Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
|
![GM Retrofire GM Retrofire](https://images.evetech.net/characters/903669522/portrait?size=64)
GM Retrofire
Game Masters
![](/images/icon_gm.gif)
|
Posted - 2007.11.28 18:26:00 -
[1]
We have noticed that there is a trojan out there that's called ibm00002.dll, information on it can be found here
We suggest that everyone scan their computer thoroughly using their installed anti-virus program and/or spyware removal tool. If you don't have one installed you can do this using TrendMicro's Housecall utility which is an online scanner
Players with this trojan on their computers have noticed that the client crashes on log in, even if this is not your exact symptom do the scan just to be safe.
|
|
![Gelan Blackburn Gelan Blackburn](https://images.evetech.net/characters/194760262/portrait?size=64)
Gelan Blackburn
|
Posted - 2007.12.18 13:59:00 -
[2]
Don't if it works all the time.. but i just found this one my pc by running Windows in Safe mode and then use Search and look for the Trojan by typeing the keyword IBM00002.DLL as the search word :P
|
![Forum Poster Forum Poster](https://images.evetech.net/characters/603413507/portrait?size=64)
Forum Poster
|
Posted - 2007.12.20 11:26:00 -
[3]
You do know even if you remove it, it can re-install itself?
|
![Ashlee Darksky Ashlee Darksky](https://images.evetech.net/characters/526731565/portrait?size=64)
Ashlee Darksky
|
Posted - 2007.12.20 19:33:00 -
[4]
Originally by: Forum Poster You do know even if you remove it, it can re-install itself?
Usually safe mode offers the opportunity to by-pass it, and it's re-installer. If not, find the locations of said files (look for dodgy processes too). Then boot from your Windows CD, use the recovery console and manually delete the files.
That said, move anti-virus or anti-spyware should deal with it anyway. If not, the boot CD/recovery method is the best bet as it won't get a chance to load/re-install.
|
![DefGuN DefGuN](https://images.evetech.net/characters/232796215/portrait?size=64)
DefGuN
|
Posted - 2008.01.07 09:27:00 -
[5]
I have experienced a really sticky trojan that cannot be detected by the aforementioned scanner. It is called wowexec - not to be confused with the usual wowexec Windows system uses as a wrapper for old 16-bit applications. This one attaches as a subprocess to the client, has a 0 byte length and has a space in front of the name. Works as an injection after proceeding with the login and the Eve client crashes (if you have the messaging to developers turned on a window on sending the error pops up). Because it can not be easily caught in the processes (it attaches only when the execution commences and then quits) it is rather difficult to clean it up and I had not the nerve to search for the dlls it uses I reinstalled the system completely. Several other trojan hunting utilities were unable to find it probably due to the fact it is not running on the background. This was my few minute internet-without-firewall-I-forgot-to-turn-it-on journey.
No laser, launcher or hybrid can bring down this crap internet is infested with ![Embarassed](/images/icon_redface.gif)
|
![La5eR La5eR](https://images.evetech.net/characters/1611612872/portrait?size=64)
La5eR
|
Posted - 2008.02.22 19:41:00 -
[6]
Keep in mind that the reinstallation files are usually found in <system drive>:\program files\common files
The registry keys are usually found in HKLM/software/microsoft/windows/current version/{run, runonce} to get to this type in regedit in your run box of the start menu
There may be files in your prefetch directory at <system drive>:\<windows dir>\prefetch
and are also found in your start up folder start\programs\startup
These can also be found in your system32 dir <system drive>:\<windows dir>\system32 Sort the list by type and look at the dll and exe files that might be there. It takes a veteran windows user to know what each does but if something looks suspicious just google the file name and itll most likely give you a good result.
Keep a mental note of the processes in your task manager as well as these might be malicious. But as always GOOGLE them before you go deleting things.
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |