-
Remote grab trojan detected...
Norton internet security keeps popping up and telling me there was an attempt to connect to the local computer using the remote grab trojan. The ip address its given me was...my pc?
How does this work then or is it a clever little trojan pretending to be me?
Run xoftspy, lavasoft adaware and spybot all found nothing. Just running trojan hunter at mo, nothing as yet...
Any ideas?
-
Hail to the Victors
What software did you recently install?
-
Member
Is this trojan listed in your HOSTS file?
...\system32\drivers\etc\HOSTS
Do you have any remote access services running
Admin. tools> services
Services info. and advice on settings here
http://www.overclockersclub.com/guid...services_2.php
http://www.ss64.com/ntsyntax/services.html
-
ok, No software installed recently, There doesnt appear to be anything in my hosts file just the MS garb followed by 127.0.0.1
As for remote access, only RPC is set to auto, with a couple of others set to manual.
and thanks for links, am looking now.....
Last edited by jotto; 03-02-2005 at 02:53 PM.
-
Member
Jotto...Try this 1... Seems like they worked in conjunction with Kaspersky.
The site is translated German.
The free AV/trojan/etc program is 'Escan' by MicroWorld and is very comprehensive
Referenced it this thread:
http://www.sysopt.com/forum/showthre...ighlight=Escan
-
Thanks Prushka,
that link for Escan, the first of the 2 links posted works but I cant get the 2nd which I assume is to a download, to work, any ideas?
Cheers
jotto
DOH! ok found the homepage and am looking at all the escan products, which would you recommend, the internet suite, pro version etc etc...
Last edited by jotto; 03-03-2005 at 01:40 PM.
-
Senior Member
-
Downloaded the pro version last night, it crashed my pc and when I eventually got it uninstalled, couldnt run norton as I didnt have the correct priviliges!!!!! only user, administrator....
Reinstalled norton......
-
Member
Jotto...sorry to hear that
I should have specified that you need to turn off/disable any AV program before running another AV. From what I have heard Nortan can be a bit fickle in this regard
Although, I alluded to it in that thread:
quote:I think you'll like this one. Set's up in temp, so you can run it and delete it and turn your favorite AV program back on.
I apologize for any confusion, I resently downloaded this program from MicroWorld, which is Escan Antivirus Toolkit Utility, which is called MWAV...a bit confusing from the German site...thinking this was MicroWorld's Escan AV program...now knowing there are several AV programs they offer
The link posted on that thread leads to the Escan Antivirus Utility "MWAV" which is what I have used
http://www.mwti.net/antivirus/mwav.asp
I have used this program several times without any problems and thought it was well worth recommending.
The link to the screen shots also shows Escan Antivirus Toolkit Utility
http://www.trojaner-info.de/hijacker/escan.shtml
I really try to present accurate info. and will make it a point to more thorough in the future
Last edited by Prushka; 03-05-2005 at 06:37 AM.
-
Thanks Prushka! wasnt having a moan or a groan dude, any help on these forums is greatly appreciated!
Actually, gave me a chance to try out NIS 2005 instead of the 2004 pro version I was using.
All software scans so far have shown no trojans....will disable norton for a few min and try escan once more...hehehe
Thanks again man.
-
Member
Glad your not A Begrudgian
Hope it works
-
Member
Jotto...assuming this is grab and not garb/typo
Found this at a tech forum:
Do you play Mir...Mir Client connects to login.legendofmir.net
using port 7000
And here:Trojan remote grab uses port 7000
http://www.cybercity-online.net/Trojan.html
Actually, I'm going to use that Dos Listening port thingy
I always gain something when helping others.
If this applies, open new thread ask, "how to close port 7000"
And mention the game? if you want it.
See if I can find a specific Remote Grab cleaner
-
Member
Hopefully, Escan will solve your problem
Apparantly several games, including EverQuest use port 7000
more info on port 7000
http://seclists.org/lists/firewall-w.../Sep/0031.html
If you're still having trouble
One of the files you're looking for is simply [grab.exe]
I would try this...search files/folders for grab.exe
R-click the file and click properties
look for the creation date and exact time and write it down
Rename the file to grab
Now use search> files/folders>l(leave text field blank)> when modified> specify date (day garb was created assuming it's resent)> click search...which will bring up everything from that day
Now on toolbar click view> when modified...this will list all files sequencially in time.
What you're looking for are any files that were created within a minute/seconds of the garb creation time.
This may give you related files
If you don't recognize a file google search it
Rename each file you find suspect and write them down
Prefetch files ending with .pf can be safely deleted and will reset as need on reboot
-
Tried the escan link and did a scan ( only scanned my c drive for some reason ) but it found no probs, NIS is not showing any probs and cant find grab.exe in any folders, standard or hidden.
No games Im running use port 7000 as far as Im aware.
What is best online security checker? will check out which ports are open/closed/stealthed.
-
Ultimate Member
My guess your clean, and its a false positive. Just the other day my resident AV was claiming Panda Online scanner as a trojan. You might also look to see if any related screen capture programs are running or installed that might be mistaken as 'grab' .
Here's some tools to add to your security toolbelt :
Netstat
http://www.microsoft.com/resources/d...s/netstat.mspx
Process Explorer
http://www.sysinternals.com/
Shield's UP! and Leak Test
https://www.grc.com/x/ne.dll?bh0bkyd2
http://grc.com/lt/leaktest.htm
PCFlank
http://www.pcflank.com/index.htm
Firewall Leak Tester
http://www.pcflank.com/index.htm
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|