Trojan Help 
Author Message
 Trojan Help

I seem to have contracted a Trojan Horse but cannot even find it.

Note: Win XP Pro, SP1.

Here is what happened:

1. Yesterday while running some software I have never run before Norton pops
up a message saying a Trojan Horse had been located. It said it could not
repair it nor delete it.

I searched for the file (which Norton said was: c:\Windows\~ s ~.exe) but
could not find it even in safe mode.

2. It manifests itself strangely (or these could be indicative of some other
problems). When I run Outlook Express, then Win Explorer, if I close
Explorer I cannot then open it again. If I click the button 3 times, I get 3
processes running in the task mgr, but no Explorer windows appear.

3. When I shut done, I get a message saying that Proxy Desktop is shutting
down.

Any ideas or comments?

Regards,
Dave Schwartz



Sun, 02 Oct 2005 19:24:45 GMT  
 Trojan Help
Hi Dave -
    Do a Search on the Norton website for the file name you can't find to
get the name of the actual virus and then find the write-up on it. You can
then read up on the effects it has and maybe get a step by step guide for
removing it.
    As to not being able to find the file, you do have Tools/Folder
Options/View set to show hidden files, right?
    Good luck.

--
Bob Diver


Quote:
> I seem to have contracted a Trojan Horse but cannot even find it.

> Note: Win XP Pro, SP1.

> Here is what happened:

> 1. Yesterday while running some software I have never run before Norton
pops
> up a message saying a Trojan Horse had been located. It said it could not
> repair it nor delete it.

> I searched for the file (which Norton said was: c:\Windows\~ s ~.exe) but
> could not find it even in safe mode.

> 2. It manifests itself strangely (or these could be indicative of some
other
> problems). When I run Outlook Express, then Win Explorer, if I close
> Explorer I cannot then open it again. If I click the button 3 times, I get
3
> processes running in the task mgr, but no Explorer windows appear.

> 3. When I shut done, I get a message saying that Proxy Desktop is shutting
> down.

> Any ideas or comments?

> Regards,
> Dave Schwartz



Sun, 02 Oct 2005 20:18:26 GMT  
 Trojan Help
get the Trojan removal tool called Ad-aware.  Designed to just look for
Trojans and I believe it's free. It found 64 of the little devils on my
system...

Robert


Quote:
> Hi Dave -
>     Do a Search on the Norton website for the file name you can't find to
> get the name of the actual virus and then find the write-up on it. You can
> then read up on the effects it has and maybe get a step by step guide for
> removing it.
>     As to not being able to find the file, you do have Tools/Folder
> Options/View set to show hidden files, right?
>     Good luck.

> --
> Bob Diver



> > I seem to have contracted a Trojan Horse but cannot even find it.

> > Note: Win XP Pro, SP1.

> > Here is what happened:

> > 1. Yesterday while running some software I have never run before Norton
> pops
> > up a message saying a Trojan Horse had been located. It said it could
not
> > repair it nor delete it.

> > I searched for the file (which Norton said was: c:\Windows\~ s ~.exe)
but
> > could not find it even in safe mode.

> > 2. It manifests itself strangely (or these could be indicative of some
> other
> > problems). When I run Outlook Express, then Win Explorer, if I close
> > Explorer I cannot then open it again. If I click the button 3 times, I
get
> 3
> > processes running in the task mgr, but no Explorer windows appear.

> > 3. When I shut done, I get a message saying that Proxy Desktop is
shutting
> > down.

> > Any ideas or comments?

> > Regards,
> > Dave Schwartz



Sun, 02 Oct 2005 23:09:42 GMT  
 Trojan Help
Bob & Robert,

The file lists as "~s~.exe" and cannot be found on the hard drive. (Yes, I
have "show all files" checked. What self-respecting programmer wouldn't.
<G>)

Norton has no reference for it in its knowledge base.

A scan of the hard drive finds nothing now. Yesterday Norton found it when
it attempted to run.

I have Ad-Aware installed. Ran it again and it found nothing.

If anyone has any other ideas, I'd sure love to hear them.

Regards,
Dave Schwartz


Quote:
> Hi Dave -
>     Do a Search on the Norton website for the file name you can't find to
> get the name of the actual virus and then find the write-up on it. You can
> then read up on the effects it has and maybe get a step by step guide for
> removing it.
>     As to not being able to find the file, you do have Tools/Folder
> Options/View set to show hidden files, right?
>     Good luck.

> --
> Bob Diver



> > I seem to have contracted a Trojan Horse but cannot even find it.

> > Note: Win XP Pro, SP1.

> > Here is what happened:

> > 1. Yesterday while running some software I have never run before Norton
> pops
> > up a message saying a Trojan Horse had been located. It said it could
not
> > repair it nor delete it.

> > I searched for the file (which Norton said was: c:\Windows\~ s ~.exe)
but
> > could not find it even in safe mode.

> > 2. It manifests itself strangely (or these could be indicative of some
> other
> > problems). When I run Outlook Express, then Win Explorer, if I close
> > Explorer I cannot then open it again. If I click the button 3 times, I
get
> 3
> > processes running in the task mgr, but no Explorer windows appear.

> > 3. When I shut done, I get a message saying that Proxy Desktop is
shutting
> > down.

> > Any ideas or comments?

> > Regards,
> > Dave Schwartz



Mon, 03 Oct 2005 00:31:27 GMT  
 Trojan Help
Did a search on Google. Apparently this is a very common problem.

Unfortunately, no solutions.

Continuing to look...

Regards,
Dave Schwartz


Quote:
> Bob & Robert,

> The file lists as "~s~.exe" and cannot be found on the hard drive. (Yes, I
> have "show all files" checked. What self-respecting programmer wouldn't.
> <G>)

> Norton has no reference for it in its knowledge base.

> A scan of the hard drive finds nothing now. Yesterday Norton found it when
> it attempted to run.

> I have Ad-Aware installed. Ran it again and it found nothing.

> If anyone has any other ideas, I'd sure love to hear them.

