Three "Probable Trojan" files found

Ikeb

I ran a TH scan on my kid's PC and found a two trojans. TH cleaned them out but three "probable trojans" remain. (did add a different extension to inactivate them). I've attached the log file as well as the three files (with orginal .exe extensions) in a zip file.

claire · Posted: Wed Apr 14, 2004 11:29 am Post subject:

Hi Ikeb,

Could you send the files ?

Magnus will answer you asap and tell you if these are real trojans and how to fix it if needed

Ikeb · Posted: Wed Apr 14, 2004 2:37 pm Post subject:

Done.

Ikeb · Posted: Fri Apr 16, 2004 4:27 am Post subject:

I realized today that there's still some funny business going on. Now when I sign on to an account on this machine, explorer brings up the desktop but then goes away. There's some sort of text msg on a black background screen. Doing the three finger salute gets me to the Task Manager, where I see two applications: Task Manager and Explorer (not responding). When Task Manager is brought up, the task bar appears as well, so I can open a WE window.

When I go to C:\WINNT.XP\system32\ I now find an a.exe and explore.exe as well as the a.exe.tmp and explore.exe.tmp I left there! Same dates as the previous files. No new wnscpsv.exe was placed there though.

Also, when I have Task Manager end the nonresponding Explore task, suddenly my desktop reappears and everything seems normal again. Weird.

BTW, I haven't received a response to my email yet. How long does it normally take to get files analyzed?

Jamming · Colonel Premium Member Joined: Jun 22, 2002 Posts: 1874

It might be monday, before you hear. Usually sooner than that, but with number of new items out there its becoming more of an interest to add potential trojans definitions, rather than communicate often. Trojans and Malware are at an all time high.

Ikeb · Posted: Wed Apr 21, 2004 1:24 am Post subject:

It's now Wednesday and haven't heard back. Is Magnus taking a vacation perhaps?

Jamming · Colonel Premium Member Joined: Jun 22, 2002 Posts: 1874

I will contact him for you.

Ikeb · Posted: Wed Apr 21, 2004 4:14 am Post subject:

Thanks Jamming. I'd like to get this resolved since I suspect the system is going downhill and these possible trojans may be the reason.

Jamming · Colonel Premium Member Joined: Jun 22, 2002 Posts: 1874

I don't know what exactly is going on, but I have not heard back from him yet. I'll try again.

Magnus · Posted: Thu Apr 22, 2004 2:01 pm Post subject:

I'm terribly sorry for the long delay - things are insanely busy here at the moment. Here's the data on those files:

wnscpsv.exe: This is adware. Delete the file and/or run an adware remover.

explore.exe and a.exe: This is a worm (Hawawi). See http://securityresponse.symantec.com/av....worm.html for removal instructions.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 855 pages served in previous 5 minutes. Page Rendered: 0.408 seconds.