The Warring States of NPF  

Go Back   The Warring States of NPF > Dead threads
User Name
Password
Mark Forums Read
FAQ Members List Calendar Search Today's Posts Join Chat

 
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 02-01-2009, 09:24 PM   #1
Oron
Curious
 
Oron's Avatar
 
Join Date: Jan 2009
Posts: 208
Oron is so pumped up.
Default Removing a Trojan

Just started having problems with my laptop today. It's a school-loaned laptop, so it has two partitions - Home (C: Drive) and School (D: Drive). Now, I began to have problems with my Home Account, or C: Drive during the afternoon today. Mostly, whenever I log on or try to open my internet browser (I use IE), about 25+ more browsers will open. Constantly. Not only that, my computer slows down, I can't access the options menu that appears when I right click on anything, and after a few minutes I can't even open up new windows (for anything at all, even my task manager). So, I got on my School Account and scanned my C: Drive from there. It found a Trojan called cagepieax.dll, and it left the virus alone. My question is this: is there a simple way to remove this Trojan from my laptop? Keep in mind that it's school-loaned, and my C: Drive has the Administrator account. I don't even have the authorization to edit some files from my C: Drive, so I highly doubt that I could install a new anti-virus program to remove it from my D: Drive for me.

Other Details - OS: Windows XP Pro, Laptop: IBM T43p, Anti-Virus Software: Symantec

Not sure if any of that's very relevant, but it might be helpful to know.
Seriously, though. I don't have much in the way of authorization. I can't even defrag my computer.

Sorry if this sort of problem has been discussed before, but I think my situation might be a little unique.
__________________
Sneaking around the forums to read your posts.
Oron is offline Add to Oron's Reputation  
Unread 02-01-2009, 09:30 PM   #2
Nikose Tyris
Trash Goblin
 
Nikose Tyris's Avatar
 
Join Date: Jul 2004
Location: Coldwater, Ontario
Posts: 6,433
Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday!
Send a message via AIM to Nikose Tyris Send a message via MSN to Nikose Tyris Send a message via Yahoo to Nikose Tyris Send a message via Skype™ to Nikose Tyris
Default

I cannot find any reference of the DLL you listed. Are you certain that this is the troublemaker?
__________________
Quote:
Originally Posted by K-Re$ha View Post
Nikose is a known quantity and that quantity is jerk. Do not trust the sandwich.
Nikose Tyris is offline Add to Nikose Tyris's Reputation  
Unread 02-01-2009, 09:34 PM   #3
Oron
Curious
 
Oron's Avatar
 
Join Date: Jan 2009
Posts: 208
Oron is so pumped up.
Default

For the most part, yes. Never seen it before, and it's the only file my scanner picked out. I figured if I found anything on it by searching the internet, it might be something else, but the closest thing I got was cagex.dll.

Just to verify, I dug through the same file location on my other computer that has the same OP. Didn't see it.
__________________
Sneaking around the forums to read your posts.

Last edited by Oron; 02-01-2009 at 09:38 PM.
Oron is offline Add to Oron's Reputation  
Unread 02-01-2009, 10:12 PM   #4
Preturbed
betrayal!
 
Preturbed's Avatar
 
Join Date: Feb 2006
Posts: 1,092
Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy. Preturbed is a name known to all, except that guy.
Default

Grasp firmly at the base and...

Ok, wait, you'd probably rather take it to a school tech guy, since it belongs to the school. That's probably the best way since you can't access some of the files on the comp.
__________________

sudden but inevitable
Preturbed is offline Add to Preturbed's Reputation  
Unread 02-01-2009, 10:15 PM   #5
Oron
Curious
 
Oron's Avatar
 
Join Date: Jan 2009
Posts: 208
Oron is so pumped up.
Default

Actually, that's the last thing I want to do. The only thing those guys understand is how to reimage a laptop. I'd prefer to not have to reinstall everything I have onto my laptop, and it'd be very difficult to backup some of my recent files.

However, if I can't fix the problem within a few days, I do intend to take it to them.
__________________
Sneaking around the forums to read your posts.
Oron is offline Add to Oron's Reputation  
Unread 02-01-2009, 10:31 PM   #6
Nikose Tyris
Trash Goblin
 
Nikose Tyris's Avatar
 
Join Date: Jul 2004
Location: Coldwater, Ontario
Posts: 6,433
Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday!
Send a message via AIM to Nikose Tyris Send a message via MSN to Nikose Tyris Send a message via Yahoo to Nikose Tyris Send a message via Skype™ to Nikose Tyris
Default

If your scanner picked it out, did your scanner not remove the file?

I'll assume it's due to it being a DLL File.

http://www.spywareremove.com/securit...ove-dll-files/

There is a guide on how to remove DLL files.
__________________
Quote:
Originally Posted by K-Re$ha View Post
Nikose is a known quantity and that quantity is jerk. Do not trust the sandwich.
Nikose Tyris is offline Add to Nikose Tyris's Reputation  
Unread 02-01-2009, 10:34 PM   #7
Oron
Curious
 
Oron's Avatar
 
Join Date: Jan 2009
Posts: 208
Oron is so pumped up.
Default

It said something along the lines of this:

Primary Action - Delete File.
Secondary Action - Quarantine File.
Result - No change to the file.

So it tried to, I guess.

Funny thing. Scanned again, but this time only the Windows\system32 file. Came up blank.

Question mark.
__________________
Sneaking around the forums to read your posts.

Last edited by Oron; 02-01-2009 at 11:04 PM.
Oron is offline Add to Oron's Reputation  
Unread 02-02-2009, 12:46 AM   #8
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default

There's not a whole lot you can do to fully assault a virus or trojan without the admin account. I forget -- can regular accounts even get into Safe Mode and delete things as admin accounts can? If not, this thing will likely just laugh at you and wave each time you attempt to take care of it.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation  
Unread 02-02-2009, 01:06 AM   #9
Rokrin
Stupidity is an AoE
 
Rokrin's Avatar
 
Join Date: Mar 2008
Location: Canada
Posts: 749
Rokrin will become famous soon enough. Eventually. Maybe.
Default

Quote:
Originally Posted by synkr0nized View Post
There's not a whole lot you can do to fully assault a virus or trojan without the admin account. I forget -- can regular accounts even get into Safe Mode and delete things as admin accounts can? If not, this thing will likely just laugh at you and wave each time you attempt to take care of it.
They should be able to.
__________________

Gamertag: T4CT
Rokrin is offline Add to Rokrin's Reputation  
Unread 02-02-2009, 01:12 AM   #10
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default The best, though, is when Windows trojans try to infect my Linux box.

If so, that'd help delete the file successfully. Right now it is probably hiding as a protected/system file and avoiding any attempts to be deleted.

There might also be a separate file for re-infection if it gets "cleaned," too.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:33 AM.
The server time is now 11:33:46 AM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.