|
  |
|
|
A Trojan in the system
By Peter Simmons
It began with a simple message when I booted my system; Rundll could not find drvtos.dll... which meant nothing to me, but I was irritated by constantly seeing this message, so decided to investigate. First I looked on my partner's computer for this file, and failed to find it. We both run Windows XP so if the file was part of Windows, it should have been there in the Windows directory, but wasn't. I was therefore unable to copy it over to mine. Detection I ran several spyware detectors and anti-virus programs, none of them found anything wrong [apart from the usual cookies they all want to delete], so I investigated further. Googling drvtos.dll got just three hits, all about a trojan, so I was alerted to the possibility that it was malicious. I remembered Spybot Search & Destroy [SpybotS&D which I used to have on my old system, so downloaded it, it's free, and installed it. On the first scan it found the trojan which was trying to load drvtos.dll, gave some information about it and offered the option to remove. I went with that, and rebooted. Removal I got the same error message! I tried again, again it found it and again I chose to delete. Three attempts later I realised it was going to take more than that, so I ran regedit and found the entry that was doing the loading and deleted it. At first that failed to solve it as Spybot S&D , always in memory, spotted 'someone' was attempting to mess with the registry and prevented it on my behalf. I closed down the Spybot S&D resident shield and tried again to delete the entry in the registry. Success! It was gone, and with no messages saying 'I'm afraid I can't let you do that Dave...' so, thinking I was home and dry I rebooted. Oh no! The message 'Rundll was unable to load drvtos.dll' appeared as before. At that point it was a matter of biting the table [my teeth aren't too good], screaming at the screen and threatening to throw the whole kit out the window, or contacting Spybot S&D to ask for help, I chose the latter and visited their site. It's really free Spybot S&D is free, you never have to pay anything, in fact they won't name a price or discuss selling it, or consider putting out a free slimmed down, or lite, version with half the functions disabled; they believe in free software as fervently as I do. I asked for help, and got it, in a shorter time than most paid-for software suppliers normally take to respond to support requests with an android reply. Support delivered The matter wasn't so simple, and it took several processes to get to the point where I could delete the registry entry, let Spybot S&D know not to reinstate it, and get to a clean system. This included three emails from Spybot S&D 's creators, giving precise help instructions that enabled me to do things I could never have done unaided as they were too dangerous for any but an expert to consider - do not do this at home. I was very grateful, and impressed at how Spybot S&D managed to find the problem when all others failed to see there was a problem, and, with a little tweaking to sneek round the back of the trojan, was able to solve it. Donations accepted Although Spybot S&D is free, they do accept donations to help with running and developing costs, so I immediately donated $20, which seemed a reasonable amount for someone not rolling in money. I won't get better service for having made a donation, how could I, the service was astounding, but I like shareware and freeware and when I can afford to I try to support it, aware that people have to make a living. Having been the beneficiary of a lot of free stuff in the past, it seemed like it was time to contribute again. Permanently protected Spybot S&D is now installed on my system and it's Immunize feature will hopefully keep my system clean in the future. I can't recommend it highly enough, nor the people who created it and provide it for free to the world. They deserve everyone's support, they are the mirror image of the cretins who spread these malicious things around the net, a classic case of good over evil.
|
Contributor's Note
Whoops, didn't know that, Puniksem, done already, changed all to links. That's bad, but recognition that the program works huh?
|
|
http://www.safer-networking.org/en/home/index.html
PLEASE VISIT THE CONTRIBUTOR'S WEBSITE
DIY Ebooks
Ebooks for sale and free
www.oneworldnet.co.uk/ebooks
|
|
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
|
 |
|
This probably won't happen to a Mac, but it seems to be a good way to protect your computer.
Would it be possible for you to slightly re-word your intel changing all entires that say 'SpyBot' to 'SpyBot S&D' 'Spybot' if searched on google will return results for a spyware scanner called just 'Spybot' this software is actually SPYWARE! However SpoyBot S&D (search and destroy) from the safer-networking website is the only original source for the spyware scanner remover. Thanks
Yes I've used SpyBot S&D throughout it's existance and found it to be one of if not the most reliable software for removing 95% of internet born threats and infections. However you must appreciate that all scanners of this type have two major downfalls, they do not scan your system for threats prior to installation, which means that some smart infections can block and/or disable the installation of the scanner. Secondly, scanners like SpyBot S&D does not scan for viri, trojans and worms. This type of scanning must be completed by a reliable anti-virus suite for example: Norton - AVG - Avast - Sophos - McAfee and the like.
The copyright for this content entitled "A Trojan in the system" has been specified by the contributor as:
All Rights Reserved
This content may not be copied, distributed or adapted by anyone under any circumstances.
|
|
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
