Announcement

Collapse
No announcement yet.

issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • issue

    ok my friend sent me an exe file saying it was photos. I opened it and nothing happend. Did it a few more times. Now when I start my computer this comes up.
    What should I DO? I click cancel for now.
    IS this a virus like I am led to believe?
    It says syscfg.exe
    windows/system32

    http://i34.photobucket.com/albums/d1...doc248/wtf.jpg
    Last edited by CingularDuality; 11-23-2005, 01:59 PM.

  • #2
    Re: issue

    Yep, it's a trojan. From Sophos:

    Troj/Litmus-108 is a backdoor Trojan that allows unauthorized access to the user's computer via IRC.
    When run it copies itself into the Windows system folder as syscfg.exe and sets the following registry entries to run itself automatically when Windows starts up:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
    Windows API Configuration = "syscfg.exe"
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\
    Windows API Configuration = "syscfg.exe"
    Troj/Litmus-108 runs in the background as a service process, logs on to a predefined IRC server and waits for backdoor commands.

    Comment


    • #3
      Re: issue

      and how do i delete it avg doesnt pick it up.

      Comment


      • #4
        Re: issue

        Some friend...
        Become a supporting member!
        Buy a Tactical Duck!
        Take the world's smallest political quiz! "I was touched by His Noodly Appendage."
        TacticalGamer TX LAN/BBQ Veteran:

        Comment


        • #5
          Re: issue

          It happened to me a while back, it's not actually the person sending it to you. Not quite sure how that works, but it does.

          I got aroudn it by not clicking the link, it just seemed way off topic at the time and I was liek "wtf" so he told me.

          Comment


          • #6
            Re: issue

            Originally posted by Sabooya
            and how do i delete it avg doesnt pick it up.
            Sophos has a fix, here:

            http://www.sophos.com/virusinfo/anal...litmus108.html

            Note: I don't use Sophos, it's just that's what came up when I googled, and they have good information.

            Edit:

            Come to think of it, it may not even be that specific trojan, but any one of server that uses syscfg.exe to install a backdoor.

            Comment


            • #7
              Re: issue

              where do i get Sophos download?

              Comment


              • #8
                Re: issue

                GOT IT!
                A simple system restore did the trick, thanks guys for trying.

                Comment


                • #9
                  Re: issue

                  I'd suggest that you stop opening .exe files that come through email. Even if it's from your friend. If your friend gets infected, virii, trojans, etc will typically email themselves to everyone on the infected machine's email address book.

                  Comment


                  • #10
                    Re: issue

                    Since the message comes up when you start the computer the trojan must be in your startup folder or in one of the other 300 places where Windows puts things before starting.
                    Go to sysinternals.com and download autostarts. That program shows EVERYTHING that is started. Startup folders, RunOnce registry entries, services, you name it.
                    I realize your problem is already solved, but this is a cool tool for the next guy.

                    Comment


                    • #11
                      Re: issue

                      Sabooya read the end of his post it says

                      I realize your problem is already solved, but this is a cool tool for the next guy.
                      He knows that you got it fixed but he is giving some useful information for anybody who has this problem in the future.

                      Comment


                      • #12
                        Re: issue

                        ahhh i see
                        i only read 1st line cause i had solved it srry man.

                        Comment

                        Connect

                        Collapse

                        TeamSpeak 3 Server

                        Collapse

                        Advertisement

                        Collapse

                        Twitter Feed

                        Collapse

                        Working...
                        X