MG'rs lend me your brains! Troj prob =/

Discussion in 'Software' started by Omegamerc, May 3, 2004.

  1. Omegamerc

    Omegamerc MajorGeek

    My comp was hit with a replicating trojan named pate.b and pate.a1...they expand to all exes and change registry settings... anyways after a 2 day battle I won over it by installing Mcaffee anti viri 8.0 pro and cleaning the 2000+ files; now that im 'clean' i have scanned all my pcs SEVERAL times with the anti viri but i get the random "blah blah blah was found and cleaned" message from mcaffee which makes me believe there is still a port open on my system... I removed my pc off DMZ fowarding but i still get that message......Someone just checked out my connection and it showed my ip going all the way to aussie before bouncing back to the states to the specified website/ip. Ive run Adaware spybot and mcaffee but they havnt found anything by that nature....any help? tips? recomendations?
     
    Last edited: May 3, 2004
    Omegamerc, May 3, 2004
    #1
  2. alanc

    alanc MajorGeek

    A couple of thoughts,
    1. Run a software firewall (ZoneAlarm is a good freebie) to warn you if any nasties are trying to phone home.
    2. McAfee probably doesn't have defs for all trojans, TDS is generally accepted to be the best anti-trojan tool around. 30-day try before you buy.
     
    alanc, May 3, 2004
    #2
  3. Omegamerc

    Omegamerc MajorGeek

    yeah currently running ZAP PRO but its not getting any incoming/outgoing 'bad' traffic; currently using TDS-3 to scan my hdd's but its not detecting anything; any other possible ideas? [i left my computer overnight and i got 6 pate.b warnings]

    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99690 thats the virus i have...i already removed the registry key & scanning the comp says i dont have it anymore...
     
    Omegamerc, May 3, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Assuming you have XP, Disable system restore and then run McAfee again.
    See: http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm

    This is a rather old virus that McAfee has known about and cleaned since 9/13/2002. It would appear that you were not running McAfee before or were not very good in performing updates. You need to keep a virusscan app running on your system and keep it up to date.
     
    chaslang, May 3, 2004
    #4
  5. Omegamerc

    Omegamerc MajorGeek

    not very good in performing the automatic updates that mcafee does alone? Or maybe i fiddle with mcafee on the task bar when im not figuring out where the enter keys is at........................../sarcasm off. Sorry but I hate being run over when im proving that i have knowledge of what im speaking of.
     
    Omegamerc, May 3, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I did not say you were computer illiterate. I just stated the obvious fact that you need to keep up to date with virus definitions and run periodic full scans. This should have been read as it was meant. Possibly useful information! I have no idea what your capabilities are but since you became infected with a virus that is several years old, I assumed that you were not keeping your system protected nor current. In addition, you said you just installed McAfee 8.0 again implying you may not have had a virus scan application in your system. If you had no protection prior to installing McAfee 8.0 that would not indicate that you are very computer savy. Don't take this personal! I offered you help without any knowledge of you capabilities.

    Notice that you still never even supplied us with you system information. Please see: http://www.majorgeeks.com/vb/announcement.php?f=33
     
    Last edited: May 3, 2004
    chaslang, May 3, 2004
    #6
  7. Omegamerc

    Omegamerc MajorGeek

    dont see why sys information would be relevant; there are the telltale signs of trojans/virus's on a computer and as soon as i felt somthing wierd i did the necessary to remove it. I was infected the same day i scanned and removed the viri' which came about cuz my friend was infected and he neglected to mention it to me; when i direct connected to him through AIM the viri transfered onto my computer.
     
    Omegamerc, May 3, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    System information is important as the link I gave you below implied. In addition, for you specific case with virus problems, WinXP and WinMe have a system restore feature the sometimes needs to be disabled to completely rid a system of a virus. Win9x and Win2k have no system restore to worry about. So you see there are reasons for supplying system information. Take a quick look at the link http://www.majorgeeks.com/vb/announcement.php?f=33 and you will see that it is never a waste of time to provide it anyway.

    At anyrate, where do you stand right now? Did you get everything cleaned up?
     
    chaslang, May 3, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds