Troj_ServU.Q

[als814]

I ran TrendMicro's Housecall, and I came upon this trojan recently. Housecall says non-cleanable under search result, and this kind of worries me. Will the delete or clean button on housecall permanantly rid me of this, or will additional steps need to be taken?

Thanks in advance for any help.

[kosova]

type the exact result u got, as in the TROJAN/virus name..then just do a google search and u can find ways to kill it. or u can find out which file is this trojan browse uer comp and find it and if its something unimportant like a .jpg file or .wav u can delete it but i wouldnt delete it if it was .dll extension, well i might but i'd first find a download of the exact file on google before i'd do that..good luck

[als814]

One site I found described this as what I should do.

http://security.beez.ch/TROJ_SERVU.Q.html

Does this sound safe to you guys? I'm not really sure how reliable some of these sites are that I found on Google.

[kosova]

they are reliable, but those steps seem a little umm complex to me, why dont u download AVG (downloads.com) and Search and Destroy...run a scan with both delete everything they detect. AVG might solve uer problem, if all fails do what u can.

[als814]

I ran AVG right before housecall, and it didn't find anything.

[kosova]

get Search and destroy, its very powerful. This trojan will probably use some executable program or change one to send info..Search and destroy will prevent this from happening..after that i cant help u anymore, im outta ideas...unless u wanna do system restore if it works

[als814]

Also, I am able to view these files; however, I don't have killbox, and it says access denied when I try to delete them. The link he gave also is in another language in addition to not really working.

[als814]

I also have windows 2k, so I don't think I can use a system restore.

[als814]

Well, I'll see if I can deal with this tomorrow after school when there might be more people hanging out here.

[Statica]

Have you tried the instructions found here: http://www.trendmicro.com/vinfo/viru...U%2EQ&VSect=Sn
The other option is to download a trial copy of Trend PC-Cillin and run it and see if that is able to do it.
However, if you follow the directions listed in the page, you should be able to get to it.

[als814]

I tried that, but it wouldn't even let me end the process. It just told me it was a critical system file, and it could not be ended. This is especially weird because even when I want to end something I am not supposed to like system, explorer, or anything like that, it usually just warns me and asks whether I would like to proceed or not.

[Statica]

Have you tried performing the same in Safe Mode? Or running a scan in safe mode?
I would recommend you try downloading the trial version for PCCillin and getting it installed.

[BeeeeeZ]

Quote:

Originally Posted by als814 One site I found described this as what I should do. "Executable files to delete: c:\windows\system\drivers\ntuser.exe c:\windows\system\drivers\ntusrv.exe These files are unviewable with windows, kill them with Killbox Running services HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services NTBOOT NTLOAD BOOTMGR Check that registry entries are related to files ntuser.exe or ntsrv.exe before deleting them. Now, the infection should be cleaned. If you still have any problem with that Trojan do hesitate to send me an email, with you Hijackthis Post. CONCLUSION Trendmicro online scan is very powerfull, unlike some other of its competitors. Norton Antivirus was out of the subject this time. Moreover, Symantec did not know that Trojan, 15 days after the beginning of its propagation" Does this sound safe to you guys? I'm not really sure how reliable some of these sites are that I found on Google.

Thank you for having plagiarized my Web site without telling the URL, where you can find the complete solution how to remove the trojan troj_servu.q.



Furthermore, as a security analyst, I can claim that Norton AV is probably one of the worst AV, as well as one of the most expensive ones. You should rather use a free AV such as Avast!.

BeeZ
-------
Life is hard, but root passwords facilitate it...

[Statica]

Quote:

Originally Posted by BeeeeeZ Thank you for having plagiarized my Web site without telling the URL, where you can find the complete solution how to remove the trojan troj_servu.q. Furthermore, as a security analyst, I can claim that Norton AV is probably one of the worst AV, as well as one of the most expensive ones. You should rather use a free AV such as Avast!. BeeZ ------- Life is hard, but root passwords facilitate it...

Thanks for providing us the source link on the thread, I have subsequently edited out the post to simply point to your site. It wasn't essentially plagiarism as the poster never claimed that the steps were her/his own and did make a mention of getting the information from another site .. it was a mistake however to forget to put the URL in.