• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
  • 0
Sign in to follow this  
nate524

trojan - matrixhasyou questions

Question

I managed to actually infect a couple of servers with the trojan win32.matrixhasyou

I had no idea it was resting peacefully on my external back up drive, and how it got onto the servers, I have no idea.

I ran AdAware and it identified and quarantined it on the drive. It only found that one instance. Hit the button for remove and I haven't seen it since.

Question one - does AdAware actually remove this trojan, or did I just remove it from a list?

Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at. I will post it if AdAware doesn't remove the trojan.


Any help would be appreciated.

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0
[quote name='nate524' post='118665' date='Apr 5 2010, 10:33 PM']Question one - does AdAware actually remove this trojan, or did I just remove it from a list?[/quote]
From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.

[quote name='nate524' post='118665' date='Apr 5 2010, 10:33 PM']Question two - after reading this forum and seeing requests for 'hijackthis.log' posted in connection with this trojan, I downloaded it and ran it. I haven't a clue what I am looking at.[/quote]
Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.

Share this post


Link to post
Share on other sites
  • 0
[quote name='visitor' post='118683' date='Apr 6 2010, 10:38 AM']From the help manual:

Remove Quarantined Objects
In the Quarantine list, select the quarantined object or objects you would like to remove by
selecting “Remove” from the Action drop-down menu. When you click “Perform Actions Now,” the
object/objects will be removed from your system.
Ad-Aware will only detect things on the machine it's installed, so it can't scan the servers to which it spread unless you've installed it there too. Read the instructions in my signature about posting in the HijackThis forum where somebody can help you diagnose/remove any malware. Copy/paste or link to this topic to describe the problem. You may have to run HijackThis on the affected servers as well, with each infected machine being a separate topic in the forum.[/quote]


Thanks for the response.

The hijackthis report was only for my PC to verify that the trojan and any backdoors it may have created were removed. The servers are being taken of by the maintenance guys, but they are huge and taking time to scan. I wanted to clean up my PC before I ever went on them again.

again thanks.

Share this post


Link to post
Share on other sites
  • 0
Even though Ad-Aware removed the one trojan, you might want to post in HijackThis anyways to see if a security expert sees anything else awry. I'll close this thread now, but if you need it reopened, PM me or any moderator.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this