Anyone know a fix for this?
My Pc has become infected by a Trojan that repeatedly attempts to send out spam emails.
I first became aware of it when McAfee alerted me to potential worm activity. Doing a virus scan with McAfee doesn't detect anything. I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!! |
Originally Posted by Ballistic
My Pc has become infected by a Trojan that repeatedly attempts to send out spam emails.
I first became aware of it when McAfee alerted me to potential worm activity. Doing a virus scan with McAfee doesn't detect anything. I've just done an on-line scan with Kaspersky and it detected 'Trojan-Proxy.win32.lager.ag' but isn't able to fix it. I've done a search for this trojan and drawn a blank. Does anyone here know of a fix.........please help!! |
jpor
That link doesn't list the trojan I appear to have. |
This is the closest I could find for that one:
http://www.viruslist.com/en/viruses/...virusid=111699 |
Thanks jpor
|
Also here
http://www.pctools.com/anti-virus/en...Win32.Lager.r/ and http://www.sophos.com/virusinfo/analyses/trojorsed.html Info from the first that might be useful : Once launched, the Trojan copies itself to the Windows system directory as "win32.exe " %System%\win32.exe It then registers this file in the system registry, ensuring that the Trojan file will be launched each time Windows is rebooted on the victim machine: [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "wupd" = "%System%\win32.exe" The Trojan also creates a file called "zlbw.dll" in the Windows system directory: %System%\zlbw.dll The Trojan opens a random port on the victim machine and installs itself as a proxy-server. This enables a malicious remote user to work on the network via the victim mamchine. The Trojan also establishes a connection to 217.159.***.176 and sends the remote malicious user information about the victim machine (IP address etc.) |
Thanks for that information andyr
Not being an expert on these matters is it suggesting I delete files win32.exe and zlbw.dll and/or block assess to certain ports/addresses. What concerns me the most is that a malicious user may be working from and storing files on my machine. |
I've reached the limit of my knowledge there !
If you've a firewall then I guess you could block outgoing access to the 217.159.***.176 IPs - can't see any probelm with that ? Is it worth contacting McAfee directly to see if they can help you since you (hopefully) have bought and paid for anti-virus software ? Always dangerous to delete any files if you don't know what you are doing : I had a homepage hijack problem a year or so ago and did exactly that : I ended up having to reinstall Win XP because of 1 file that I was suspicious of that I renamed out of the way ! |
All times are GMT +1. The time now is 12:28 AM. |
© 2024 MH Sub I, LLC dba Internet Brands