TechSpot

trojan??

By daveyc2k5
Jan 6, 2006
  1. hi to all, was hoping somebody could shed some light on a problem i am having,Im running xpsp2 with avg,sygate,adaware,anyway avg told me it had found trojan irc/backdoor.sdbot.egy it then said it had healed the file but ever since then my browsers keep locking up and my speed are realy slow,I will post my hjt log any help would be apreciated
     

    Attached Files:

    • hjt.txt
      File size:
      2.6 KB
      Views:
      7
  2. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    first of all- never use instant messangers. IRC is an instant messanger virus. using IM is like having an open door to your computer.


    technical details

    Threats that are detected as IRC Trojan will try to get access to your system through an IRC server. They will typically attempt to open a hidden connection from your computer to an IRC server. Once this happens, the hacker can send commands to the hidden IRC connection to steal system information or any other information that they program the IRC Trojan to obtain. They can also do things that other Trojan horse programs do, such as delete a file, open the CD-ROM drive tray, shut down the system, and so on.
    norton removal:

    removal instructions

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

    1. Disable System Restore (Windows Me/XP).
    2. Update the virus definitions.
    3. Run a full system scan and delete all the files detected as IRC Trojan.
    4. Delete any values that were added to the registry.
    5. Remove any references to the infected files that have been added to the Win.ini and System.ini files (Windows 95/98/Me).
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    The only entries in your HJT log that may be bad are.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E7463F7-EE09-4722-B53E-528EBDB5A6DA}: NameServer = 62.6.40.178 194.72.0.98
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E7463F7-EE09-4722-B53E-528EBDB5A6DA}: NameServer = 62.6.40.178 194.72.0.98

    If these entries don`t belong to your isp, and you don`t recognise them. let HJT fix them.

    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...