Solved

Can't remove Trojan Horse

Posted on 2004-04-28
17
236 Views
Last Modified: 2010-04-11
I have a Process on my computer under Task Manager named "IOSDT.EXE" which is causing 100% CPU Usage slowing down my system almost to a standstill. When I terminate this process CPU Usage Falls to 4%. The problem is I can't stop it from starting up everytime I boot my computer. Running a search failed to find it on the system.  

On the website "http://www.answersthatwork.com/Tasklist_pages/tasklist.htm" I found the following information:
===========================================
Iosdt

Iosdt.exe
???

You have a  Trojan virus  on your PC – IOSDT.EXE is its main file.   You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).

Recommendation :  
Reboot your PC into Safe Mode and then do a search for all files and folders which start with  IOSDT  and delete them.  Next, empty your Recycle Bin and reboot back into Normal Mode.
==============================================

I followed the instructions above but still could not find any file or folder doing a search. I also did a search in the registry and still no sign of this file, yet when I rebooy back in normwl mode the process starts up again grabbing 100% of my CPU usage.

I am running Windows XP Professional

This is doing my head in

your help is desperately needed

with thanks


0
Comment
Question by:greenfly2
  • 2
  • 2
  • 2
  • +8
17 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10937076
Hi greenfly2,

Do you have any anti-virus installed in your machine ?

If yes , update it and check for virus . If it reports any trojan or virus , ask it to remove

Also check these online scanners

**********************
http://vil.nai.com/vil/stinger/

http://housecall.trendmicro.com/

http://security.symantec.com/

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://www.pcpitstop.com/antivirus/default.asp
**********************

Using this check if you can stop it from startup

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine and check if the trojan comes back.

Then go to the same location and enable each application one by one and check the culprit

Thanks
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10937079
Hi greenfly2,

You'll find the file most likely at %systemroot%\System32\iosdt\iosdt.exe
You can remove this folder after killing the task.

Then, look at the startup part of the start menu and find either:
network.vbs and/or microsoft_office.lnk
Delete those both if you can find it.

Next time, just buy legal microsoft product, it'll save you from this mess.

Greetings,

LucF
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10937085
Also you may want to run the spyware tools listed here
http:Q_20945897.html
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10937533
Try HijackThis to ensure the Trojan isn't set to run at boot-time:

http://www.spychecker.com/program/hijackthis.html
0
 

Author Comment

by:greenfly2
ID: 10939883
Sorry to disappoint you LucF but I haven't got any illegal microsoft software on my system they have all been purchased leagally. They are four people using my computer and even if one of my sons attempt to download illeaglly I can assure you its not loaded on my system.  The suggesting that "I may have tried to downlod illegal microsoft software" was an assumption of how the Trojan may have got to my system and not an accusation.


Sunray I am about to try your suggestion, but the other suggetions did not work
thanks guys. I'll get back to you soon
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10941685
You don't dissappoint me... quite the opposite actually, it is just that I had to handle with this virus several times before, and always it came from either crack sites or through P2P networks... sorry for jumping on the gun right away. I also noticed that every virusscanner I tried didn't work :(

I think tim_holmans idea is pretty good, if you want, post the logfile it creates, so we can do a manual search from where it's started from.

LucF
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10942692
Hi!

When you download and install HijackThis (per. tim_holman suggestion), install it to it's own folder, not on your Desktop or a temp folder. Create a folder such as: C:\HJT or C:\HijackThis and install it there.
Good luck!
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 1

Expert Comment

by:HynesCo
ID: 10943269
Boot your computer into safemode with networking support, go to trend.com or norton.com and do the free online scan.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10945258
Everyone is forgetting it's XP, you have to turn off system restore... then get rid of it... otherwise it'll be back on next reboot.
http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm

Try the stinger tool... Ad-Aware might even help...
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98844
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html
-rich
0
 

Author Comment

by:greenfly2
ID: 11066264
Unfortunately none of the suggesstion received so far work. So i have decided to count my losses, reformat my hard drive and start again.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11130786
Sorry we couldn't help..  ;(
Don't forget to delete the question, and try us again soon !
0
 

Expert Comment

by:mgbyrne2004
ID: 11498532
*** advertising removed by Netminder, Site Admin ***
0
 
LVL 1

Expert Comment

by:sfleron
ID: 12685467
Hi guys

I know It's been some time since you have had the problem.

I just ran into it myself - In fact it is pretty easy to fix...

1) I was unable to stop the process (takin 100% CPU)
2) I searched the disk for the process - nothing found.
3) using REGEDIT.EXE I searched for IOSDT and exportet any keys found
4) restarted the system, and it was gone...

It seems like a trojan that comes through E-Mule p2p software!!!
It has not done any harm to my system (lucky me...).

Best regards Soren - Denmark
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 15759981
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: sfleron{http:#12685467}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 15801338
PAQed with no points refunded (of 250)



Computer101
EE Admin
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now