Curse

Wrath Of Dragons · Aug 30, 2006, 03:33 AM // 03:33

Win.32.Trojan.Gamania

That is what norton(

) and AdAware are both finding, before it reboots the comp. Basically, the scan starts, then as soon as it finds thea item, it stays up for like 3 seconds and then restarts. Does the same in safe mode, too.

Any Ideas on how to kill this, or maybe a mini-scan designed fot this virus alone? I assume it is new, or Adaware would have probably figured a way to prevent a reboot.

Thanks for any help

Vvon · Aug 30, 2006, 04:07 AM // 04:07

To put it simply. If you have al of your CD-Keys and Windows Cd's still intact, Do a re-install of Windows.

Not the fastest way to do this, but it will get rid of any other malware on that PC and any other bad things that can be eating away at your system.

/2 cents

UBS · Aug 30, 2006, 04:23 AM // 04:23

Hmm. Start in safe mode with networking. Try using HitmanPro. [Google ftw].
It's a program that downloads, updates and then runs several anti virus / spyware programs.

Does it restart you computer with both programs?

Wrath Of Dragons · Aug 30, 2006, 05:20 AM // 05:20

Quote:

Originally Posted by UBS

Hmm. Start in safe mode with networking. Try using HitmanPro. [Google ftw].
It's a program that downloads, updates and then runs several anti virus / spyware programs.

Does it restart you computer with both programs?

yup. its restarting with both.
Im having my bro DL spybot....maybe it doesent have a defence againt spybot

mrcake · Aug 30, 2006, 10:27 AM // 10:27

Get rid of norton and use avast, turn off system restore and set avast to do a boot time virus scan setting it to delete any viruses found.
If that dosent work do a full scan in windows setting it to delete whtever it finds.

is your pc rebooting even before you do a virus scan or only when you scan???

if it is fire up a command prompt and enter, shutdown -a

Mushroom · Aug 30, 2006, 03:04 PM // 15:04

I would not recommend removing your AV software. But there are other things you can do to help.

The AdAware update on 28 August was modified to detect and remove Win.32.Trojan.Gamania. However, it falls into the category of an "Aurora Clone", which makes it almost impossible to remove. It includes both a spambot, a keylogger, and self-replication techniques in addition to auto-updating. The current vector for this file seems to be through P2P software, IRC scripts, and adult/gambling sites.

I agree with Vvon though. You are best off backing up your data and reloading the computer from scratch. That is the only way to get rid of most Trojans of this type. And in the future, run antivirus and antispyware programs regularly. And be careful what kind of web sites you visit, and what kind of programs you install.

P2P, Gambling sites, hacker sites, and adult sites are probably the biggest source of spyware and trojan infections. I can't think of a computer I have seen in the last year that had virus, and did not visit one or more of those areas. Consider it the same as walking down a dark back alley in the shady part of town. Since that is where the bad guys live and work, you are much more likely to get something you did not expect (like a mugging).

Numa Pompilius · Aug 30, 2006, 04:25 PM // 16:25

There's also on-line antivirus scanners. F-secure and Norton both have free versions.

Wrath Of Dragons · Aug 30, 2006, 04:33 PM // 16:33

ooooo. that was the info i was looking for, mushroom. Sounds nasty. too bad for them im 1300 miles away

I had forgotten about running scan at startup! Ill have my bro try that.
thanks peeps

Mushroom · Aug 30, 2006, 09:18 PM // 21:18

Quote:

Originally Posted by Wrath Of Dragons

ooooo. that was the info i was looking for, mushroom. Sounds nasty. too bad for them im 1300 miles away

That has nothing to do with anything. It is your computer they want mostly.

Most Spambots work by having your computer send out either pop-ups to other computers, or by having your computer turn into a robot that send out spam e-mails. In this way, the spammers are able to isolate themselves from the "source" of the e-mails.Several years ago, Pacific Bell cut off access to thousands of people because of their computers sending out spam via virus infections.

Most keyloggers are simply looking for any e-mail addresses you enter. This is the most common way for the spammers to compile lists of new e-mails. But some are more sophisticated, able to recognize credit card numbers, bank acount numbers, and forward those to the creator.

And others still record web sites visited and account names and passwords entered. Both EverCrack and WoW users have been hit by this kind of trojan, allowing hackers to go in and liquidate characters of their possessions, and selling them on E-Bay and other places to another player.

In fact, it is only the fact that GW has no monthly fees and most items are easy to get that has prevented that from happening in our little community. But I imagine that someday somebody will write such a utility. It is just a matter of time.