> Regards,
> Dave Schwartz



> > Hi Dave -
> >     Do a Search on the Norton website for the file name you can't find
to
> > get the name of the actual virus and then find the write-up on it. You
can
> > then read up on the effects it has and maybe get a step by step guide
for
> > removing it.
> >     As to not being able to find the file, you do have Tools/Folder
> > Options/View set to show hidden files, right?
> >     Good luck.

> > --
> > Bob Diver



> > > I seem to have contracted a Trojan Horse but cannot even find it.

> > > Note: Win XP Pro, SP1.

> > > Here is what happened:

> > > 1. Yesterday while running some software I have never run before
Norton
> > pops
> > > up a message saying a Trojan Horse had been located. It said it could
> not
> > > repair it nor delete it.

> > > I searched for the file (which Norton said was: c:\Windows\~ s ~.exe)
> but
> > > could not find it even in safe mode.

> > > 2. It manifests itself strangely (or these could be indicative of some
> > other
> > > problems). When I run Outlook Express, then Win Explorer, if I close
> > > Explorer I cannot then open it again. If I click the button 3 times, I
> get
> > 3
> > > processes running in the task mgr, but no Explorer windows appear.

> > > 3. When I shut done, I get a message saying that Proxy Desktop is
> shutting
> > > down.

> > > Any ideas or comments?

> > > Regards,
> > > Dave Schwartz



Mon, 03 Oct 2005 00:45:38 GMT  
 Trojan Help

Weird problem, Dave...

Couldn't it be possible the Trojan Horse resides in the
TemporaryInternetFiles directory...  or even better... that it didn't even
exist on HD but only in the systems memory ?  And that it had chosen the
c:\windows directory as a working dir?  Now you made me curious ;0)

Good luck,
Bommel

Quote:
> Bob & Robert,

> The file lists as "~s~.exe" and cannot be found on the hard drive. (Yes, I
> have "show all files" checked. What self-respecting programmer wouldn't.
> <G>)

> Norton has no reference for it in its knowledge base.

> A scan of the hard drive finds nothing now. Yesterday Norton found it when
> it attempted to run.

> I have Ad-Aware installed. Ran it again and it found nothing.

> If anyone has any other ideas, I'd sure love to hear them.

> Regards,
> Dave Schwartz



> > Hi Dave -
> >     Do a Search on the Norton website for the file name you can't find
to
> > get the name of the actual virus and then find the write-up on it. You
can
> > then read up on the effects it has and maybe get a step by step guide
for
> > removing it.
> >     As to not being able to find the file, you do have Tools/Folder
> > Options/View set to show hidden files, right?
> >     Good luck.

> > --
> > Bob Diver



> > > I seem to have contracted a Trojan Horse but cannot even find it.

> > > Note: Win XP Pro, SP1.

> > > Here is what happened:

> > > 1. Yesterday while running some software I have never run before
Norton
> > pops
> > > up a message saying a Trojan Horse had been located. It said it could
> not
> > > repair it nor delete it.

> > > I searched for the file (which Norton said was: c:\Windows\~ s ~.exe)
> but
> > > could not find it even in safe mode.

> > > 2. It manifests itself strangely (or these could be indicative of some
> > other
> > > problems). When I run Outlook Express, then Win Explorer, if I close
> > > Explorer I cannot then open it again. If I click the button 3 times, I
> get
> > 3
> > > processes running in the task mgr, but no Explorer windows appear.

> > > 3. When I shut done, I get a message saying that Proxy Desktop is
> shutting
> > > down.

> > > Any ideas or comments?

> > > Regards,
> > > Dave Schwartz



Mon, 03 Oct 2005 00:56:31 GMT  
 Trojan Help

Quote:
> If anyone has any other ideas, I'd sure love to hear them.

Run msinfo32, go to Software Environment|Loaded Modules and see if you can
find it (or anything that looks funny) there.  It will give you the path to
the EXE.

John



Mon, 03 Oct 2005 00:58:19 GMT  
 Trojan Help
Search for ~s~ in the registry (regedit).


Quote:
> Bob & Robert,

> The file lists as "~s~.exe" and cannot be found on the hard drive. (Yes, I
> have "show all files" checked. What self-respecting programmer wouldn't.
> <G>)

> Norton has no reference for it in its knowledge base.

> A scan of the hard drive finds nothing now. Yesterday Norton found it when
> it attempted to run.

> I have Ad-Aware installed. Ran it again and it found nothing.

> If anyone has any other ideas, I'd sure love to hear them.

> Regards,
> Dave Schwartz



> > Hi Dave -
> >     Do a Search on the Norton website for the file name you can't find
to
> > get the name of the actual virus and then find the write-up on it. You
can
> > then read up on the effects it has and maybe get a step by step guide
for
> > removing it.
> >     As to not being able to find the file, you do have Tools/Folder
> > Options/View set to show hidden files, right?
> >     Good luck.

> > --
> > Bob Diver



> > > I seem to have contracted a Trojan Horse but cannot even find it.

> > > Note: Win XP Pro, SP1.

> > > Here is what happened:

> > > 1. Yesterday while running some software I have never run before
Norton
> > pops
> > > up a message saying a Trojan Horse had been located. It said it could
> not
> > > repair it nor delete it.

> > > I searched for the file (which Norton said was: c:\Windows\~ s ~.exe)
> but
> > > could not find it even in safe mode.

> > > 2. It manifests itself strangely (or these could be indicative of some
> > other
> > > problems). When I run Outlook Express, then Win Explorer, if I close
> > > Explorer I cannot then open it again. If I click the button 3 times, I
> get
> > 3
> > > processes running in the task mgr, but no Explorer windows appear.

> > > 3. When I shut done, I get a message saying that Proxy Desktop is
> shutting
> > > down.

> > > Any ideas or comments?

> > > Regards,
> > > Dave Schwartz



Mon, 03 Oct 2005 01:08:17 GMT  
 Trojan Help
Bommel,

Interesting idea. Actually, one of the several hundred messages I read on
Google mentioned finding a folder called "UrlCache" and emptying it, but I
could find no such folder.

