Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Triddll.exe and Systol.exe - Trojans?

Status
Not open for further replies.
Kjonnnn

Kjonnnn

IS-IT--Management
Jul 14, 2000
1,145
US
Anyone have these two files in their run folders? How do I get rid of them.
 
Sort by date Sort by votes
Google gives one hit on triddll.exe - in Japanese or Chinese - seems to imply it's a trojan in that part of the world. Is there some kind of standard procedure for removing an unknown trojan that would be applicable here?
Scan registry for those entries?
 
Upvote 0 Downvote
Symantecs know nothing about them.
I've deleted them several times from the RUN folder in the registry

I scanned the registry and they only appear in the RUN folder. So I deleted them. Guess what. They came back even though I didnt reboot the computer.

They are broadcasting at a regular interim and locking up the computer. We can see the broadcast on our network.

 
Upvote 0 Downvote
I got one other hit on the university of peking-but it all comes up little square boxes except for triddll.exe and a couple of other file names, which doesnt tell me squat.
Instead of systol.exe, i saw systrol.exe.

The first hit I got had kind of a table listing and again the little square boxes for the text. My hits came up under triddll and triddll.enc so those are apparently the names of the trojan there. The dates were in August 2003 so you'd think they'd have been picked up somewhere.

I couldnt find anything on mcafee, symantec, or pest patrol.

There seem to be several threads that list hijack this logs right now. For lack of anything better maybe you could run that program and see if it gives you any ideas.
 
Upvote 0 Downvote
This started out as TWO problems. My boss first noticed that large broadcasts were coming from somewhere on our network at regular intervals. At the same time, the switchboard computer would freeze on a regular basis. During my usual diagonostics I check the RUN folder to see want was starting up. That how I first found these files.
So I deleted them from the RUN folded, but they kept coming back

None of the antivirus sites know of these files. Actually there are 3.

triddll.exe
systrol.exe
msexplor.exe

I found them in the SYSTEM folder of a WIN95 machine. Triddll and Systrol appeared in the RUN folder in the registry. I could delete them from the RUN folder, (but not the SYSTEM folder), but they would come right back as I watched. THis is WITHOUT rebooting the machine.

What i ended up doing is booting the computer up in DOS, and renaming those 3 files. That seemed to have done the trick. No more broadcasts, and no more lock ups.
 
Upvote 0 Downvote
Run hijack this and look for
registry entrys at HKLM Run / HKCU run with a regedit -s entry . This loads registry keys for malware at each boot.
 
Upvote 0 Downvote
Please read above.

Solved the problem.

Its not spyware, nor found by nortons.

It only reinstalls itself in the run folder if you delete it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
130
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
205
DrB0b
DrB0b
kjv1611
  • Locked
  • Question
POS Malware Infections Detection and Protection
Replies
0
Views
102
kjv1611
kjv1611
Kjonnnn
  • Locked
  • Question
Virus and Code 31 connection Has
Replies
4
Views
127
Kjonnnn
Kjonnnn
nconick
  • Locked
  • Question
SEP 12.5 and Avaya Aura Contact Center 6.2 exceptions, etc.
Replies
0
Views
83
nconick
nconick

Part and Inventory Search

Sponsor

Back
Top