3 replies to this topic

[nate524]

I managed to actually infect a couple of servers with the trojan win32.matrixhasyou

I had no idea it was resting peacefully on my external back up drive, and how it got onto the servers, I have no idea.

I ran AdAware and it identified and quarantined it on the drive. It only found that one instance. Hit the button for remove and I haven't seen it since.

Question one - does AdAware actually remove this trojan, or did I just remove it from a list?

Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at. I will post it if AdAware doesn't remove the trojan.


Any help would be appreciated.

[visitor]

Question one - does AdAware actually remove this trojan, or did I just remove it from a list?

From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.

Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at.

Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.

[nate524]

From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.
Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.

Thanks for the response.

The hijackthis report was only for my PC to verify that the trojan and any backdoors it may have created were removed. The servers are being taken of by the maintenance guys, but they are huge and taking time to scan. I wanted to clean up my PC before I ever went on them again.

again thanks.

[visitor]

Even though Ad-Aware removed the one trojan, you might want to post in HijackThis anyways to see if a security expert sees anything else awry. I'll close this thread now, but if you need it reopened, PM me or any moderator.