Solved

trojon problem

Posted on 2004-09-29
4
137 Views
Last Modified: 2013-12-29
hi there,

i m using windows'98 i hv win patrol installed the problem is a virus by the name on trojon horse downloader.t supdate.a has logged on 2 my cdrive c:\program files\commonfiles\tsa\tsl.exe.

there is a folder called tsa in my common files which runs when the computer starts or in between now win patrol has diabled the program from running during start up and the virus is removed by avg but time and again the tsa folder reappears by itself and so does the virus

pls help

thank you

pushpinder
0
Comment
Question by:02228540675
4 Comments
 
LVL 6

Accepted Solution

by:
caza13 earned 125 total points
ID: 12183357
This is not a virus or trojan. It is a direct-marketing adware application.

This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported.  Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.

The program comes with a dropper file.  When the dropper runs,  the program is copied as the following file:

c:\Program Files\Common Files\tsa\tsl.exe
The following Registry key is added to hook system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Tsl" = "c:\Program Files\Common Files\tsa\tsl.exe"
The program connects to a specific web site.  It can further download other programs to the machine.  It might also post machine related information to the website.

http://vil.nai.com/vil/content/Print127649.htm
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12213080
Please remain active in ALL your open questions here and provide feedback when experts give you information; otherwise we are all just spinning our wheels.

Where are you now with this?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now