Jump to content


Photo

trojan - matrixhasyou questions


  • This topic is locked This topic is locked
3 replies to this topic

#1 nate524

nate524

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 06 April 2010 - 06:33 AM

I managed to actually infect a couple of servers with the trojan win32.matrixhasyou

I had no idea it was resting peacefully on my external back up drive, and how it got onto the servers, I have no idea.

I ran AdAware and it identified and quarantined it on the drive. It only found that one instance. Hit the button for remove and I haven't seen it since.

Question one - does AdAware actually remove this trojan, or did I just remove it from a list?

Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at. I will post it if AdAware doesn't remove the trojan.


Any help would be appreciated.

#2 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 06 April 2010 - 10:38 AM

Question one - does AdAware actually remove this trojan, or did I just remove it from a list?

From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.

Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at.

Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#3 nate524

nate524

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 06 April 2010 - 03:14 PM

From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.
Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.



Thanks for the response.

The hijackthis report was only for my PC to verify that the trojan and any backdoors it may have created were removed. The servers are being taken of by the maintenance guys, but they are huge and taking time to scan. I wanted to clean up my PC before I ever went on them again.

again thanks.

#4 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 06 April 2010 - 05:37 PM

Even though Ad-Aware removed the one trojan, you might want to post in HijackThis anyways to see if a security expert sees anything else awry. I'll close this thread now, but if you need it reopened, PM me or any moderator.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users