Trojan Horse Help

Smokin Joe · 02-02-2005, 21:14

My wife's login on my desktop PC has the winstat.exe and winstatkeep.exe trojan horse.

I have Norton anit-virus, ace utilites reg cleaner, and Xoftspy ware. I have all of this and I can't get ride of it.

Thanks for any help.

**Kyobanim** · 02-02-2005, 21:20

I'll see if I can find something

**Kyobanim** · 02-02-2005, 21:38

Joe, ghuinness has a thought. I think she's going to post it. Yell at her if she doesn't.

gits · 02-02-2005, 21:41

Does the virus get deleted by the virus scanner and just simply comes back? or does the scanner say its not possible to remove it or just can't remove the virus? If it can't remove the virus try booting to safe mode and running the scanner.

Smokin Joe · 02-02-2005, 23:25

Okay here is what I have going on.

I have a laptop and am posting here (PS.com) with it now.

I'm running windows XP (on both systems)
The Trojan Horse is not affecting my login on the desktop PC but to be safe I'm not using it until I get it off the pc entirely.

The message I get is a popup (not the internet kind the error kind) it gives me "Blah Blah Blah winstat.exe failed to intialize blah blah blah click okay to continue". So I click okay. It gives me the same popup no matter how many times I click okay. Same-same for the winstatkeep.exe Trojan Horse.

It has also pissed of my Norton Anti-virus because sometimes on start up it gives me an error message that states "blah blah blah Norton could not intialize".

I just ran ace, xoftspy, and norton again on my log in and Norton on my wife's log in. It may have fixed the problem.

Thanks everyone for your help.

hoepoe · 02-03-2005, 23:32

Do a google search for a program called "hijackthis".

Download and execute, if anything can save your data, this can.

Good luck

Hoepoe

hotntot · 02-04-2005, 00:20

Don't know if this will help or if problem is fixed.However my son and myself had the same problem until we removed norton from our programming---it worked--no problems.Who knows but my .o2. Good luck.

aricbcool · 02-04-2005, 00:22

Don't know if you fixed it yet. Also, I was wondering if winstat or winstart is the problem file. Reason is I found two different sets of info. on such a small variation of spelling. Anyways, this is what I found:

For winstat: http://www.greatis.com/appdata/d/w/winstat.exe.htm

"winstat.exe
Steals passwords / ICQ trojan
Also known as: Backdoor.Kodorian, Win32/Kodorian, Troj/Kodoria
Displays a Firework and simultanlously starts in the backround. Sends the passwords encrypted via e-mail.
Kill the processes:
winstat.exe
kodorjan.exe
server.exe
Remove Files:
c:\manasi.yok
c:\winstat.exe
kodorjan.exe
okursan?yiedersinokumazsan?yibokyersin.txt
server.exe"

For winstart: http://securityresponse.symantec.com...oor.optix.html

"Run LiveUpdate to make sure that you have the most recent virus definitions.
Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
Run a full system scan.
Delete all files that are detected as Backdoor.Optix. If any files are detected as Backdoor.Optix, delete the Winstart.bat file before you restart the computer. For detailed information, read the section that follows."

Hope that helps.

Regards,
Aric

Smokin Joe · 02-04-2005, 00:23

Thanks for all the help and suggestions everyone. I finally got it cleaned out I re-ran Norton, Ace Uti., and Xoftspy. Except I did it on the wifes login. At first I didn't think it would matter/ help but evidently it did.