Infected By Toraja.Gen Virus: Unable To Open Any Excel Related Files
http://www.sophos.com/virusinfo/analyses/trojbizexd.html Flag Permalink This was helpful (0) Collapse - Troj/Inpar-A by Marianna Schmudlach / June 1, 2004 11:47 PM PDT In reply to: VIRUS ALERTS - June 2, 2004 Aliases TrojanDownloader.VBS.Inpar.a, The process of installing the Trojan typicallyincludes the creation of several folders under C:\recycler\. Please try the request again. And if you run regedit navigate to this key: HKEY_USERS\S-1-5-21-3341562259-4036164967-2552189465-1006\Software\Microsoft\Office\10.0\Common\General do you see in the Right hand pand the Value name: Xlstart And the Value Data: XLSTART http://securityresponse.symantec.com/avcenter/venc/data/o97m.toraja.gen.html Did you delete have a peek here
Once copied, any document that are opened will also be infected. Download the latest scan engine here. Your cache administrator is webmaster. The only way I could open a file is by infecting my computer with the virus again.
justice_boy, Aug 27, 2003 #1 Rollin' Rog Joined: Dec 9, 2000 Messages: 45,855 After cleaning the virus, did you rename the normal.dot template normal.old or anything to force a new one Installation When run, this trojan installs itself on the local system, using the following filenames:%SysDir% \drivers\csrss.exe %SysDir% \system32\csrss.dll (Where %SysDir% is the Windows System directory as set up on the system. Please try again now or at a later time. Join our site today to ask your question.
Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Threat Encyclopedia Save & Share Choose your country: US, Canada UK, Ireland Australia, NZ Asia Pacific Japan Taiwan China Germany France Italy Mexico Brazil X97M_TORAJA.C Overview Overview Malware type:Macro Aliases:X97M/Toraja It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. The Trojan reads configuration data from a file called winspoolsnt.ini.
The system returned: (22) Invalid argument The remote host or network may be down. http://www.sophos.com/virusinfo/analyses/of97torajag.html Flag Permalink This was helpful (0) Collapse - XM/Toraja-G by Marianna Schmudlach / June 2, 2004 1:43 AM PDT In reply to: VIRUS ALERTS - June 2, 2004 Type Excel When a user opens a certain malicious website that contains a Microsoft Internet Explorer vulnerability associated with Microsoft Internet Explorer that allows to download and run executables the script component of http://newwikipost.org/topic/dWjFxkISNLBA9m8wBbBKnFA46jCJcAFk/Likely-infected-gt-unable-to-open-or-use-any-applications.html Troj/Sdbot-CR copies itself to the Windows system folder as WIN32CFG.EXEcreates entries in the registry at the following locations to run itself on system startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReg = win32cfg.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinReg = win32cfg.exe http://www.sophos.com/virusinfo/analyses/trojsdbotcr.html
Preview post Submit post Cancel post You are reporting the following post: VIRUS ALERTS - June 2, 2004 This post has been flagged and will be reviewed by our staff. Troj/Ovedil-B is activated as an HTM file that is compiled inside a CHM file withthe names idx.htm and iexpl.chm. Yes, my password is: Forgot your password? http://www.sophos.com/virusinfo/analyses/trojservuk.html Flag Permalink This was helpful (0) Collapse - Troj/Isapass-A by Marianna Schmudlach / June 2, 2004 1:55 AM PDT In reply to: VIRUS ALERTS - June 2, 2004 Aliases TrojanSpy.Win32.Isapass
When first run the Trojan displays the following fake error message: "Windows cannot find 'wmplayer32.dll'. Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion Click here to join today! Short URL to this thread: https://techguy.org/159810 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?
Thread Status: Not open for further replies. Generated Sun, 12 Feb 2017 17:34:29 GMT by s_wx1208 (squid/3.5.23) Advertisement justice_boy Thread Starter Joined: Aug 26, 2003 Messages: 5 I'm currently running in Windows 98 SE, My excel 2000 is currently infected by the Toraja.Gen virus, which can easily be http://enterprisesoftwaresummit.com/infected-by/infected-by-vista-internet-security-virus-hjt-log.html Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and
When first run, the worm/Trojan copies itself to the Windows System folder using the filename WMON16.EXE and may create sub-keys of the following registry entries, so that it is run automatically It hooks a list of macros in Excel so that the macros inside the infected document cannot be altered. This macro virus achieves this by hooking the following AutoMacros: AUTOEXEC() AUTOOPEN() AUTO_OPEN() Analysis by: Berman EnconadoSolution Solution Minimum scan engine version needed:6.810 Pattern file needed:1.923.00 Pattern release
SHOW ME NOW CNET © CBS Interactive Inc. / All Rights Reserved.
Please check again later. I already tried cleaning with McAfee Anti-Virus (Updated everyday) 3 times just in case, I also already tried uninstalling, reboot, then re-installing my Microsoft Office, but to no avail. http://www.sophos.com/virusinfo/analyses/trojkillavah.html Flag Permalink This was helpful (0) Collapse - Troj/Bdoor-CES by Marianna Schmudlach / June 1, 2004 11:51 PM PDT In reply to: VIRUS ALERTS - June 2, 2004 Aliases Trojan.AOL.Casey.b, justice_boy, