llamaenterhear
Username: Password:

Author Topic: Trojan File Alert  (Read 1215 times)

0 Members and 1 Lonely Barbarian are spying on this topic.

Offline Strolen

  • Ignorance Incarnate
  • Guild Leader
  • Emperor
  • *
  • Posts: 7995
  • All your base are belong to us.
  • Awards Locations Guild Questor Locations Guild Elite Item Guild Plot Guild Hall of Heroes 10
    • Strolen's Citadel
    • Awards
Trojan File Alert
« on: April 19, 2004, 04:06:26 AM »
Embarassing to admit, but the site was hacked on April 2nd by going through a backdoor on the Guestbook I was using. The Guestbook was deleted but there was a chance it spread a Trojan.

So, to error on the side of safety I sugges you update your virus scanner and do a thorough scan of your computer. If you don't have one, there is a good free one called AVG here (http://www.grisoft.com/us/us_dwnl_free.php).

Try your windows update too, chances are there is yet another IE security fix...there always is and always will be.

Once you run the virus checker to a quick search for "tcp32ss*" on your C: drive. If you found it, it is something amiss, but I have no idea what. See this thread for help cleaning it. http://www.annoyances.org/exec/forum/winxp/t1081143721

There is an excellent post in there with links to spyware cleaners. I highly suggest giving a couple a shot. You will be surprised I think.

That is the problem I found after I manually ran the program that was on my site. I did have to manually run it to get infected though so you might be safe, but I don't know. I run a proxy.

Other files to take a look at are:
C:/explorer.exe
C:/explr32.exe
C:/wininit.exe

If the creation date of any of them are on or about April 2nd, then delete them. Do definately check your "msconfig" from the run dialog and dump anything in there that is suspect. The ONLY thing I let run is my proxy. Everything else is disabled. I am sure you don't need most of that other stuff anyway, get rid of it and speed up your bootup time.

If you have never done a cleaning before then don't blame me for everything, although I very well may bear some responsibility, there are a lot of programs and websites that don't play nice.

If you have any questions or need any help don't hesitate to email. I would prefer you posted in the Bug Reports forum though so we can share any experience and maybe get help to solve the problem.

I sincerely apologize for the trouble. The way my weblogs read and how I found it was there was multiple Gigs being transferred daily. I am pretty sure they were using me as a gateway to distribute illegal porn (had many hits from those kind of sites) so I hope anything you got is harmless...BUT.....

Flying Squirrel – Strolenati Guild
Grothar Rockfury - Dwarvish Guild
Minor Minion - Cartographer's Guild
Level 3
STR: 5 | END: 2 | CON: 3 | DEX: 2 | CHA: 2 | INT: 6
Authentic Strolenite™©® | Llama is as Llama does.