problem with a trojan View previous topic :: View next topic  


NFOHump.com Forum Index - Operating Systems
Page 1 of 1
RoSmecher




Posts: 15
PostPosted: Tue, 7th Feb 2006 01:30    Post subject: problem with a trojan
Hi I am having some major issues with a Trojan.
This is the info NOD32 gives me,

Time
2/2/2006 15:52:56 PM
Module Object
AMON
File Name
C:\WINDOWS\system32\wmsmgs.exe
Threat
Win32/Codbot trojan
Action
quarantined - deleted
User
NT AUTHORITY\SYSTEM
Information
Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.


So I ended that file wmsmgs.exe comes up everytime my pc starts, even though I deleted it from the start up it still starts up and I am not sure which process starts it. Also my pc loads very very very slowly now when I boot up, once in windows and I ctrl+alt+delete and close the wmsmgs.exe process then it is fine. I really need help with this one guys, thanks.
I tried to run in safe mode and run nod32 scan but it said this:
Error occurred while scanning operating memory. System memory cannot be scanned (the kernel service is not running or an error occurred while loading nod32m1.vxd).

I actually think i deleted the file, but for some reason where time my computer boots up it loads the trojan, but when windows actually starts it doesn't load it because i took it off from start up. so that is why my windows loads soooo slowly because of the trojan, but once in windows my pc seems fine.

can anyone help me with this tricky one?
Back to top
[sYn]
[Moderator] Elitist



Posts: 8374
PostPosted: Tue, 7th Feb 2006 02:07    Post subject:
Moved to OS..

Firstly, stop downloading crap, from crap sources, then you wouldnt be in this mess Razz..

http://www.bleepingcomputer.com/forums/How_remove_the_W32_Codbot_E_Worm_wzdsvcexe-t12788.html

Use the above to remove the virus.
Back to top
fruziowy




Posts: 199
PostPosted: Tue, 7th Feb 2006 04:45    Post subject:
this is a joke, you better be happy that it isn't SpySheriff
Back to top
SycoShaman
VIP Master Jedi



Posts: 24468
Location: Toronto, Canada
PostPosted: Tue, 7th Feb 2006 05:16    Post subject:
Use a different brand still...shit always gets through with the trojans man, not safe. Durex ftw Smile
Back to top
RoSmecher




Posts: 15
PostPosted: Fri, 10th Feb 2006 06:56    Post subject:
windows loads very very slow before i log into my windows account, and also sometimes my system process and system idle process takes 100% of resources when i am not doing much.

by the way sin, that link you sent me if not very good. mine is much more complex then that, i already removed the virus i think but there is another one that loads at windows startup before i log into windows, it's like a service or something.
Back to top
sabalasa




Posts: 369
Location: EST
PostPosted: Fri, 10th Feb 2006 11:56    Post subject:
well...if it comes back then it has made a copy of itself into the system restore folder so windows restores the file every time you delete it.

It is possible to remove it.

Accessing the System Volume Information Folder

Under most circumstances there is no need to access this folder, but if you're the curious type and want to see what it contains, how you gain access depends on the XP version, file system, and whether you are part of a domain.

Windows XP Professional and Home Edition - FAT32 File System

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Double-click the System Volume Information folder to open.

Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

Windows XP Professional Using the NTFS File System on a Domain

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder and select the account location.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

Look for the annoying file and delete it

PS! Do it for your all hard drives

PPS! Give "Full access" rights to the user you are going to allow acces to the folder.

rgds
Sabalasa
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - Operating Systems
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group