Backdoor netscape virus

maxGD059 · #1 (**permalink**) 27-08-04, 09:41 PM

It's friday afternoon, I'm on my own at work (buisness partner holidaying in france). Its busy, no infact it's frantic & what happens, well sh** actually. The network goes down with the above mentioned virus. How its happened well GOK but it has. The usual spyware kit can isolate it but can I get into the Registry to delete it? By heck I can. As soon as I go into the Register Editor then the Editor closes before any chance to sort it. Frustrating or what. At least I've got 3 days to forget today which may as well have been friday 13th. Any ideas guys, to make tuesday morning half bearable?

wilf · #2 (**permalink**) 27-08-04, 10:12 PM

nope - you are shafted. LOL

let's go for a beer instead.

maxGD059 · #3 (**permalink**) 27-08-04, 10:16 PM

Done that already, x3 infact as I've realised my local has got Tanglefoot as a guest beer. Oh, and also had an excellent curry but not from the pub. Feeling better now -sod work.

Talking of which Wilf, how's tricks?

wilf · #4 (**permalink**) 27-08-04, 11:27 PM

Richard - you have email.

maxGD059 · #5 (**permalink**) 28-08-04, 10:20 AM

Wilf

Good to hear from you & have returned your email. It's amazing stuff that Tanglefoot. It made me forget I'd actually had 4 or was it 5 of them, & then typed in the virus name incorrectly
Its the Backdoor Netsnake virus.

(rather appropriate on the CRC forum!)

Probably just as much of a case of FUBAR methinks though

kdavies3 · #6 (**permalink**) 28-08-04, 12:16 PM

Here is some infomation you may find helpful: from: http://www.sophos.com/virusinfo/anal...netsnakeh.html

Troj/Netsnake-H is a backdoor Trojan.

In order to run automatically when Windows starts up the Trojan copies
itself to the file iexplore.exe in the Windows system folder and adds the following registry entry pointing to this file:

HKLMSoftwareMicrosoftWindowsCurrentVersionRunmssys int

Troj/Netsnake-H also drops the file psinthk.dll into the Windows system folder.

i guess you are tryin to remove this registory entry:

HKEY_LOCAL_MACHINE entry:

HKLMSoftwareMicrosoftWindowsCurrentVersionRunmssys int

but as for the registry closing on its own thats a puzzler.

Which Anti-Virus Program are you running?

maxGD059 · #7 (**permalink**) 28-08-04, 07:43 PM

Kev

Thanks for your thoughts. Think we run Mcafee at work which is now a zillion miles away as its bank holiday w/e thank goodness. Looks like the brown stuff will hit the fan on tuesday, but till then, well, I think I do some fly scraping of the screen in preparation for donnington!!

robert · #8 (**permalink**) 28-08-04, 08:31 PM

Richard

Give me a call on the number in the mag, I can point you in the right direction. :thumb:

HTH

Miket · #9 (**permalink**) 28-08-04, 09:21 PM

Quote:

Originally Posted by robert

Richard

Give me a call on the number in the mag, I can point you in the right direction. :thumb:

HTH

Where to, Donnington

:thumb: :thumb:

maxGD059 · #10 (**permalink**) 29-08-04, 11:25 AM

Thanks Rob. I wasn't looking forward to tuesday!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus - Help	RamSC427	Feedback, Membership and Help	23	13-09-05 03:14 PM
virus W32/Elkern.C	rich	Feedback, Membership and Help	9	06-04-05 07:03 PM
Virus	Miket	The Cockpit	3	07-03-05 04:39 PM
virus	craigh	General Cobra Discussion	6	05-03-04 10:18 PM
Virus I think!	rocket	General Cobra Discussion	13	26-09-03 11:38 AM