Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Downloader trojan 3

Status
Not open for further replies.
123gad

123gad

IS-IT--Management
Mar 12, 2001
220
US
one PC, with McAfee Managed Virus Scan, user received threats from McAfee, downloader detected in System32 folder, try to remove but not able, I did run the anti spy ware from Microsoft as well as adware nothing was found. I also tried to delete the file was not able, went into safe mode and file was gone, also my ability to connect to my network any ideas what I can do to get back on the network so I can use some online tools etc.
Thanks
 
Sort by date Sort by votes
Down load and upgrade Hijackthis run in safe mode. Seek help as to what to delete.

xit
 
Upvote 0 Downvote
Hi,
Thanks, I downloaded hijackthis and tried it in safe mode, it installs fine, but then it comes up it generated errors and the program will be closed by windoes, you will need to restart the program.

Any other ideas?
 
Upvote 0 Downvote
Try the killbox utility to delete the file, you can find it at It will allow you to delete the file on reboot before it might load. If it gets rid of the file, then run your other tools, and I would recommend Trend Micro's housecall scanner to do an online scan, as well as Spybot in addition to Microsoft's program. You might want to look up the specifics of this particular Downloader and follow manual removal instructions from the provider of your anti-virus software as well.
 
Upvote 0 Downvote
You may also want to make sure that the file you deleted wasn't a system file required for networking or internet connectivity.
 
Upvote 0 Downvote
The file what I tried to get rid of is:
doslp.dll
I searched in a few machines and could not locate it.

I also will try wvajenm's suggestion.
Thanks
 
Upvote 0 Downvote
It's behavior would explain your inability to get online.
The removal instructions look solid...but you might want to apply the LSPFix found here: if you don't wish to employ the RegRun app.
I relaize this does imply getting on a machine with connectivity to pulldown the tools.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
I did everything suggestged and the file finally was detected and removed, but I'm still not able to access the internet or connect to my LAN, any ideas?

Thanks again
 
Upvote 0 Downvote
Hi,
I did run the winsock fix, the LSPfix, the killbox, the dolsp.dll removal etc. and finally was able to get online, BUT, it is still infected.

If I reformat the HD, will this eliminate the infection?

Thanks
 
Upvote 0 Downvote
It will, but is that what you want to do?
What OS are you running? IF XP or ME, have you cleared the restore points? Can you post a Hijack This! log for a look-over?


Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
I run W2K Professional, and I did gave the user a spare PC,
any suggestions on how to prevent it in the future,
we use McAfee managed Virus scan thruout the company.
Thanks
 
Upvote 0 Downvote
Better surfing habits. Seriously.
As far as tools go, the Microsoft Beta (which will soon - hopefully - become final) and Webroot Spysweeper are the way to go. McAfee and Norton's latest and greatest boast similar capabilities, but I've yet to be sold.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
Mcafee is good against virus attacks, I haven't heard much about their ability to detect spyware (although if my memory serves, they, like Symantec, have started detecting spyware).

I would recommend running a setup similiar to this...

Antivirus (For you, Mcafee)
Microsoft Spyware Beta - Enable real time protection
Spyware Blaster

Then, if you have the ability, restrict what sites people are able to hit. Or, block/filter out what you can at the firewall. I've seen this as new functionality listed with several firewalls, the ability to block known malware.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
197
BionicJohn
BionicJohn
javierdlm001
  • Locked
  • Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
178
2ffat
2ffat
BadBigBen
  • Locked
  • News
Crossplatform Trojan...
Replies
2
Views
128
kjv1611
kjv1611
KornFuse
  • Locked
  • Question
IE browser opening automatically. Registry infected with Trojan; recre 1
2
Replies
22
Views
338
kjv1611
kjv1611
jlockley
  • Locked
  • Question
What's the story behind this malware/virus/trojan/whatever
Replies
7
Views
134
jlockley
jlockley

Part and Inventory Search

Sponsor

Back
Top