[Trojan] I'm ****ed


Recommended Posts

Zone alarm started asking if i want to let ShellEx to act as server and access internet

Well I knew better to let it act as server but i let it access internet couple of times

Q1: What is the damage from letting it access internet?

I run Norton AV 2003 (up to date) in background and it did not detect anything.

I went and scanned the offending file and it did not show up as virus (I'm ****ed) since this is info from Symantec site:

When Backdoor.Anakha runs, it does the following,

It copies itself as C:\%System%\ShellEx.exe.

NOTE: %System% is a variable. The Trojan locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and then copies itself to that location.

To allow itself to run when Windows starts, the Trojan adds the value

ShellEx? C:\%System%\ShellEx.exe

to the registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It also creates a text file named C:\%System%\Rundll32.pin.

It takes me to Q2

Q2: What the hack is wrong with those people? (i.e. why it did not catch trojan?)

Well, I guess the worst enemy here is false cense of security

Thank God for Zone Alarm

Edited by Oleg
Link to comment
Share on other sites

To scan with Norton AntiVirus and delete the infected files:

2. Start Norton AntiVirus (NAV), and make sure that it is configured to scan all files.

NAV Consumer products: Read the document How to configure Norton AntiVirus to scan all files. http://service1.symantec.com/SUPPORT/nav.n...999110513272906

3. Run a full system scan.

4. Delete all files that NAV detects as Backdoor.Anakha.

5. (Optional) Using Windows Explorer, delete C:\%System%\Rundll32.pin.

To remove the value from the registry:

1. Click Start, and click Run. The Run dialog box appears.

2. Type regedit and then click OK. The Registry Editor opens.

3. Navigate to the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the value

ShellEx? C:\%System%\ShellEx.exe

5. Click Registry, and click Exit.

Link to comment
Share on other sites

on manual scanning enable deepest scanning method.

As MxxCon says, and make sure you have the very latest updates, there was one this evening so update your definitions first.

Good luck.

HeHe, he changed his reply before I could finish writing this :)

Link to comment
Share on other sites

i had a really nasty trojan once, it screwed up my entire XP. it is the trojan which makes the user not being able to open any program, it edits system32.dll.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.