housecall found trojan

[^dAvEy^]

Hi gang - am on roomie's pc and found ZA settings mysteriously changing and some other peculiar activity - Norton found nada.

Ran Housecall which immediately found and said it cleaned a trojan, but unfortuantely I don't recall the name other than it "gig" something and included an underscore (_).

All seams well, except I find a couple things in msconfig I don't understand - please take a look at the attachments and let me know what you think.

TIA...

[^dAvEy^]

Here's the one from config.sys

[Buffalo]

Those seem fine. What are the programs in msconfig that seem strange.

[WhitPhil]

Download and run StartupLog and post back the contents of StartUp.log.

It is a good tool for evaluating what is starting at boot time, and whether all of the trojan has been ripped out.

[^dAvEy^]

thanks WhitPhil and Buffalo

Originally posted by Buffalo
Those seem fine. What are the programs in msconfig that seem strange.

config.sys and autecec.bat are tabs in sytem configuration Utility. aka msconfig, n'est-ce pas?
WhitPhil - good call! I'm on it...

[^dAvEy^]

Here is the StartupLog, WhitPhil et al.
StubPath.txt log to follow.
TIA...

[^dAvEy^]

StubPath.txt

[HKEd]

Hi ^dAvEy^...God, I hate the way the upload renders the StartLog. So hard to read. Looks clean as a whistle though. I wonder if the intercepted trojan was Gigger. Quite a nasty...

[WhitPhil]

Looks clean to me.

Hmmm, HKEd. Now there's a name that rings a bell!!
How ya doin' lad?

Got a link to Gigger?

[HKEd]

Hi Phil...thanks, but I've been a little poorly lately. Nothing serious, but it's just one of those times when nothing seems to go right.

Ermmmm...the link to Gigger is in my previous post.

[WhitPhil]

"one of those times"!!

How have you been so lucky to only have ONE!!! LOL

As for your link, thanks. I just thought you were highlighting it with an underline!! (it's getting past my sleepy time, as you can tell)

Gigger is just another reason to be running a Script blocker like ScritpSentry and another reason why I have renamed Format.com and Deltree.exe

[^dAvEy^]

Hi - Thanks for the input, HKEd - good news to hear!
Ya, I prefer the txt fomat view myself, so I go the extra k and dl and open as such. Ya, gigger, that was it.

Guess we just got lucky indeed over here, WhitPhil, as the site HKEd linked says coulda been tragic lickity split!
Thanks for all, including the heads-up on ScriptSentry and Deltree.com.

[Buffalo]

WhitPhil,
Those are still two great ideas.
^dAvEy,^

config.sys and autecec.bat are tabs in sytem configuration Utility. aka msconfig, n'est-ce pas?

I thought that you had something else in the Startup part of Msconfig that you didn't understand.
WhitPhil very rarely gives out poor advice, except when it comes to ...---.... or %%@@@@@@@@@??????????.

[HKEd]

You're welcome, ^dAvEy^. I agree with WhitPhil...deltree.exe and format.com have no business being active on a system, unless you're using deltree in autoexec.bat to deltree Temp, TIFs, cookies etc. (which I don't really recommend - Spider is a better way to go, IMO). Either rename them or keep them on a diskette for use as and when required. It's really easy to write a little batch file that would append a format or deltree command to autoexec.bat. Not a nice way to start the day.

[WhitPhil]

If you have the need to use deltree in a batch file, just use the renamed name. Ie: if you changed it to MYDEL.exe then just use MYDEL instead of DELTREE.

The only thing to be aware of is if you use Norton. Hopefully you then keep you Rescue disks updated. If you do, then rename these files back, or Norton will give an warning and (obviously) will not copy them to the disks.