I find new tools all the time, the method i use works 9 times out of 10. 

1. Enter the machine in Normal Mode (not Safe Mode) if possible.
2. Enter the system in Safe Mode (F8 at Boot and select) with Networking.
3. Run clean-up applications
4. Run Scumware/Malware removal tools
5. Run “heavy duty” antivirus clients
6. Run Trojan removal tools
7. Defragment hard drive
8. Reboot (for the final time) and test.
9. If no luck after this methodology It may be wise to simply backup some data* and reinstall the Operating System.

Holy crap that's a lot of scans! Are you billing customers on an hourly basis?

naw, the university does, and i have like 20 machines a day, so i let all the virus shit go in the bg as i repair the physical damages at the same time.  like, you know, multitasking.