I have IE set to refresh web pages every time I restart IE, but it does not
seem to do it unless I force the cleanup.

Here is something else suspicious... The entire problem has gone away now
that the sun is up. Now, I may be paranoid here, but if I was going to write
software that clandestinely "called the mother ship" I'd love to have it
happen in the middle of the night after some inactivity.

And another thing... I let it shut down the "proxy desktop" completely once.
And now (in the light of day, anyway) all the symptoms are gone.

Oh, and one more interesting manifestation (which may not be connected)...
We have 4 Linux servers, all running Debian and Samba. One of them that I
map to on reboot (our music server) I cannot connect to. The other 5 Windows
systems (1 XP home, 4 98se) can all connect. We spent 3 hours yesterday
trying to determine what the difference was between these servers. I could
map to each of the others with no problem. This problem occurred in the last
few days as well. (And, I am lost without my music!)

BTW, if you don't have a music server (and you like music) you should make
one.

Regards,
Dave Schwartz


Quote:

> Weird problem, Dave...

> Couldn't it be possible the Trojan Horse resides in the
> TemporaryInternetFiles directory...  or even better... that it didn't even
> exist on HD but only in the systems memory ?  And that it had chosen the
> c:\windows directory as a working dir?  Now you made me curious ;0)

> Good luck,
> Bommel

> > Bob & Robert,

> > The file lists as "~s~.exe" and cannot be found on the hard drive. (Yes,
I
> > have "show all files" checked. What self-respecting programmer wouldn't.
> > <G>)

> > Norton has no reference for it in its knowledge base.

> > A scan of the hard drive finds nothing now. Yesterday Norton found it
when
> > it attempted to run.

> > I have Ad-Aware installed. Ran it again and it found nothing.

> > If anyone has any other ideas, I'd sure love to hear them.

> > Regards,
> > Dave Schwartz



> > > Hi Dave -
> > >     Do a Search on the Norton website for the file name you can't find
> to
> > > get the name of the actual virus and then find the write-up on it. You
> can
> > > then read up on the effects it has and maybe get a step by step guide
> for
> > > removing it.
> > >     As to not being able to find the file, you do have Tools/Folder
> > > Options/View set to show hidden files, right?
> > >     Good luck.

> > > --
> > > Bob Diver



> > > > I seem to have contracted a Trojan Horse but cannot even find it.

> > > > Note: Win XP Pro, SP1.

> > > > Here is what happened:

> > > > 1. Yesterday while running some software I have never run before
> Norton
> > > pops
> > > > up a message saying a Trojan Horse had been located. It said it
could
> > not
> > > > repair it nor delete it.

> > > > I searched for the file (which Norton said was: c:\Windows\~ s
~.exe)
> > but
> > > > could not find it even in safe mode.

> > > > 2. It manifests itself strangely (or these could be indicative of
some
> > > other
> > > > problems). When I run Outlook Express, then Win Explorer, if I close
> > > > Explorer I cannot then open it again. If I click the button 3 times,
I
> > get
> > > 3
> > > > processes running in the task mgr, but no Explorer windows appear.

> > > > 3. When I shut done, I get a message saying that Proxy Desktop is
> > shutting
> > > > down.

> > > > Any ideas or comments?

> > > > Regards,
> > > > Dave Schwartz



Mon, 03 Oct 2005 01:16:59 GMT  
 Trojan Help

Well Dave... I love music, we have that in common...  But  I see no need for
a music server... (yet)
I didn't even knew there were people that didn't like music... with a normal
'hearing system' that is...
but that's a quite different subject than a Trojan... ;0)

In your first message you mentioned a program you never used before...
here's a challenge: run it again.. try to reproduce the problem...
and run a tool like msinfo if the Trojan appears again...

To be continued..??

Quote:
> Bommel,

> Interesting idea. Actually, one of the several hundred messages I read on
> Google mentioned finding a folder called "UrlCache" and emptying it, but I
> could find no such folder.

> I have IE set to refresh web pages every time I restart IE, but it does
not
> seem to do it unless I force the cleanup.

> Here is something else suspicious... The entire problem has gone away now
> that the sun is up. Now, I may be paranoid here, but if I was going to
write
> software that clandestinely "called the mother ship" I'd love to have it
> happen in the middle of the night after some inactivity.

> And another thing... I let it shut down the "proxy desktop" completely
once.
> And now (in the light of day, anyway) all the symptoms are gone.

> Oh, and one more interesting manifestation (which may not be connected)...
> We have 4 Linux servers, all running Debian and Samba. One of them that I
> map to on reboot (our music server) I cannot connect to. The other 5
Windows
> systems (1 XP home, 4 98se) can all connect. We spent 3 hours yesterday
> trying to determine what the difference was between these servers. I could
> map to each of the others with no problem. This problem occurred in the
last
> few days as well. (And, I am lost without my music!)

> BTW, if you don't have a music server (and you like music) you should make
> one.

> Regards,
> Dave Schwartz



> > Weird problem, Dave...

> > Couldn't it be possible the Trojan Horse resides in the
> > TemporaryInternetFiles directory...  or even better... that it didn't
even
> > exist on HD but only in the systems memory ?  And that it had chosen the
> > c:\windows directory as a working dir?  Now you made me curious ;0)

> > Good luck,
> > Bommel

> > > Bob & Robert,

> > > The file lists as "~s~.exe" and cannot be found on the hard drive.
(Yes,
> I
> > > have "show all files" checked. What self-respecting programmer
wouldn't.
> > > <G>)

> > > Norton has no reference for it in its knowledge base.

> > > A scan of the hard drive finds nothing now. Yesterday Norton found it
> when
> > > it attempted to run.

> > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > If anyone has any other ideas, I'd sure love to hear them.

