benpao trojan / General Chatting / Forums

Forums

4hv.org :: Forums :: General Chatting

« Previous topic | Next topic »

benpao trojan

Move Thread

LAN_403

ShawnLG

Sun May 16 2010, 05:18PM

Registered Member #286 Joined: Mon Mar 06 2006, 04:52AM
Location:
Posts: 399

Has anyone had this trojan? It has infected both of my machines. This trojan can be disabled by stopping it in task manager. It also srews up your registry so that the trojan gets exicuted when you attempt to run regedit or some other files.

More info on this here

Conundrum

Sun May 16 2010, 06:38PM

Registered Member #96 Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4061

about all you can do with these things is to get a spare hard drive and do a fresh install, patch and AV it then make a ghost image. once you know you have a clean starting point scan each drive from within that system with Autorun disabled.

trying to disinfect these things even in safe mode is an exercise in frustration..

-A

tobias

Sun May 16 2010, 08:59PM

Registered Member #1956 Joined: Wed Feb 04 2009, 01:22PM
Location: Jersey City
Posts: 172

Or you can just use Linux =)
I give it a try two years ago tired of the endless war with trojan, viruses and everything else.
Using Ubuntu so far and quite happy with this solution.
Best luck!

Chris Russell

Sun May 16 2010, 09:57PM

... not Russel!
Registered Member #1 Joined: Thu Jan 26 2006, 12:18AM
Location: Tempe, Arizona
Posts: 1052

Using Linux isn't always an option, unfortunately, but it's worth considering. I keep a bootable USB stick with Ubuntu handy, though, for exactly this reason. Rather than fight a trojan from within the infected system, I just boot into Ubuntu, mount the infected partition, and carve the trojan out like the cancer it is.

quicksilver

Mon May 17 2010, 02:23PM

Registered Member #1408 Joined: Fri Mar 21 2008, 03:49PM
Location: Oracle, AZ
Posts: 679

I have had some luck with certain malware in windoze by having multiple users on any machine; not using admin but giving admin rights to several. Logging in as another w/ admin rights & editing, running anti-malware progs & after deleting the "user" under which the malware ran.
I have another machine with SUSE (v10) and found that some jerk wrote a crapper for Linux. but again, I avoid logging as root there as well.

Carbon_Rod

Wed May 19 2010, 02:12AM

Registered Member #65 Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155

Trojans come from people downloading malware from questionable locations, and often "security" audit tools will include these as a bonus payload.

The variant you noted was not very sophisticated, and was likely written by a kid.

Antiviral programs are practically useless if your organization is targeted with an armored payload, and every Linux/Unix/BSD/MacOS are also vulnerable to "exotics". The only difference is knowing you are infected is more likely on a *nix system with mandatory access control, and memory signature tripwires.

Nicko

Wed May 19 2010, 05:32AM

Registered Member #1334 Joined: Tue Feb 19 2008, 04:37PM
Location: Nr. London, UK
Posts: 615

This is a "script kiddie" trojan, and not a major problem (compared with some).

I hope that your AV is up to date - personally, I use AVG Anti-Virus Free (V9), which is excellent - at work, I run McAfee as a corporate tool, but I believe AVG to be the better product - It deals with root kits, trojans, does email scanning - i.e. pretty much everything, is updated daily and scores very well in comparative tests... and its free!

Every week, in the night, I have set Spybot S&D (free!) to update then run, together with Adaware (free!). AVG also does a complete scan of all disks. AVG will probably get rid of your trojan as its not an especially clever one. Real problems require tools like HijackThis, but they are not for the faint of heart and can do real damage unless you really know what you are doing, though there are web sites that will help you interpret the results.

I also recommend running CCleaner on a weekly basis for each user BEFORE doing a backup - it flushes all the browser caches and can free up enormous amounts of disk space - its another simply great free tool - by removing the 1000s of cached cookies etc., your backups get loads faster. Actually, the whole PC experience gets faster! Once a month, after the CCleaner run, I also defrag the disks. Again, defrag runs WAY faster after CCleaner as it has many 1000s fewer files to shift. Note that all these tasks are run using the windows scheduler in the middle of the night...

Get a decent backup tool like Acronis TrueImage Home - brilliant product.

I've looked after security for several financial institutions - the best way to get rid of these sorts of attacks is not to allow them in the first place! Ensure your defences are good and up-to-date and that you surf safely. Using "cracked" software, i.e. "warez", is a classic way of getting infected. Some of the nastier infections can be tricky even for professionals to remove with HijackThis/BartPE etc.... Make sure your router is set up correctly and that your PC firewall is also active and up to date. Also, note that many ISPs have facilities to block ports you are not using, i.e. there is/may be another line of defence at the ISP level - you pay your ISP good money, so make them work for it!

I do this on EVERY PC in our house - my PCs, the workshop's, my wife's and my children's. No-one runs with admin privileges. I also enable parental controls on the kids' PCs, which after initial resistance, they completely accept...

Cheers

Steve Conner

Wed May 19 2010, 09:09AM

Registered Member #30 Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706

If you search the forum you'll find lots of threads on trojans and how to remove them. The last one I got (which was actually the Winlogon patch in XP SP3

) I removed by hand using Process Explorer and a command prompt.

IntraWinding

Wed May 19 2010, 09:43AM

Registered Member #2261 Joined: Mon Aug 03 2009, 01:19AM
Location: London, UK
Posts: 581

I'm involved in plenty of 'risky behaviour' - my PC experience would be very dull otherwise - but as far as I'm aware NOD32 has kept me safe from any nasties.

Generally it finds stuff immediately after its downloaded - I rely on this - but occasionally something turns up during a regularly scheduled in depth scan of my whole system and this is worrying because I don't see how it got past the download scan in the first place.

But I assume all you people here use anti virus software and at least Windows firewall, so how come you're having problems? Is my Windows PC infected & I don't even know it

Moderator(s): Chris Russell, Noelle, Alex, Tesladownunder, Dave Marshall, Dave Billington, Bjørn, Steve Conner, Wolfram, Kizmo, Mads Barnkob