Is this a trojan virus?
|
|
 Feb 13 2007, 05:57 AM, updated 19y ago
Return to original view | Post
#1
|
 
Senior Member
577 posts Joined: Dec 2005  
|
hi everyone here, i would like to ask the files in the red circle(pic) trojans???
 y i ask like this bcoz these files just appear n dissappear after a while once i open my hard disk n wat make me think that these are trojans is one of the file with the name "autorun.inf_被屏蔽木马", the chinese word at the back of the filename extension mean "hidden trojan".... is anyone here facing this b4, i really appreciate if someone can share out the way of sloving this...THX!!! This post has been edited by X-Free!: Feb 13 2007, 05:58 AM |
|
|
|
|
|
Feb 13 2007, 01:38 PM
Return to original view | Post
#2
|
|
Senior Member
577 posts Joined: Dec 2005
|
QUOTE(id86 @ Feb 13 2007, 07:57 AM) have you try to delete all the files in the red circle?is it will appear back after deleted? i try to delete them but they appear back... QUOTE(hkpoh @ Feb 13 2007, 11:52 AM) try to post the autorun.txt file here, so that we can know what is in it soli dude, it just appear for a sec when i open my hard disk n dissappear after that, even i show hidden file also cannot view them....i can't even get to copy down the file....Added on February 13, 2007, 1:46 pmi get to copy down the autorun.txt content.... [autorun] icon=daij.ico This post has been edited by X-Free!: Feb 13 2007, 01:46 PM |
|
|
Feb 13 2007, 05:28 PM
Return to original view | Post
#3
|
|
Senior Member
577 posts Joined: Dec 2005
|
QUOTE(kcng @ Feb 13 2007, 02:01 PM) ouch, what av software you use ? i'm not using any AV since AV really slow down my lappie performance....QUOTE(kurosaki @ Feb 13 2007, 02:12 PM) theres a file thats runs an update to the server on the net. So its thx for ur help n trying now....basically pointless by manually delete those files. Its usually hidden in the windows or system32 folder. I've nv used AV before so i'm not sure if it can run in safe mode. -Try update ur AV first if u have one. If no, go to google up for symatec's security test and do a full scan there. -Get the names of the file that is scanned and dbl check where their loc is for each file. -Plug off ur internet line -Try to manually delete those files. -If it cant be deleted , try safe boot ,search for the file and try delete it. -After u've done, goto Start->Run-> type in Msconfig and goto Tab Startup -Check for suspicious application that's listed on it and untick it. |
|
|
Feb 13 2007, 06:34 PM
Return to original view | Post
#4
|
|
Senior Member
577 posts Joined: Dec 2005
|
after scan with the symatec security scan, the result as below:-
E:\autorun.vbs is infected with Trojan Horse C:\autorun.vbs is infected with Trojan Horse C:\WINDOWS\system32\autorun.vbs is infected with Trojan Horse but can't search this files in the given directories.... This post has been edited by X-Free!: Feb 13 2007, 07:51 PM |
|
|
Feb 13 2007, 07:52 PM
Return to original view | Post
#5
|
|
Senior Member
577 posts Joined: Dec 2005
|
finally i firgure out a solution from somewhere in the internet....
it's mostly probably cause by a process called "wscript.exe" in the WIndows Task Manager.... so just end the process n get a program from here: http://www.stoyard.com/download/kill_autorun.zip (i dunno whether can share here or not) extract the zip file n there is a program called "kill_autorun.bat", double click n there is a dos-windows come out n ur things in desktop will disappear a while n recover back...DONE! now scanning again with the security test...havn't confirm whether it's work.... will update later.... This post has been edited by X-Free!: Feb 13 2007, 07:53 PM |
|
|
Feb 13 2007, 07:54 PM
Return to original view | Post
#6
|
|
Senior Member
577 posts Joined: Dec 2005
|
wow! finally the solution works for me!
 |
|
Topic ClosedOptions
|
| Change to: |  0.0177sec
 0.37
 6 queries
 GZIP Disabled
Time is now: 24th December 2025 - 03:55 AM |
Quote