ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Unknown service (can't find relevant info on the web)

<< < (2/6) > >>

mouser:
does anyone know of  a good webpage about "what to do AFTER you find a virus/trojan on your computer" ?

i've been lucky enough not to find myself in this position, but if i ever found a trojan or virus on my computer i would consider the system compromised and do a very thorough check of everything.

i would assume that any trojan found was not the only one present and would consider it important to figure out exactly how it got on my machine; if i couldn't trace back the origin and convince myself that there were no more present i would strongly lean towards restoring the machines to a known good backup.

yet another reason and reminder to do monthly drive image backups.

Innuendo:
Obviously what you do is clean the machine. Now whether that be by a specialized tool especially programmed to remove that trojan/virus or a more general purpose tool like Kaspersky or TDS3 is up to the individual.

A manual cleaning can sometimes be an option, but it can be a very involved complicated process with some of the nasties that are out and about.

mouser:
yes but carol's experience shows the danger of just reflexively "cleaning the machine" -
because in deleting the file she also deleted her hope of determining for sure if she did in fact have a trojan, and perhaps figuring out how.

i say treat a possible infection as if it was an indication of a security problem - your first goal should not be to remove it and destroy any clues.  your first goal should be identify the cause of your problem and how it got in, then proceed to cleaning.

Carol Haynes:
Well, here's the first result I found...

http://www.auditmypc.com/process/k.asp
-Innuendo (November 26, 2005, 07:57 PM)
--- End quote ---

Thanks.

Yes I saw the TKBOT worm when I did a websearch but according to Symmantec etc. there are a number of characteristsics (in terms of other files/registry entries) and none of those seemed to be present.

koncool:
TKBOT? Was K.EXE over 600kb? If so, that's it, and it got through weak netbios shares most probably.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version