> > > Regards,
> > > Dave Schwartz



> > > > Hi Dave -
> > > >     Do a Search on the Norton website for the file name you can't
find
> > to
> > > > get the name of the actual virus and then find the write-up on it.
You
> > can
> > > > then read up on the effects it has and maybe get a step by step
guide
> > for
> > > > removing it.
> > > >     As to not being able to find the file, you do have Tools/Folder
> > > > Options/View set to show hidden files, right?
> > > >     Good luck.

> > > > --
> > > > Bob Diver



> > > > > I seem to have contracted a Trojan Horse but cannot even find it.

> > > > > Note: Win XP Pro, SP1.

> > > > > Here is what happened:

> > > > > 1. Yesterday while running some software I have never run before
> > Norton
> > > > pops
> > > > > up a message saying a Trojan Horse had been located. It said it
> could
> > > not
> > > > > repair it nor delete it.

> > > > > I searched for the file (which Norton said was: c:\Windows\~ s
> ~.exe)
> > > but
> > > > > could not find it even in safe mode.

> > > > > 2. It manifests itself strangely (or these could be indicative of
> some
> > > > other
> > > > > problems). When I run Outlook Express, then Win Explorer, if I
close
> > > > > Explorer I cannot then open it again. If I click the button 3
times,
> I
> > > get
> > > > 3
> > > > > processes running in the task mgr, but no Explorer windows appear.

> > > > > 3. When I shut done, I get a message saying that Proxy Desktop is
> > > shutting
> > > > > down.

> > > > > Any ideas or comments?

> > > > > Regards,
> > > > > Dave Schwartz



Mon, 03 Oct 2005 01:40:40 GMT  
 Trojan Help
Bommel,

Yes, the beat goes on at this end.

The problems have disappeared for now. (Still can't connect to the music
server, but that may be unrelated.)

At this point, if I do not find a solution by the end of the week I will
format c:

Dave

PS: BTW, the music server is really very cool... 800 albums online and wired
to our home stereo systems through our PCs.


Quote:

> Well Dave... I love music, we have that in common...  But  I see no need
for
> a music server... (yet)
> I didn't even knew there were people that didn't like music... with a
normal
> 'hearing system' that is...
> but that's a quite different subject than a Trojan... ;0)

> In your first message you mentioned a program you never used before...
> here's a challenge: run it again.. try to reproduce the problem...
> and run a tool like msinfo if the Trojan appears again...

> To be continued..??

> > Bommel,

> > Interesting idea. Actually, one of the several hundred messages I read
on
> > Google mentioned finding a folder called "UrlCache" and emptying it, but
I
> > could find no such folder.

> > I have IE set to refresh web pages every time I restart IE, but it does
> not
> > seem to do it unless I force the cleanup.

> > Here is something else suspicious... The entire problem has gone away
now
> > that the sun is up. Now, I may be paranoid here, but if I was going to
> write
> > software that clandestinely "called the mother ship" I'd love to have it
> > happen in the middle of the night after some inactivity.

> > And another thing... I let it shut down the "proxy desktop" completely
> once.
> > And now (in the light of day, anyway) all the symptoms are gone.

> > Oh, and one more interesting manifestation (which may not be
connected)...
> > We have 4 Linux servers, all running Debian and Samba. One of them that
I
> > map to on reboot (our music server) I cannot connect to. The other 5
> Windows
> > systems (1 XP home, 4 98se) can all connect. We spent 3 hours yesterday
> > trying to determine what the difference was between these servers. I
could
> > map to each of the others with no problem. This problem occurred in the
> last
> > few days as well. (And, I am lost without my music!)

> > BTW, if you don't have a music server (and you like music) you should
make
> > one.

> > Regards,
> > Dave Schwartz



> > > Weird problem, Dave...

> > > Couldn't it be possible the Trojan Horse resides in the
> > > TemporaryInternetFiles directory...  or even better... that it didn't
> even
> > > exist on HD but only in the systems memory ?  And that it had chosen
the
> > > c:\windows directory as a working dir?  Now you made me curious ;0)

> > > Good luck,
> > > Bommel

> > > > Bob & Robert,

> > > > The file lists as "~s~.exe" and cannot be found on the hard drive.
> (Yes,
> > I
> > > > have "show all files" checked. What self-respecting programmer
> wouldn't.
> > > > <G>)

> > > > Norton has no reference for it in its knowledge base.

> > > > A scan of the hard drive finds nothing now. Yesterday Norton found
it
> > when
> > > > it attempted to run.

> > > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > > If anyone has any other ideas, I'd sure love to hear them.

> > > > Regards,
> > > > Dave Schwartz



> > > > > Hi Dave -
> > > > >     Do a Search on the Norton website for the file name you can't
> find
> > > to
> > > > > get the name of the actual virus and then find the write-up on it.
> You
> > > can
> > > > > then read up on the effects it has and maybe get a step by step
> guide
> > > for
> > > > > removing it.
> > > > >     As to not being able to find the file, you do have
Tools/Folder
> > > > > Options/View set to show hidden files, right?
> > > > >     Good luck.

> > > > > --
> > > > > Bob Diver



> > > > > > I seem to have contracted a Trojan Horse but cannot even find
it.

> > > > > > Note: Win XP Pro, SP1.

> > > > > > Here is what happened:

> > > > > > 1. Yesterday while running some software I have never run before
> > > Norton
> > > > > pops
> > > > > > up a message saying a Trojan Horse had been located. It said it
> > could
> > > > not
> > > > > > repair it nor delete it.

> > > > > > I searched for the file (which Norton said was: c:\Windows\~ s
> > ~.exe)
> > > > but
> > > > > > could not find it even in safe mode.

> > > > > > 2. It manifests itself strangely (or these could be indicative
of
> > some
> > > > > other
> > > > > > problems). When I run Outlook Express, then Win Explorer, if I
> close
> > > > > > Explorer I cannot then open it again. If I click the button 3
> times,
> > I
> > > > get
> > > > > 3
> > > > > > processes running in the task mgr, but no Explorer windows
appear.

> > > > > > 3. When I shut done, I get a message saying that Proxy Desktop
is
> > > > shutting
> > > > > > down.

> > > > > > Any ideas or comments?

> > > > > > Regards,
> > > > > > Dave Schwartz



Mon, 03 Oct 2005 01:54:09 GMT  
 Trojan Help
Hey Dave ...

How do you do that? (connecting your home stereos to your server, that is)

Greg


Quote:
> Bommel,

> Yes, the beat goes on at this end.

> The problems have disappeared for now. (Still can't connect to the music
> server, but that may be unrelated.)

> At this point, if I do not find a solution by the end of the week I will
> format c:

> Dave

> PS: BTW, the music server is really very cool... 800 albums online and
wired
> to our home stereo systems through our PCs.



> > Well Dave... I love music, we have that in common...  But  I see no need
> for
> > a music server... (yet)
> > I didn't even knew there were people that didn't like music... with a
> normal
> > 'hearing system' that is...
> > but that's a quite different subject than a Trojan... ;0)

> > In your first message you mentioned a program you never used before...
> > here's a challenge: run it again.. try to reproduce the problem...
> > and run a tool like msinfo if the Trojan appears again...

> > To be continued..??

> > > Bommel,

> > > Interesting idea. Actually, one of the several hundred messages I read
> on
> > > Google mentioned finding a folder called "UrlCache" and emptying it,
but
> I
> > > could find no such folder.

> > > I have IE set to refresh web pages every time I restart IE, but it
does
> > not
> > > seem to do it unless I force the cleanup.

> > > Here is something else suspicious... The entire problem has gone away
> now
> > > that the sun is up. Now, I may be paranoid here, but if I was going to
> > write
> > > software that clandestinely "called the mother ship" I'd love to have
it
> > > happen in the middle of the night after some inactivity.

> > > And another thing... I let it shut down the "proxy desktop" completely
> > once.
> > > And now (in the light of day, anyway) all the symptoms are gone.

> > > Oh, and one more interesting manifestation (which may not be
> connected)...
> > > We have 4 Linux servers, all running Debian and Samba. One of them
that
> I
> > > map to on reboot (our music server) I cannot connect to. The other 5
> > Windows
> > > systems (1 XP home, 4 98se) can all connect. We spent 3 hours
yesterday
> > > trying to determine what the difference was between these servers. I
> could
> > > map to each of the others with no problem. This problem occurred in
the
> > last
> > > few days as well. (And, I am lost without my music!)

> > > BTW, if you don't have a music server (and you like music) you should
> make
> > > one.

> > > Regards,
> > > Dave Schwartz



> > > > Weird problem, Dave...

> > > > Couldn't it be possible the Trojan Horse resides in the
> > > > TemporaryInternetFiles directory...  or even better... that it
didn't
> > even
> > > > exist on HD but only in the systems memory ?  And that it had chosen
> the
> > > > c:\windows directory as a working dir?  Now you made me curious ;0)

> > > > Good luck,
> > > > Bommel

> > > > > Bob & Robert,

> > > > > The file lists as "~s~.exe" and cannot be found on the hard drive.
> > (Yes,
> > > I
> > > > > have "show all files" checked. What self-respecting programmer
> > wouldn't.
> > > > > <G>)

> > > > > Norton has no reference for it in its knowledge base.

> > > > > A scan of the hard drive finds nothing now. Yesterday Norton found
> it
> > > when
> > > > > it attempted to run.

> > > > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > > > If anyone has any other ideas, I'd sure love to hear them.

> > > > > Regards,
> > > > > Dave Schwartz



> > > > > > Hi Dave -
> > > > > >     Do a Search on the Norton website for the file name you
can't
> > find
> > > > to
> > > > > > get the name of the actual virus and then find the write-up on
it.
> > You
> > > > can
> > > > > > then read up on the effects it has and maybe get a step by step
> > guide
> > > > for
> > > > > > removing it.
> > > > > >     As to not being able to find the file, you do have
> Tools/Folder
> > > > > > Options/View set to show hidden files, right?
> > > > > >     Good luck.

> > > > > > --
> > > > > > Bob Diver



> > > > > > > I seem to have contracted a Trojan Horse but cannot even find
> it.

> > > > > > > Note: Win XP Pro, SP1.

> > > > > > > Here is what happened:

> > > > > > > 1. Yesterday while running some software I have never run
before
> > > > Norton
> > > > > > pops
> > > > > > > up a message saying a Trojan Horse had been located. It said
it
> > > could
> > > > > not
> > > > > > > repair it nor delete it.

> > > > > > > I searched for the file (which Norton said was: c:\Windows\~ s
> > > ~.exe)
> > > > > but
> > > > > > > could not find it even in safe mode.

> > > > > > > 2. It manifests itself strangely (or these could be indicative
> of
> > > some
> > > > > > other
> > > > > > > problems). When I run Outlook Express, then Win Explorer, if I
> > close
> > > > > > > Explorer I cannot then open it again. If I click the button 3
> > times,
> > > I
> > > > > get
> > > > > > 3
> > > > > > > processes running in the task mgr, but no Explorer windows
> appear.

> > > > > > > 3. When I shut done, I get a message saying that Proxy Desktop
> is
> > > > > shutting
> > > > > > > down.

> > > > > > > Any ideas or comments?

> > > > > > > Regards,
> > > > > > > Dave Schwartz



Mon, 03 Oct 2005 02:23:09 GMT  
 Trojan Help
Greg,

We essentially run an "out" from the sound card (Audigy is my personal
favorite) to the Auxiliary In on the stereo.

If we could get the PC a little closer (it is about 20 feet away) we'd use
an optical connection but it works fine as it is.

Our kids have a stereo upstairs connected to their PC as well.

Each PC itself simply has access to a Linux box (550MHz) and plays the music
through Media Player.

Cost was reasonable:

$200  Linux server w/80gb drive
  125 Audigy sound card
    25 cables
-----
$350

Dave


Quote:
> Hey Dave ...

> How do you do that? (connecting your home stereos to your server, that is)

> Greg



> > Bommel,

> > Yes, the beat goes on at this end.

