Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Bloody computer question

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
Fenris Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 01:55 PM
Original message
Bloody computer question
Edited on Sun May-30-04 01:55 PM by Fenris
I run AVG as my virus scan, and yesterday it caught and quarantined a Trojan Horse. Today, when I started the machine up, all of my icons on the Start menu and the quick start icons on the start bar were black. The desktop icons were fine. But the others were black. I restarted several times, but nothing changed. Any idea what the problem could be, or how it can be remedied?
Printer Friendly | Permalink |  | Top
kalian Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 01:57 PM
Response to Original message
1. What file was quarantined?
The trojan horse might have gotten a hold of one of the files that
controls either the desktop or the icons.
Printer Friendly | Permalink |  | Top
 
Fenris Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 01:59 PM
Response to Reply #1
3. C:\WINDOWS\DESKTOP\LLASS.EXE
Printer Friendly | Permalink |  | Top
 
kalian Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:02 PM
Response to Reply #3
4. Searched:
http://www.windowsstartup.com/wso/browse.php?l=12&start=75&end=100

Troj/Inor-A is a backdoor Trojan that usually finds its way onto a user's system when a web page containing an encoded version of the executable is viewed. Troj/Inor-A will create itself on the Desktop using the filename llass.exe, and add the following registy entries that point to this filename to ensure the Trojan gets executed at system startup: HKLMSoftwareMicrosoftWindowsCurrentVersionRunlar HKLMSoftwareMicrosoftWindowsCurrentVersionRunServiceslar The following registry entry is also created: HKLMSystemCurrentControlSetControlSLP Troj/Inor-A has the ability to uninstall itself and change the port it is listening on via commands issued remotely.
Printer Friendly | Permalink |  | Top
 
Fenris Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:04 PM
Response to Reply #4
6. Thanks for the information
Printer Friendly | Permalink |  | Top
 
kalian Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:08 PM
Response to Reply #6
9. Might want to try downloading the WinXP Startup Inspector as well....
might find some stuff that is loading up when you start up your
box.
Printer Friendly | Permalink |  | Top
 
kalian Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:03 PM
Response to Reply #3
5. Another thing....
Download SpyBot and Ad-Aware. Update both programs and then
run a complete scan. I'm sure that you'll find some more malware
installed on your box.
Printer Friendly | Permalink |  | Top
 
Wilber_Stool Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 01:58 PM
Response to Original message
2. Try running
another scan. See what it picks up.
Printer Friendly | Permalink |  | Top
 
starroute Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:05 PM
Response to Original message
7. Try a Google Groups search
start menu icons black

This can happen for several reasons that don't necessarily involve your Trojan Horse. Several of the links that come up recommend settings changes that might help.
Printer Friendly | Permalink |  | Top
 
Guy Fawkes Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:07 PM
Response to Original message
8. Registry time!
LLASS.exe creates the following reg keys: HKLM/Software/Microsoft/Windows/CurrentVersion/Runlar HKLM/Software/Microsoft/Windows/CurrentVersion/RunServiceslar HKLM/System/CurrentControlSet/Control/SLP

go to "run" on the start menu, and run "regedit". Find those keys and kill them.

HKLM means "Hkey_Local_Machine"
Printer Friendly | Permalink |  | Top
 
kalian Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-30-04 02:09 PM
Response to Reply #8
10. Backup the registry first!!!!
before mucking around with it...
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Sat May 04th 2024, 05:53 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC