[HPFGU-OTChatter] Downloader Trojan virus?

bettedavisgreen at aol.com bettedavisgreen at aol.com
Tue Aug 5 05:26:25 UTC 2003


Dans un e-mail daté du 05/08/2003 06:38:44 Paris, Madrid (heure d'été), 
siskiou at earthlink.net a écrit :

> 
> Hi,
> 
> I'm hoping somebody here has experience with this virus and
> can help.
> 
> I've visited fanfiction.net twice over the last week, and
> each time my Anti Virus program (Norton) alerted me to a
> virus (Downloader Trojan) in my Temporary Internet files.
> The program wasn't able to repair, quarantine or delete the
> virus, even though I'm up to date on the definitions, and
> this virus is listed.
> 
> Has anyone else experienced this and knows how to prevent
> this from happening?
> 
> The file containing the virus was called "The ultimate
> browser enhancer" both times.
> 
> -- 
> Best regards,
> Susanne              mailto:siskiou at earthlink.net
> 
> Visit our pet rabbits: http://home.earthlink.net/~siskiou

Okay, I went to Symantec' website, and found out there are a couple Trojans 
like this, you'll have to check the extension. Then you try and do a search, ie 
for Downloader Trojan Aphe, and check the removal instructions. Always amazed 
me how you have to do so many things to remove a virus that's in their list - 
I thought we payed them to actually do the entire job... If you can't find 
the extension, then you will spend a nice moment with your registry and search 
box trying to locate offending files.

Whatever you do, don't contact Symantec's support. You'll get an answer in 
two months. Reason why I let them go. 

Mc Afee tells you to simply look for this

The SYSMAN32.EXE file is downloaded to %SysDir% as SYSMAN32.EXE, and a 
Registry key is added to launch it at subsequent system startup. For 
example:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"SystemManager" = C:\WINNT\System32\sysman32.exe    
    
            
Indications of Infection        
    
Existence of the file SYSMAN32.EXE in %SysDir% coupled with the Registry hook 
detailed above. 
    
    
If you find them, simply erase them.    



Also, you might want to try this > 
> 
> http://www.simplysup.com/tremover/details.html
> 
    
but I'm not sure they cover it... found it in a discussion on this trojan 
though. 


Hope it helps.

Disclaimer: interfering with your registry might make your computer fly out 
the window (even if it's a Mac)

cheers!

Cristina
    








[Non-text portions of this message have been removed]





More information about the HPFGU-OTChatter archive