> > The problems have disappeared for now. (Still can't connect to the music
> > server, but that may be unrelated.)

> > At this point, if I do not find a solution by the end of the week I will
> > format c:

> > Dave

> > PS: BTW, the music server is really very cool... 800 albums online and
> wired
> > to our home stereo systems through our PCs.



> > > Well Dave... I love music, we have that in common...  But  I see no
need
> > for
> > > a music server... (yet)
> > > I didn't even knew there were people that didn't like music... with a
> > normal
> > > 'hearing system' that is...
> > > but that's a quite different subject than a Trojan... ;0)

> > > In your first message you mentioned a program you never used before...
> > > here's a challenge: run it again.. try to reproduce the problem...
> > > and run a tool like msinfo if the Trojan appears again...

> > > To be continued..??

> > > > Bommel,

> > > > Interesting idea. Actually, one of the several hundred messages I
read
> > on
> > > > Google mentioned finding a folder called "UrlCache" and emptying it,
> but
> > I
> > > > could find no such folder.

> > > > I have IE set to refresh web pages every time I restart IE, but it
> does
> > > not
> > > > seem to do it unless I force the cleanup.

> > > > Here is something else suspicious... The entire problem has gone
away
> > now
> > > > that the sun is up. Now, I may be paranoid here, but if I was going
to
> > > write
> > > > software that clandestinely "called the mother ship" I'd love to
have
> it
> > > > happen in the middle of the night after some inactivity.

> > > > And another thing... I let it shut down the "proxy desktop"
completely
> > > once.
> > > > And now (in the light of day, anyway) all the symptoms are gone.

> > > > Oh, and one more interesting manifestation (which may not be
> > connected)...
> > > > We have 4 Linux servers, all running Debian and Samba. One of them
> that
> > I
> > > > map to on reboot (our music server) I cannot connect to. The other 5
> > > Windows
> > > > systems (1 XP home, 4 98se) can all connect. We spent 3 hours
> yesterday
> > > > trying to determine what the difference was between these servers. I
> > could
> > > > map to each of the others with no problem. This problem occurred in
> the
> > > last
> > > > few days as well. (And, I am lost without my music!)

> > > > BTW, if you don't have a music server (and you like music) you
should
> > make
> > > > one.

> > > > Regards,
> > > > Dave Schwartz



> > > > > Weird problem, Dave...

> > > > > Couldn't it be possible the Trojan Horse resides in the
> > > > > TemporaryInternetFiles directory...  or even better... that it
> didn't
> > > even
> > > > > exist on HD but only in the systems memory ?  And that it had
chosen
> > the
> > > > > c:\windows directory as a working dir?  Now you made me curious
;0)

> > > > > Good luck,
> > > > > Bommel

> > > > > > Bob & Robert,

> > > > > > The file lists as "~s~.exe" and cannot be found on the hard
drive.
> > > (Yes,
> > > > I
> > > > > > have "show all files" checked. What self-respecting programmer
> > > wouldn't.
> > > > > > <G>)

> > > > > > Norton has no reference for it in its knowledge base.

> > > > > > A scan of the hard drive finds nothing now. Yesterday Norton
found
> > it
> > > > when
> > > > > > it attempted to run.

> > > > > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > > > > If anyone has any other ideas, I'd sure love to hear them.

> > > > > > Regards,
> > > > > > Dave Schwartz



> > > > > > > Hi Dave -
> > > > > > >     Do a Search on the Norton website for the file name you
> can't
> > > find
> > > > > to
> > > > > > > get the name of the actual virus and then find the write-up on
> it.
> > > You
> > > > > can
> > > > > > > then read up on the effects it has and maybe get a step by
step
> > > guide
> > > > > for
> > > > > > > removing it.
> > > > > > >     As to not being able to find the file, you do have
> > Tools/Folder
> > > > > > > Options/View set to show hidden files, right?
> > > > > > >     Good luck.

> > > > > > > --
> > > > > > > Bob Diver


message

> > > > > > > > I seem to have contracted a Trojan Horse but cannot even
find
> > it.

> > > > > > > > Note: Win XP Pro, SP1.

> > > > > > > > Here is what happened:

> > > > > > > > 1. Yesterday while running some software I have never run
> before
> > > > > Norton
> > > > > > > pops
> > > > > > > > up a message saying a Trojan Horse had been located. It said
> it
> > > > could
> > > > > > not
> > > > > > > > repair it nor delete it.

> > > > > > > > I searched for the file (which Norton said was: c:\Windows\~
s
> > > > ~.exe)
> > > > > > but
> > > > > > > > could not find it even in safe mode.

> > > > > > > > 2. It manifests itself strangely (or these could be
indicative
> > of
> > > > some
> > > > > > > other
> > > > > > > > problems). When I run Outlook Express, then Win Explorer, if
I
> > > close
> > > > > > > > Explorer I cannot then open it again. If I click the button
3
> > > times,
> > > > I
> > > > > > get
> > > > > > > 3
> > > > > > > > processes running in the task mgr, but no Explorer windows
> > appear.

> > > > > > > > 3. When I shut done, I get a message saying that Proxy
Desktop

> > is
> > > > > > shutting
> > > > > > > > down.

> > > > > > > > Any ideas or comments?

> > > > > > > > Regards,
> > > > > > > > Dave Schwartz



Mon, 03 Oct 2005 02:34:48 GMT  
 Trojan Help
With an MP3 player I bet...
otherwise selecting a track or an album would be a hell of a job... ;0)

Quote:
> Hey Dave ...

> How do you do that? (connecting your home stereos to your server, that is)

> Greg



> > Bommel,

> > Yes, the beat goes on at this end.

> > The problems have disappeared for now. (Still can't connect to the music
> > server, but that may be unrelated.)

> > At this point, if I do not find a solution by the end of the week I will
> > format c:

> > Dave

> > PS: BTW, the music server is really very cool... 800 albums online and
> wired
> > to our home stereo systems through our PCs.



