- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Microsoft
- >
- Re: problem with Trojan DomCom again
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2005 01:16 AM
тАО06-08-2005 01:16 AM
problem with Trojan DomCom again
Description: The compressed file ipreg32.dll within C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\666N6D4H\ipreg32[1].cab is infected with the Trojan.Domcom virus.
Click for more information about this threat : Trojan.Domcom but Norton can not delete the trojan. I have tried to remove it in safe mode as well. When I check the contents of the internet files, it comes up empty, but when I click on properties it shows five files in there (see attachment)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2005 06:23 PM
тАО06-08-2005 06:23 PM
Re: problem with Trojan DomCom again
as the name suggests, trojans "hide" themselves anywhere on the local system or the networked machines. removing files once from a certain location is usually not an accurate solution, you shopuld use some other pathes or trojan cleaning antiviruses, as well as some better firewall security packs/ antispywares etc to properly protect your system. you should update the OS with latest SP and security patches ( windows updates if it's a windows OS) to block the holes on your OS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2005 06:58 PM
тАО06-08-2005 06:58 PM
Re: problem with Trojan DomCom again
Or remove the user you use to log on with from the administrators group.
See this:
www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_whynot_admin.mspx
regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2005 07:23 PM
тАО06-08-2005 07:23 PM
Re: problem with Trojan DomCom again
http://forums1.itrc.hp.com/service/forums/questionanswer.do?admit=716493758+1118301660905+28353475&threadId=888955
hope it helps.
regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2005 01:28 AM
тАО06-09-2005 01:28 AM
Re: problem with Trojan DomCom again
---------------------------------------------
Edgar, I am automatically logged in when I start the computer and there is no other user listed. I tried that url, but it did not work. I will try again by modifying the url. The las link was to my previous post about this. I thought that I had the system clean at that time. I believe that this trojan was re-installed from the same web site (my son forgot to clear the history log)where it came from to begin with. However, this time I could not get rid of it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2005 02:04 AM
тАО06-09-2005 02:04 AM
Re: problem with Trojan DomCom again
I would run this free on-demand AV solution:
Follow instructions here (under Recovery tab):
http://www.sophos.com/virusinfo/analyses/trojdomcomc.html
regards.
---
McAfee Stinger might also help.
http://vil.nai.com/vil/stinger
This is a very usefull tool.
DomCom is not listed under stinger though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2005 05:59 PM
тАО06-09-2005 05:59 PM
Re: problem with Trojan DomCom again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2005 06:57 PM
тАО06-09-2005 06:57 PM
Re: problem with Trojan DomCom again
You can try cleaning registry entries following this procedure:
" To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
1. Click Start > Run.
2. Type regedit
3. Click OK.
4. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
5. In the right pane, delete the value:
"loader32 " = "%AppData%\SysDown\sys[5 random numbers].exe"
6. Navigate to and delete the following registry subkeys:
HKEY_CLASS_ROOT\CLSID\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}
HKEY_CLASS_ROOT\TypeLib\{4A31E565-08CB-4272-8817-7BF729B6A96F}
HKEY_CLASS_ROOT\Interface\{CC1725CD-1EFA-4D88-8987-5EBF66347856}
HKEY_CLASS_ROOT\DownCom.CDownCom.1
HKEY_CLASS_ROOT\DownCom.CDownCom
7. Exit the Registry Editor."
You should not login as administrator, make a separate standard user for normal use. If you are using WinXP, go to control panel > user accounts > change the way users log in /off, and de-select " use the welcome screen". before doing this, note down the password for current user (administrator), or reset the password if you don't know. now, create a new user, and give him " standard user" access. you can login now by typing this user name and password. you can copy the data from old user's profile to the new one by logging in as administrator.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2005 02:54 AM
тАО06-10-2005 02:54 AM
Re: problem with Trojan DomCom again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2005 04:13 PM
тАО06-13-2005 04:13 PM