got a virus - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 3 (permalink) Old 04-07-2009, 10:38 PM Thread Starter
still here
 
89stangGT's Avatar
 
Join Date: Jan 2002
Location: Arlington, TX
Posts: 5,885
got a virus

my kaspersky keeps popping up "screeching" and saying some file is infected. then pops up saying it was deleted successfully. then does it again every couple minutes.
Got it from an email attachment from a guy that was selling something and obviously a scam.
From what I've read things say it's a keystroke logging virus that keeps track of which sites I visit and passwords and such I put in. And I can't figure out how to get rid of it permanently. so any help would be appreciated.

Trojan-Spy.Win32.Agent.ekl

"This Trojan program is written in order to steal confidential data. It collects login names and passwords in a dedicated log file, and then sends this file to the remote malicious user.

The Trojan itself is a Windows PE EXE file approximately 45KB in size. It is not packed in any way.

When installing, the Trojan copies itself to the Windows system directory as "msserv.exe":

%System%\msserv.exe

It then registers this file in the system registry, ensuring that the Trojan file will be launched each time Windows is rebooted on the infected machine:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"msserv" = "%System%\msserv.exe"

The Trojan also creates a file called "servms.dll" in the Windows system directory:

%System%\servms.dll

The Trojan tracks which Internet sites are visited, and also logs keystrokes; this information will be saved in servms.dll.

servms.dll will then be sent to the remote malicious user by email."


'08 CSRT-4
'06 Yamaha FZ1
89stangGT is offline  
Sponsored Links
Advertisement
 
post #2 of 3 (permalink) Old 04-08-2009, 05:58 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Try this.

http://www.4shared.com/file/70595151...GO_get_em.html
http://www.4shared.com/file/97505547...t_em_defs.html

DL and install the first then DL and double click on the second to apply the updates.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #3 of 3 (permalink) Old 04-09-2009, 06:28 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Did you try the app I posted?





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome