Possible Trojan problem
30 January 2003, 08:14 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
500+ attacks since 10am.
The Remote + Local host is my IP.
So am i infected already?
What action should be taken?
thanks for any info
Si
30 January 2003, 08:32 PM
Scooby Regular
Join Date: Aug 2002
Posts: 2,390
Likes: 0
Received 0 Likes
on
0 Posts
Can you check whether you have this in your registry...?
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "kernel16"="C:\\WINDOWS\\kernel16.exe"
I've not found much on the Web so far about this, but got the above from
this site. It says:"...
Transscout 1.1 +1.2... Copies to c:\windows\kernel16.exe ..." i.e. suggesting that the kernel16.exe
is the trojan executable.
I'll keep looking around...
30 January 2003, 08:36 PM
Scooby Regular
Join Date: Aug 2002
Posts: 2,390
Likes: 0
Received 0 Likes
on
0 Posts
OK -
this is fairly suggestive that the kernel16.exe binary is the trojan. I'd say - delete the above registry entry and the .exe and you'll be good to rock'n'roll.
Check also for kernel16.dl* as well as
this NT Security article mentions a SubSeven trojan using the same file name.
30 January 2003, 08:48 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
Alrite mate , cheers for this.
But there is no Kernel16 in that folder im afraid.
Si
30 January 2003, 08:49 PM
BANNED
Join Date: Dec 2002
Posts: 661
Likes: 0
Received 0 Likes
on
0 Posts
download 'Swatit' Si, good free trojan and bot remover, ps its not me
30 January 2003, 08:49 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
Thanks
30 January 2003, 08:53 PM
BANNED
Join Date: Dec 2002
Posts: 661
Likes: 0
Received 0 Likes
on
0 Posts
Let us know how ye get on, hate script kiddies mesel like
30 January 2003, 08:56 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
Its just scanning at the moment. Off to clear the snow off the drive so might be done by the time im back.
Cheers
Si
30 January 2003, 09:54 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
NT Rebooter - C:\WINNT\Temp\~GL_2753.EXE
that what it found
30 January 2003, 10:58 PM
BANNED
Join Date: Dec 2002
Posts: 661
Likes: 0
Received 0 Likes
on
0 Posts
Hmmm, nasty, least it found it, u really gotta stop dl'in that **** off Kazza Si
30 January 2003, 11:05 PM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
nope up to 602 now mate! Still there the damm thing
31 January 2003, 12:27 AM
BANNED
Join Date: Dec 2002
Posts: 661
Likes: 0
Received 0 Likes
on
0 Posts
Did you update the definitions in Swatit and are you on a lan just looked at the IP and it looks like yer lan to me?
[Edited by Jye_0 - 1/31/2003 12:28:58 AM]
31 January 2003, 07:31 AM
Scooby Regular
Thread Starter
Join Date: Feb 2002
Location: Lurkin Somewhere
Posts: 7,951
Likes: 0
Received 0 Likes
on
0 Posts
967 now, I am on a lan mate. ive 4pcs off the router.
Ill update it later got things to do.
Si
Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
Abx
Subaru
22
09 January 2016 05:42 PM
PetrolHeadKid
Driving Dynamics
10
05 October 2015 05:19 PM
T.K
General Technical
10
02 October 2015 11:35 AM
the shreksta
Other Marques
26
01 October 2015 02:30 PM
minguela
Wheels And Tyres For Sale
0
29 September 2015 11:28 AM