Re: Trojan Horse - logs.exe

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/02/04 

Date: Fri, 1 Oct 2004 23:39:02 -0400

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

1) Download the following two items...

        Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaing the ZIP file.

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Disable System Restore
            http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
        clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
        (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave

"Mari-Anne Ennor" <mari-anne@centurytel.net> wrote in message
news:1c8901c4a828$ba2f5980$a301280a@phx.gbl...
| I am running WindowsXP (home) and my Norton antivirus
| program informed me that I have a Trojan Horse and that
| Norton could not fix it. Instead, Norton quarantined the
| affected file: logs.exe
|
| Also, during the next Norton WinDoctor test, I received
| the following message:
|
| "Missing or Invalid File/Key.
| They key, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
| refers to a Registry value "logs" that points
| to "C:\WINNT\Microsoft.NET\logs.exe," an invalid startup
| command."
|
| Now, my Windows XP is running very sluggishly - especially
| opening programs.
|
| I've checked the Registry and there is no value "logs" -
| also, I've checked the C:\WINNT\Microsoft directory and
| there is no logs.exe file.
|
| Is there any way of downloading another logs.exe file to
| replace the infected one, or should it not be there in the
| first place? Perhaps there is something else I need to do?
|
| Mari-Anne Ennor
|

Relevant Pages

  • Re: Adware.iefeats plus Bloodhound.Packed virus - cant get off machine!
    ... Download SYSCLEAN.COM and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... | I managed to pick up Adware - labelled as Adware.iefeats by Norton AV. ...
    (microsoft.public.security.virus)
  • Re: Question - what virus was it?
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... > Most of Norton's manual assumes you have windows up and Norton ...
    (microsoft.public.security.virus)
  • Re: VB runtime files made everything stop working..can anyone help me
    ... > unfortunately, it made Norton stop working, now i receieve an error saying ... I tried to do a system restore, but it didnt do a thing. ... What Norton product is this? ... Are you sure that it is this download which has caused the problem? ...
    (microsoft.public.vb.winapi)
  • Re: Virus, torjan ... ????
    ... (e.g., "c:\New Folder") ... Download SYSCLEAN.COM and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... We have tried to run complete scan of norton, no virus found, tried ...
    (microsoft.public.security.virus)
  • Re: Possible Sleeping Virus
    ... NORTON SYSTEMWORKS ISSUES: Norton SystemWorks includes Ghost and GoBack, ... > Sounds like your System Restore is creating backups... ...
    (microsoft.public.windowsxp.newusers)