?
Solved

Program infected by Trojan.Win32.RegKill.e .

Posted on 2005-03-16
3
Medium Priority
?
280 Views
Last Modified: 2010-04-11
I have compiled a program for installation and someone reverted that it is being infected by Trojan.Win32.RegKill.e .

I have scanned through my all the folder in my machine using trendmicro and spyhunter. Nothing was found.

So ,I went into the registry and lookout for files such as execute.exe, pif.tif and freakme.txt .

I have removed them from my machine and recompile the installation files, however they are still being infected by the virus.

Can anyone pls advise.
0
Comment
Question by:Rob62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
kneH earned 2000 total points
ID: 13563193
Give hijackthis a go
www.hijackthis.de
Download it
Put it in it's own folder
run it
paste the log at the site
fix the suggested nasty changes.


Also do a virusscan.
www.free-av.de
www.grisoft.com

Get either of those free ones.

Now when scanning for spyware/virii remember the following
scan in safemode (too)
when scanning disconnect from the internet / any network
Reboot twice and scan again
When scanning end task on explorer.exe

See if that sorts it.
If not maybe you would like to try any of these:
CWshredder http://www.majorgeeks.com/download4086.html
Spybot : http://www.download.com/3000-8022-10122137.html
adaware : http://www.lavasoftusa.com/
STINGER : http://vil.nai.com/vil/stinger/ 
http://housecall.trendmicro.com/ online scan for trojans
http://www.ravantivirus.com/scan/
http://www.spychecker.com/program/coolwebshredder.html CWshredder
http://www.spychecker.com/program/hijackthis.html download
http://www.hijackthis.de/index.php?langselect=english check the log
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 13572554
Well if you compiled a program with sourcecode you can trust it's highly unlikely that it is a virus.

Maybe if it's a rather common application, you might check google with "ApplicationName" + Trojan.Win32.RegKill

If there is is no evidence, it's a false alarm.

Especially if no other file on your HD is infected with this "virus".

I would excludde that file from scanning in your virus scanner and send it for further inspcetion to the antivirus  manufacturer.

tolomir
0
 
LVL 4

Expert Comment

by:RonHoffmann
ID: 13577213
If the trojan is getting into your app it might have infected one of the obj files.
Make sure you delete all intermediate files before recompiling.
Get rid of any obj and pch and any other intermediate files that your compiler creates..
Some compilers won't recreate these files if they don't have to. If one of them is infected it will keep showing up in your final  binary.
 does your app have any dependencies on other files.
maybe one of them is infected.
If there is no other evidence of the trojan then it might be possible that the identifying signature of the trojan is very similar that of your app giving a false positive from the anti-virus software. Although this is very rare.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question