Anyone know a fix for this?
25 March 2006, 07:03 PM
#1
Scooby Regular
Thread Starter
Join Date: Jan 2003
Posts: 133
Likes: 0
Received 0 Likes
on
0 Posts
Anyone know a fix for this?
My Pc has become infected by a Trojan that repeatedly attempts to send out spam emails.
I first became aware of it when McAfee alerted me to potential worm activity.
Doing a virus scan with McAfee doesn't detect anything.
I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!!
I first became aware of it when McAfee alerted me to potential worm activity.
Doing a virus scan with McAfee doesn't detect anything.
I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!!
25 March 2006, 07:18 PM
#2
Originally Posted by Ballistic
My Pc has become infected by a Trojan that repeatedly attempts to send out spam emails.
I first became aware of it when McAfee alerted me to potential worm activity.
Doing a virus scan with McAfee doesn't detect anything.
I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!!
I first became aware of it when McAfee alerted me to potential worm activity.
Doing a virus scan with McAfee doesn't detect anything.
I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!!
25 March 2006, 07:38 PM
#4
This is the closest I could find for that one:
http://www.viruslist.com/en/viruses/...virusid=111699
http://www.viruslist.com/en/viruses/...virusid=111699
27 March 2006, 12:23 PM
#6
Scooby Regular
Join Date: Jun 2002
Posts: 625
Likes: 0
Received 0 Likes
on
0 Posts
Also here
http://www.pctools.com/anti-virus/en...Win32.Lager.r/
and
http://www.sophos.com/virusinfo/analyses/trojorsed.html
Info from the first that might be useful :
Once launched, the Trojan copies itself to the Windows system directory as "win32.exe "
%System%\win32.exe
It then registers this file in the system registry, ensuring that the Trojan file will be launched each time Windows is rebooted on the victim machine:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"wupd" = "%System%\win32.exe"
The Trojan also creates a file called "zlbw.dll" in the Windows system directory:
%System%\zlbw.dll
The Trojan opens a random port on the victim machine and installs itself as a proxy-server. This enables a malicious remote user to work on the network via the victim mamchine.
The Trojan also establishes a connection to 217.159.***.176 and sends the remote malicious user information about the victim machine (IP address etc.)
http://www.pctools.com/anti-virus/en...Win32.Lager.r/
and
http://www.sophos.com/virusinfo/analyses/trojorsed.html
Info from the first that might be useful :
Once launched, the Trojan copies itself to the Windows system directory as "win32.exe "
%System%\win32.exe
It then registers this file in the system registry, ensuring that the Trojan file will be launched each time Windows is rebooted on the victim machine:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"wupd" = "%System%\win32.exe"
The Trojan also creates a file called "zlbw.dll" in the Windows system directory:
%System%\zlbw.dll
The Trojan opens a random port on the victim machine and installs itself as a proxy-server. This enables a malicious remote user to work on the network via the victim mamchine.
The Trojan also establishes a connection to 217.159.***.176 and sends the remote malicious user information about the victim machine (IP address etc.)
27 March 2006, 12:36 PM
#7
Scooby Regular
Thread Starter
Join Date: Jan 2003
Posts: 133
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for that information andyr
Not being an expert on these matters is it suggesting I delete files win32.exe and zlbw.dll and/or block assess to certain ports/addresses.
What concerns me the most is that a malicious user may be working from and storing files on my machine.
Not being an expert on these matters is it suggesting I delete files win32.exe and zlbw.dll and/or block assess to certain ports/addresses.
What concerns me the most is that a malicious user may be working from and storing files on my machine.
Trending Topics
27 March 2006, 01:48 PM
#8
Scooby Regular
Join Date: Jun 2002
Posts: 625
Likes: 0
Received 0 Likes
on
0 Posts
I've reached the limit of my knowledge there !
If you've a firewall then I guess you could block outgoing access to the 217.159.***.176 IPs - can't see any probelm with that ?
Is it worth contacting McAfee directly to see if they can help you since you (hopefully) have bought and paid for anti-virus software ?
Always dangerous to delete any files if you don't know what you are doing : I had a homepage hijack problem a year or so ago and did exactly that : I ended up having to reinstall Win XP because of 1 file that I was suspicious of that I renamed out of the way !
If you've a firewall then I guess you could block outgoing access to the 217.159.***.176 IPs - can't see any probelm with that ?
Is it worth contacting McAfee directly to see if they can help you since you (hopefully) have bought and paid for anti-virus software ?
Always dangerous to delete any files if you don't know what you are doing : I had a homepage hijack problem a year or so ago and did exactly that : I ended up having to reinstall Win XP because of 1 file that I was suspicious of that I renamed out of the way !
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM
shorty87
Wheels And Tyres For Sale
0
29 September 2015 02:18 PM