> > > Well Dave... I love music, we have that in common...  But  I see no
need
> > for
> > > a music server... (yet)
> > > I didn't even knew there were people that didn't like music... with a
> > normal
> > > 'hearing system' that is...
> > > but that's a quite different subject than a Trojan... ;0)

> > > In your first message you mentioned a program you never used before...
> > > here's a challenge: run it again.. try to reproduce the problem...
> > > and run a tool like msinfo if the Trojan appears again...

> > > To be continued..??

> > > > Bommel,

> > > > Interesting idea. Actually, one of the several hundred messages I
read
> > on
> > > > Google mentioned finding a folder called "UrlCache" and emptying it,
> but
> > I
> > > > could find no such folder.

> > > > I have IE set to refresh web pages every time I restart IE, but it
> does
> > > not
> > > > seem to do it unless I force the cleanup.

> > > > Here is something else suspicious... The entire problem has gone
away
> > now
> > > > that the sun is up. Now, I may be paranoid here, but if I was going
to
> > > write
> > > > software that clandestinely "called the mother ship" I'd love to
have
> it
> > > > happen in the middle of the night after some inactivity.

> > > > And another thing... I let it shut down the "proxy desktop"
completely
> > > once.
> > > > And now (in the light of day, anyway) all the symptoms are gone.

> > > > Oh, and one more interesting manifestation (which may not be
> > connected)...
> > > > We have 4 Linux servers, all running Debian and Samba. One of them
> that
> > I
> > > > map to on reboot (our music server) I cannot connect to. The other 5
> > > Windows
> > > > systems (1 XP home, 4 98se) can all connect. We spent 3 hours
> yesterday
> > > > trying to determine what the difference was between these servers. I
> > could
> > > > map to each of the others with no problem. This problem occurred in
> the
> > > last
> > > > few days as well. (And, I am lost without my music!)

> > > > BTW, if you don't have a music server (and you like music) you
should
> > make
> > > > one.

> > > > Regards,
> > > > Dave Schwartz



> > > > > Weird problem, Dave...

> > > > > Couldn't it be possible the Trojan Horse resides in the
> > > > > TemporaryInternetFiles directory...  or even better... that it
> didn't
> > > even
> > > > > exist on HD but only in the systems memory ?  And that it had
chosen
> > the
> > > > > c:\windows directory as a working dir?  Now you made me curious
;0)

> > > > > Good luck,
> > > > > Bommel

> > > > > > Bob & Robert,

> > > > > > The file lists as "~s~.exe" and cannot be found on the hard
drive.
> > > (Yes,
> > > > I
> > > > > > have "show all files" checked. What self-respecting programmer
> > > wouldn't.
> > > > > > <G>)

> > > > > > Norton has no reference for it in its knowledge base.

> > > > > > A scan of the hard drive finds nothing now. Yesterday Norton
found
> > it
> > > > when
> > > > > > it attempted to run.

> > > > > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > > > > If anyone has any other ideas, I'd sure love to hear them.

> > > > > > Regards,
> > > > > > Dave Schwartz



> > > > > > > Hi Dave -
> > > > > > >     Do a Search on the Norton website for the file name you
> can't
> > > find
> > > > > to
> > > > > > > get the name of the actual virus and then find the write-up on
> it.
> > > You
> > > > > can
> > > > > > > then read up on the effects it has and maybe get a step by
step
> > > guide
> > > > > for
> > > > > > > removing it.
> > > > > > >     As to not being able to find the file, you do have
> > Tools/Folder
> > > > > > > Options/View set to show hidden files, right?
> > > > > > >     Good luck.

> > > > > > > --
> > > > > > > Bob Diver


message

> > > > > > > > I seem to have contracted a Trojan Horse but cannot even
find
> > it.

> > > > > > > > Note: Win XP Pro, SP1.

> > > > > > > > Here is what happened:

> > > > > > > > 1. Yesterday while running some software I have never run
> before
> > > > > Norton
> > > > > > > pops
> > > > > > > > up a message saying a Trojan Horse had been located. It said
> it
> > > > could
> > > > > > not
> > > > > > > > repair it nor delete it.

> > > > > > > > I searched for the file (which Norton said was: c:\Windows\~
s
> > > > ~.exe)
> > > > > > but
> > > > > > > > could not find it even in safe mode.

> > > > > > > > 2. It manifests itself strangely (or these could be
indicative
> > of
> > > > some
> > > > > > > other
> > > > > > > > problems). When I run Outlook Express, then Win Explorer, if
I
> > > close
> > > > > > > > Explorer I cannot then open it again. If I click the button
3
> > > times,
> > > > I
> > > > > > get
> > > > > > > 3
> > > > > > > > processes running in the task mgr, but no Explorer windows
> > appear.

> > > > > > > > 3. When I shut done, I get a message saying that Proxy
Desktop

> > is
> > > > > > shutting
> > > > > > > > down.

> > > > > > > > Any ideas or comments?

> > > > > > > > Regards,
> > > > > > > > Dave Schwartz



Mon, 03 Oct 2005 02:34:25 GMT  
 Trojan Help
Yup.

Media Player does a great job.

Dave


Quote:
> With an MP3 player I bet...
> otherwise selecting a track or an album would be a hell of a job... ;0)

> > Hey Dave ...

> > How do you do that? (connecting your home stereos to your server, that
is)

> > Greg



> > > Bommel,

> > > Yes, the beat goes on at this end.

> > > The problems have disappeared for now. (Still can't connect to the
music
> > > server, but that may be unrelated.)

> > > At this point, if I do not find a solution by the end of the week I
will
> > > format c:

> > > Dave

> > > PS: BTW, the music server is really very cool... 800 albums online and
> > wired
> > > to our home stereo systems through our PCs.



> > > > Well Dave... I love music, we have that in common...  But  I see no
> need
> > > for
> > > > a music server... (yet)
> > > > I didn't even knew there were people that didn't like music... with
a
> > > normal
> > > > 'hearing system' that is...
> > > > but that's a quite different subject than a Trojan... ;0)

> > > > In your first message you mentioned a program you never used
before...
> > > > here's a challenge: run it again.. try to reproduce the problem...
> > > > and run a tool like msinfo if the Trojan appears again...

