Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Trojan horse put  HideWindow cmd in my system. How do I get rid of it

Posted on 2003-03-27
7
Medium Priority
?
152 Views
Last Modified: 2010-04-13
I put a DSL modem on my machine last weekend.  I found I'd gotten a trojan horse which McAfee was able to heal.  However, a HideWindow command apparently came in with it which McAfee didn't do anything about.  No desktop, icons, task bar, or Start button.  Running Windows 2000 NT. I can get to all the programs and files through the New Task button on the Task Manager.  How do I return Windows to it's normal state?
0
Comment
Question by:sirklw
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:rolfejr
ID: 8219194
Try installing SpyBot Search and Destroy.  It finds and restores settings from several spyware / adware / trojan type programs.  I can't guarantee it will work, but it's worth a shot before a complete system rebuild.  You can find it by searching for spybot at download.com, or paste the following in your broser:
http://download.com.com/3120-20-0.html?qt=spybot&tg=dl-2001
0
 
LVL 12

Expert Comment

by:gidds99
ID: 8221234
Try opening CMD.exe from the task manager and run SFC /SCANNOW this will check all windows files are the correct versions and intact.
0
 

Expert Comment

by:Drakonan
ID: 8231232
I'm interested in knowing if explorer.exe is correctly loading, run explorer.exe and see if everything appears.

(if explorer is already running it should kick up a windows explorer window)

What all loads at start up?  you can find out by traversing the registry:

hklm/software/microsoft/windows/run

There are other places as well,

(Startup folder, services etc, but most dll executions [rundll and the like) and many one-time simple progs run here)
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 

Author Comment

by:sirklw
ID: 8246175
To explain a bit further about what is happening, when my system first starts up, a window labelled 'update' opens up and inside it is another window labeled 'status'. In the status window is the following message:
* / run: unable to open ‘svchost32.exe’ (line 2, iiscache.dll)
-
if I click in the window or try to select the text in the window, this next message appears and continues to reappear everytime I click again in the window:
* /msg: not connected to server (line 154, iiscache.dll)

I close this window, open the task manager and have found that by getting to explorer.exe and running it, the desktop and all the normal icons and bars will appear and be fully functional.
0
 

Accepted Solution

by:
Drakonan earned 255 total points
ID: 8246602
Hey man, that sounds alot like a virus...  I've heard about one dealing with svchost32.dll iiscache.dll

Do you have an up-to-date antivirus?


If you don't:
http://housecall.antivirus.com/

will check for free...

Anyway, if it doesn't find anything, goto the registry as I before mentioned and see if you can disable the unsuccessful "update" file that is being run...
0
 
LVL 12

Expert Comment

by:gidds99
ID: 8250111
It sounds like you may have the Backdoor.IRC.Zcrew backdoor/trojan.

Here are the details and removal instructions:-

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html
0
 

Author Comment

by:sirklw
ID: 8398298
I did go to the website, ran through a bunch of the links, downloaded i'm-not-sure-whatall, let it do stuff to my system and when all was done, my desktop was restored and could boot up and shut down more-or-less normally.  However, my system is so riddled with viruses which McAffee does nothing for, that I've decided to take the extreme step of reformatting my hard drive.  I'm finding reformatting to be as difficult to accomplish as correcting the desktop problem.  Thanks all.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Often, the users face difficulty in accessing Outlook 2016 PST files on Windows 10 computer. One of the reasons behind it is the improper functioning of MS Outlook when the user tries to open it. MS Outlook suddenly stops working, or it will not op…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question