?
Solved

Trojan horse put  HideWindow cmd in my system. How do I get rid of it

Posted on 2003-03-27
7
Medium Priority
?
144 Views
Last Modified: 2010-04-13
I put a DSL modem on my machine last weekend.  I found I'd gotten a trojan horse which McAfee was able to heal.  However, a HideWindow command apparently came in with it which McAfee didn't do anything about.  No desktop, icons, task bar, or Start button.  Running Windows 2000 NT. I can get to all the programs and files through the New Task button on the Task Manager.  How do I return Windows to it's normal state?
0
Comment
Question by:sirklw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:rolfejr
ID: 8219194
Try installing SpyBot Search and Destroy.  It finds and restores settings from several spyware / adware / trojan type programs.  I can't guarantee it will work, but it's worth a shot before a complete system rebuild.  You can find it by searching for spybot at download.com, or paste the following in your broser:
http://download.com.com/3120-20-0.html?qt=spybot&tg=dl-2001
0
 
LVL 12

Expert Comment

by:gidds99
ID: 8221234
Try opening CMD.exe from the task manager and run SFC /SCANNOW this will check all windows files are the correct versions and intact.
0
 

Expert Comment

by:Drakonan
ID: 8231232
I'm interested in knowing if explorer.exe is correctly loading, run explorer.exe and see if everything appears.

(if explorer is already running it should kick up a windows explorer window)

What all loads at start up?  you can find out by traversing the registry:

hklm/software/microsoft/windows/run

There are other places as well,

(Startup folder, services etc, but most dll executions [rundll and the like) and many one-time simple progs run here)
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:sirklw
ID: 8246175
To explain a bit further about what is happening, when my system first starts up, a window labelled 'update' opens up and inside it is another window labeled 'status'. In the status window is the following message:
* / run: unable to open ‘svchost32.exe’ (line 2, iiscache.dll)
-
if I click in the window or try to select the text in the window, this next message appears and continues to reappear everytime I click again in the window:
* /msg: not connected to server (line 154, iiscache.dll)

I close this window, open the task manager and have found that by getting to explorer.exe and running it, the desktop and all the normal icons and bars will appear and be fully functional.
0
 

Accepted Solution

by:
Drakonan earned 255 total points
ID: 8246602
Hey man, that sounds alot like a virus...  I've heard about one dealing with svchost32.dll iiscache.dll

Do you have an up-to-date antivirus?


If you don't:
http://housecall.antivirus.com/

will check for free...

Anyway, if it doesn't find anything, goto the registry as I before mentioned and see if you can disable the unsuccessful "update" file that is being run...
0
 
LVL 12

Expert Comment

by:gidds99
ID: 8250111
It sounds like you may have the Backdoor.IRC.Zcrew backdoor/trojan.

Here are the details and removal instructions:-

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html
0
 

Author Comment

by:sirklw
ID: 8398298
I did go to the website, ran through a bunch of the links, downloaded i'm-not-sure-whatall, let it do stuff to my system and when all was done, my desktop was restored and could boot up and shut down more-or-less normally.  However, my system is so riddled with viruses which McAffee does nothing for, that I've decided to take the extreme step of reformatting my hard drive.  I'm finding reformatting to be as difficult to accomplish as correcting the desktop problem.  Thanks all.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question