If you need assistance, please send an email to forum at 4hv dot org. To ensure your email is not marked as spam, please include the phrase "4hv help" in the subject line. You can also find assistance via IRC, at irc.shadowworld.net, room #hvcomm.
Support 4hv.org!
Donate:
4hv.org is hosted on a dedicated server. Unfortunately, this server costs and we rely on the help of site members to keep 4hv.org running. Please consider donating. We will place your name on the thanks list and you'll be helping to keep 4hv.org alive and free for everyone. Members whose names appear in red bold have donated recently. Green bold denotes those who have recently donated to keep the server carbon neutral.
Special Thanks To:
Aaron Holmes
Aaron Wheeler
Adam Horden
Alan Scrimgeour
Andre
Andrew Haynes
Anonymous000
asabase
Austin Weil
barney
Barry
Bert Hickman
Bill Kukowski
Blitzorn
Brandon Paradelas
Bruce Bowling
BubeeMike
Byong Park
Cesiumsponge
Chris F.
Chris Hooper
Corey Worthington
Derek Woodroffe
Dalus
Dan Strother
Daniel Davis
Daniel Uhrenholt
datasheetarchive
Dave Billington
Dave Marshall
David F.
Dennis Rogers
drelectrix
Dr. John Gudenas
Dr. Spark
E.TexasTesla
eastvoltresearch
Eirik Taylor
Erik Dyakov
Erlend^SE
Finn Hammer
Firebug24k
GalliumMan
Gary Peterson
George Slade
GhostNull
Gordon Mcknight
Graham Armitage
Grant
GreySoul
Henry H
IamSmooth
In memory of Leo Powning
Jacob Cash
James Howells
James Pawson
Jeff Greenfield
Jeff Thomas
Jesse Frost
Jim Mitchell
jlr134
Joe Mastroianni
John Forcina
John Oberg
John Willcutt
Jon Newcomb
klugesmith
Leslie Wright
Lutz Hoffman
Mads Barnkob
Martin King
Mats Karlsson
Matt Gibson
Matthew Guidry
mbd
Michael D'Angelo
Mikkel
mileswaldron
mister_rf
Neil Foster
Nick de Smith
Nick Soroka
nicklenorp
Nik
Norman Stanley
Patrick Coleman
Paul Brodie
Paul Jordan
Paul Montgomery
Ped
Peter Krogen
Peter Terren
PhilGood
Richard Feldman
Robert Bush
Royce Bailey
Scott Fusare
Scott Newman
smiffy
Stella
Steven Busic
Steve Conner
Steve Jones
Steve Ward
Sulaiman
Thomas Coyle
Thomas A. Wallace
Thomas W
Timo
Torch
Ulf Jonsson
vasil
Vaxian
vladi mazzilli
wastehl
Weston
William Kim
William N.
William Stehl
Wesley Venis
The aforementioned have contributed financially to the continuing triumph of 4hv.org. They are deserving of my most heartfelt thanks.
Registered Member #286
Joined: Mon Mar 06 2006, 04:52AM
Location:
Posts: 399
I have a trojan on my computer Microsoft Security Essentials says it is Trojan:WinNT/Omexo.D. It tries to remove it but it comes right back.
Trend ChipawayVirus alerts on bootup that my bootsector has been modified. This means that the trojan puts its self into the bootsector and exicutes it's self every time the computer boots. Is there anyway to get rid of it?
Registered Member #902
Joined: Sun Jul 15 2007, 08:17PM
Location: North Texas
Posts: 1040
if your MBR is modified, a Windows restore disk can rewrite a clean MBR, but anything installed maliciously will likely download other things, so it will not be your only worry. I tend to do enough backups or have enough recoverable through a Live CD Distro that I usually just do a clean install, as while cleaning rather than wiping can be less of a hassle many times, just as often it can become even more of one than starting fresh.
Registered Member #65
Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155
tdsskiller will often toast the rootkit(s)
Unfortunately, the more recent strategies involve multiple vector payloads which damage the system, and will often disrupt legitimate repair/update attempts. i.e. You are better off backing up your files, boot from DVD, reformat, and reinstall.
Prevention: Backing up your clean machine state to external USB drives is simple now with g4l (free boot CD), Norton ghost, or Nero.
Ubuntu (with classic interface) has game emulator support, and FF + NoScript + AdBlock Plus work quite well on most platforms.
Avast, AVG, TDSS, and Spybot S&D will often detect malware kits... but are almost never effective enough to fully remove a deep system infection.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4059
Yeah, nuke from orbit is the only way with these trojans.
Actually the best bet is a Ghost to another HDD and then do a zero fill and reinstall of the drive; once AV is installed and Autorun disabled you can copy the data ONLY back, any programs or executables are suspect.
Registered Member #65
Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155
Do not mount the old infected drive with the same OS.
If the system is unusable for DVDR writing, it is often better to boot from a live CD like Ubuntu/BSD/Solaris to copy specific files off the infected drive for quarantine on an external "clean" filesystem.
Popular modern operating systems have too many "problems" that allow hostile code to reinfect a system.
Registered Member #902
Joined: Sun Jul 15 2007, 08:17PM
Location: North Texas
Posts: 1040
if you want to try that, use a Live Linux Distro (well, most all distros support live) and copy over the files when running that, rather than on the infected OS. Then you might be safe, but the question is what files the malware hooked onto. I usually never have a problem backing up text files etc through a linux distro, just don't always treat the files as safe (so disable autorun, and scan the files first)
This site is powered by e107, which is released under the GNU GPL License. All work on this site, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 2.5 License. By submitting any information to this site, you agree that anything submitted will be so licensed. Please read our Disclaimer and Policies page for information on your rights and responsibilities regarding this site.
Trojan on windows XP machine
