Saturday, June 17, 2006

Episode 1: Attack of the Trojan


So this all started yesterday night around 11. My dad calls me over and asks me what the heck is going on with his computer. I look and see that his McAfee is popping up a notice stating that a trojan has been identified. The name is Downloader-AWX and the location was C:/Windows/system32 and the trojan file was named empres.dll. It has the options of cleaning, quarantining, or deleting the file.
My dad tells me that he has tried all 3 options and that it keeps responding that the file is write-protected and can't be deleted or quarantined. If he clicked "continue what I was doing" to leave the issue unresolved, the notice would pop back up after 5 seconds. He asks me to help get rid of it since he is a newbie to the whole computer interent scene.

I did some searching on Yahoo! and Google to find out about the trojan and a possible solution. I came up with 3 ways to defeat this trojan (below). I found a fellow blogger who had this trojan show up last night as well Weeklyscheiss.

The symptoms my dad's computer was experiencing due to the trojan were: slow speeds when trying to do anything, not being able to access email, etc.

1. I installed spybot search and destroy from cnet downloads and a scan revealed only 11 tracking cookies and no trojans at all. Result = Failure

2. I then tried to go into the system32 folder and move the file and then delete it from there. Result = Failure

3. I decided to restart the computer and then start it up in Safe Mode. I then went to run, search, and typed C:/Windows/system32 and then scrolled until I found the trojan file. I still couldn't do anyting to the file (delete, move, alter). In my last gasp at defeating the trojan I ran McAfee and it found the file, but It couldn't clean it or delete/quarantine it. I did see that it said that "cleaning will be finished with a restart", so I restarted the computer. I went to look for the empres.dll file and it was GONE!
Result = Success

I hate the crap we end up getting on our computers even more now! I can only hope that episode 2 will not become a reality, because we all know that sequels SUCK.

0 Comments:

Post a Comment

<< Home