> > > > To be continued..??

> > > > > Bommel,

> > > > > Interesting idea. Actually, one of the several hundred messages I
> read
> > > on
> > > > > Google mentioned finding a folder called "UrlCache" and emptying
it,
> > but
> > > I
> > > > > could find no such folder.

> > > > > I have IE set to refresh web pages every time I restart IE, but it
> > does
> > > > not
> > > > > seem to do it unless I force the cleanup.

> > > > > Here is something else suspicious... The entire problem has gone
> away
> > > now
> > > > > that the sun is up. Now, I may be paranoid here, but if I was
going
> to
> > > > write
> > > > > software that clandestinely "called the mother ship" I'd love to
> have
> > it
> > > > > happen in the middle of the night after some inactivity.

> > > > > And another thing... I let it shut down the "proxy desktop"
> completely
> > > > once.
> > > > > And now (in the light of day, anyway) all the symptoms are gone.

> > > > > Oh, and one more interesting manifestation (which may not be
> > > connected)...
> > > > > We have 4 Linux servers, all running Debian and Samba. One of them
> > that
> > > I
> > > > > map to on reboot (our music server) I cannot connect to. The other
5
> > > > Windows
> > > > > systems (1 XP home, 4 98se) can all connect. We spent 3 hours
> > yesterday
> > > > > trying to determine what the difference was between these servers.
I
> > > could
> > > > > map to each of the others with no problem. This problem occurred
in
> > the
> > > > last
> > > > > few days as well. (And, I am lost without my music!)

> > > > > BTW, if you don't have a music server (and you like music) you
> should
> > > make
> > > > > one.

> > > > > Regards,
> > > > > Dave Schwartz



> > > > > > Weird problem, Dave...

> > > > > > Couldn't it be possible the Trojan Horse resides in the
> > > > > > TemporaryInternetFiles directory...  or even better... that it
> > didn't
> > > > even
> > > > > > exist on HD but only in the systems memory ?  And that it had
> chosen
> > > the
> > > > > > c:\windows directory as a working dir?  Now you made me curious
> ;0)

> > > > > > Good luck,
> > > > > > Bommel

> > > > > > > Bob & Robert,

> > > > > > > The file lists as "~s~.exe" and cannot be found on the hard
> drive.
> > > > (Yes,
> > > > > I
> > > > > > > have "show all files" checked. What self-respecting programmer
> > > > wouldn't.
> > > > > > > <G>)

> > > > > > > Norton has no reference for it in its knowledge base.

> > > > > > > A scan of the hard drive finds nothing now. Yesterday Norton
> found
> > > it
> > > > > when
> > > > > > > it attempted to run.

> > > > > > > I have Ad-Aware installed. Ran it again and it found nothing.

> > > > > > > If anyone has any other ideas, I'd sure love to hear them.

> > > > > > > Regards,
> > > > > > > Dave Schwartz



> > > > > > > > Hi Dave -
> > > > > > > >     Do a Search on the Norton website for the file name you
> > can't
> > > > find
> > > > > > to
> > > > > > > > get the name of the actual virus and then find the write-up
on
> > it.
> > > > You
> > > > > > can
> > > > > > > > then read up on the effects it has and maybe get a step by
> step
> > > > guide
> > > > > > for
> > > > > > > > removing it.
> > > > > > > >     As to not being able to find the file, you do have
> > > Tools/Folder
> > > > > > > > Options/View set to show hidden files, right?
> > > > > > > >     Good luck.

> > > > > > > > --
> > > > > > > > Bob Diver


> message

> > > > > > > > > I seem to have contracted a Trojan Horse but cannot even
> find
> > > it.

> > > > > > > > > Note: Win XP Pro, SP1.

> > > > > > > > > Here is what happened:

> > > > > > > > > 1. Yesterday while running some software I have never run
> > before
> > > > > > Norton
> > > > > > > > pops
> > > > > > > > > up a message saying a Trojan Horse had been located. It
said
> > it
> > > > > could
> > > > > > > not
> > > > > > > > > repair it nor delete it.

> > > > > > > > > I searched for the file (which Norton said was:
c:\Windows\~
> s
> > > > > ~.exe)
> > > > > > > but
> > > > > > > > > could not find it even in safe mode.

> > > > > > > > > 2. It manifests itself strangely (or these could be
> indicative
> > > of
> > > > > some
> > > > > > > > other
> > > > > > > > > problems). When I run Outlook Express, then Win Explorer,
if
> I
> > > > close
> > > > > > > > > Explorer I cannot then open it again. If I click the
button
> 3
> > > > times,
> > > > > I
> > > > > > > get
> > > > > > > > 3
> > > > > > > > > processes running in the task mgr, but no Explorer windows
> > > appear.

> > > > > > > > > 3. When I shut done, I get a message saying that Proxy
> Desktop

> > > is
> > > > > > > shutting
> > > > > > > > > down.

> > > > > > > > > Any ideas or comments?

> > > > > > > > > Regards,
> > > > > > > > > Dave Schwartz



Mon, 03 Oct 2005 02:54:41 GMT  
 
 [ 18 post ]  Go to page: [1] [2]

 Relevant Pages 

1. Trojan Horse Virus, Help needed

2. XP Pro Virus, trojan?? Please Help, expert needed

3. Trojan

4. TASM Trojan Macro Library

5. TROJAN HORSE WARNING!

6. Beware Trojan horse in tin newsreader

7. Pickle trojan security issue, fixed?

8. Antigen found Win32/PSW.Hooker 2.4.Trojan (CA(InoculateIT)) virus

9. TROJAN ALERT! (JS/Loop)

10. TROJAN ALERT! (JS/Loop)

11. Trojan Dialer Virus

12. trojan virus

 

 
Powered by phpBB® Forum Software