- Posts: 98
- Thank you received: 0
Trojan.Downloader.BAT.Ftp.c
19 years 10 months ago #6801
by chandak76
Trojan.Downloader.BAT.Ftp.c was created by chandak76
Hi,I've got this virus that keeps poping up on 4 of my workstations"Trojan-Downloader.BAT.Ftp.c" with "C:\windows\system32\o".I've symantec antivirus with the most recent defs but it doesnt seem to go away.I've tried using f-secure as well but it keeps poping up.I does'nt spread to other workstations,but just these 4.Tried google but to no avail.Please help.
Chandak76
Chandak76
19 years 10 months ago #6802
by Cool_Spot
Replied by Cool_Spot on topic Re: Trojan.Downloader.BAT.Ftp.c
Firstly go to task manager and kill the process, called "o" or whatever.
Secondly go to c:\windows\system32 and delete the exe file called "o" the trojan has created.
Thirdly, open regedit, go to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete the entry found in this hive
You have just manually done what the antivirus should be doing automatically!
Next, do a full Windows Update. Get service Pack 2 if you are running XP.
I'd also dump IE in favour of Mozilla Firefox. and try grisoft.com as an alternative antivirus product.
Good Luck amigo!
Secondly go to c:\windows\system32 and delete the exe file called "o" the trojan has created.
Thirdly, open regedit, go to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete the entry found in this hive
You have just manually done what the antivirus should be doing automatically!
Next, do a full Windows Update. Get service Pack 2 if you are running XP.
I'd also dump IE in favour of Mozilla Firefox. and try grisoft.com as an alternative antivirus product.
Good Luck amigo!
19 years 9 months ago #6870
by gl0bal
Replied by gl0bal on topic Re: Trojan.Downloader.BAT.Ftp.c
oh and one more thing..
I've found that I needed to clear the Windows restore hsitory on XP in some cases as my corporate AV (McAfee) keeps identifying the virus in the restore point files.
Don't know if you are having this problem but thought it might be something of interest
I've found that I needed to clear the Windows restore hsitory on XP in some cases as my corporate AV (McAfee) keeps identifying the virus in the restore point files.
Don't know if you are having this problem but thought it might be something of interest
19 years 9 months ago #6961
by Fireball
Hi , I' ve got the same problem, this trojan keeps coming back. I followed the instructions that were given but it didnt seem to work.
"C:\windows\system32\o" and "Trojan-Downloader.BAT.Ftp.c".
I have tried with F-secure which has found the Trojan but is unable to destroy it. Has anyone some strait foreward solution? I use Windows XP. Help would be highly apreciated!
Replied by Fireball on topic Re: Trojan.Downloader.BAT.Ftp.c
Hi,I've got this virus that keeps poping up on 4 of my workstations"Trojan-Downloader.BAT.Ftp.c" with "C:\windows\system32\o".I've symantec antivirus with the most recent defs but it doesnt seem to go away.I've tried using f-secure as well but it keeps poping up.I does'nt spread to other workstations,but just these 4.Tried google but to no avail.Please help.
Chandak76
Hi , I' ve got the same problem, this trojan keeps coming back. I followed the instructions that were given but it didnt seem to work.
"C:\windows\system32\o" and "Trojan-Downloader.BAT.Ftp.c".
I have tried with F-secure which has found the Trojan but is unable to destroy it. Has anyone some strait foreward solution? I use Windows XP. Help would be highly apreciated!
19 years 7 months ago #7991
by MIB
Replied by MIB on topic Re: Trojan.Downloader.BAT.Ftp.c
Try use Kaspersky 5.0 with updated def file
19 years 7 months ago #7996
by TheBishop
I've seen similar things with trojans and adware that regenerates itself. The basic method for getting rid of them is:
1) Identify the running process (task manager)
2) HKLM\Software\Microsoft\Windows\CurrentVersion\Run and find the entry that runs the process. Make a note of the location and name of the file that it runs
3) When the disk is quiet, yank the machine's power lead (some trojans/adware rename themselves when you shut down to stop you following this process!)
4) Boot in safe mode (or you might be able to use BartPE or a Knoppix CD)
5) Find the above mentioned file and delete it
6) Delete the registry entry from the run key
7) Reboot nornally and hope it works
1) Identify the running process (task manager)
2) HKLM\Software\Microsoft\Windows\CurrentVersion\Run and find the entry that runs the process. Make a note of the location and name of the file that it runs
3) When the disk is quiet, yank the machine's power lead (some trojans/adware rename themselves when you shut down to stop you following this process!)
4) Boot in safe mode (or you might be able to use BartPE or a Knoppix CD)
5) Find the above mentioned file and delete it
6) Delete the registry entry from the run key
7) Reboot nornally and hope it works
Time to create page: 0.142 seconds