What is this? [spyware, trojan?]

Zekester · Post by **Zekester** » Thu Jan 20, 2005 1:00 pm

My Norton A/V keeps catching the same "installer2.exe" trojan dropper, but it keeps coming back.
It says it's installed in my temp folder, but I can't find it there.

And my firewall has been getting "intruded" pretty often lately by random IP's

What the hell might be going on?

Smoove_B · Post by **Smoove_B** » Thu Jan 20, 2005 1:02 pm

Symantec thinks you've got something. Well..not that you've got something. Probably this redirect is trying to install but NAV is stomping it every time.

Jeff Jones · Post by **Jeff Jones** » Thu Jan 20, 2005 3:28 pm

Zekester wrote:My Norton A/V keeps catching the same "installer2.exe" trojan dropper, but it keeps coming back.
It says it's installed in my temp folder, but I can't find it there.

It could be hidden in your System Restore.

I believe if you disable System Restore on all drives, it will kill all the stored backup files (where trojans and viruses often hide). This is worth a shot anyway.

Zekester · Post by **Zekester** » Thu Jan 20, 2005 6:20 pm

I've had system restore disabled on all drives since this computer was new.
Thanks anyway, Jeff

Does running a full scan in safe mode work for something like this?

Greggy_D · Post by **Greggy_D** » Thu Jan 20, 2005 6:22 pm

It might be in Startup or the RUN section of the registry.

Run "msconfig" and look in the startup tab.

Zekester · Post by **Zekester** » Fri Jan 21, 2005 12:43 pm

I did find some foreign chit in my startup, and disabled it.

So far, so good.

Bakhtosh · Post by **Bakhtosh** » Fri Jan 21, 2005 3:04 pm

you can always go to symantic or mcafee's site to see if there's a cleaner available for that particular trojan.

Octopus Overlords

What is this? [spyware, trojan?]

What is this? [spyware, trojan?]

Re: What is this? [spyware, trojan?]