Trojan on windows XP machine
ShawnLG, Wed Jul 06 2011, 09:43PMI have a trojan on my computer Microsoft Security Essentials says it is Trojan:WinNT/Omexo.D. It tries to remove it but it comes right back.
Trend ChipawayVirus alerts on bootup that my bootsector has been modified. This means that the trojan puts its self into the bootsector and exicutes it's self every time the computer boots. Is there anyway to get rid of it?
Re: Trojan on windows XP machine
Hon1nbo, Thu Jul 07 2011, 02:35AM
if your MBR is modified, a Windows restore disk can rewrite a clean MBR, but anything installed maliciously will likely download other things, so it will not be your only worry. I tend to do enough backups or have enough recoverable through a Live CD Distro that I usually just do a clean install, as while cleaning rather than wiping can be less of a hassle many times, just as often it can become even more of one than starting fresh.
-Jimmy
Hon1nbo, Thu Jul 07 2011, 02:35AM
if your MBR is modified, a Windows restore disk can rewrite a clean MBR, but anything installed maliciously will likely download other things, so it will not be your only worry. I tend to do enough backups or have enough recoverable through a Live CD Distro that I usually just do a clean install, as while cleaning rather than wiping can be less of a hassle many times, just as often it can become even more of one than starting fresh.
-Jimmy
Re: Trojan on windows XP machine
Carbon_Rod, Thu Jul 07 2011, 03:25AM
tdsskiller will often toast the rootkit(s)
Unfortunately, the more recent strategies involve multiple vector payloads which damage the system, and will often disrupt legitimate repair/update attempts. i.e. You are better off backing up your files, boot from DVD, reformat, and reinstall.
Prevention:
Backing up your clean machine state to external USB drives is simple now with g4l (free boot CD), Norton ghost, or Nero.
Ubuntu (with classic interface) has game emulator support, and FF + NoScript + AdBlock Plus work quite well on most platforms.
Avast, AVG, TDSS, and Spybot S&D will often detect malware kits... but are almost never effective enough to fully remove a deep system infection.
Carbon_Rod, Thu Jul 07 2011, 03:25AM
tdsskiller will often toast the rootkit(s)
Unfortunately, the more recent strategies involve multiple vector payloads which damage the system, and will often disrupt legitimate repair/update attempts. i.e. You are better off backing up your files, boot from DVD, reformat, and reinstall.
Prevention:
Backing up your clean machine state to external USB drives is simple now with g4l (free boot CD), Norton ghost, or Nero.
Ubuntu (with classic interface) has game emulator support, and FF + NoScript + AdBlock Plus work quite well on most platforms.
Avast, AVG, TDSS, and Spybot S&D will often detect malware kits... but are almost never effective enough to fully remove a deep system infection.
Re: Trojan on windows XP machine
Conundrum, Thu Jul 07 2011, 05:15AM
Yeah, nuke from orbit is the only way with these trojans.
Actually the best bet is a Ghost to another HDD and then do a zero fill and reinstall of the drive; once AV is installed and Autorun disabled you can copy the data ONLY back, any programs or executables are suspect.
-A
Conundrum, Thu Jul 07 2011, 05:15AM
Yeah, nuke from orbit is the only way with these trojans.
Actually the best bet is a Ghost to another HDD and then do a zero fill and reinstall of the drive; once AV is installed and Autorun disabled you can copy the data ONLY back, any programs or executables are suspect.
-A
Re: Trojan on windows XP machine
Carbon_Rod, Thu Jul 07 2011, 07:16AM
Do not mount the old infected drive with the same OS.
If the system is unusable for DVDR writing, it is often better to boot from a live CD like Ubuntu/BSD/Solaris to copy specific files off the infected drive for quarantine on an external "clean" filesystem.
Popular modern operating systems have too many "problems" that allow hostile code to reinfect a system.
Good luck,
Rod
Carbon_Rod, Thu Jul 07 2011, 07:16AM
Do not mount the old infected drive with the same OS.
If the system is unusable for DVDR writing, it is often better to boot from a live CD like Ubuntu/BSD/Solaris to copy specific files off the infected drive for quarantine on an external "clean" filesystem.
Popular modern operating systems have too many "problems" that allow hostile code to reinfect a system.
Good luck,
Rod
Re: Trojan on windows XP machine
ShawnLG, Thu Jul 07 2011, 04:44PM
Sounds like my system is f*cked. Will my thumb drives get infected if I attempt to plug them in for backing up files?
ShawnLG, Thu Jul 07 2011, 04:44PM
Sounds like my system is f*cked. Will my thumb drives get infected if I attempt to plug them in for backing up files?
Re: Trojan on windows XP machine
Hon1nbo, Thu Jul 07 2011, 10:20PM
if you want to try that, use a Live Linux Distro (well, most all distros support live) and copy over the files when running that, rather than on the infected OS. Then you might be safe, but the question is what files the malware hooked onto. I usually never have a problem backing up text files etc through a linux distro, just don't always treat the files as safe (so disable autorun, and scan the files first)
-Jimmy
Hon1nbo, Thu Jul 07 2011, 10:20PM
if you want to try that, use a Live Linux Distro (well, most all distros support live) and copy over the files when running that, rather than on the infected OS. Then you might be safe, but the question is what files the malware hooked onto. I usually never have a problem backing up text files etc through a linux distro, just don't always treat the files as safe (so disable autorun, and scan the files first)
-Jimmy
Print this page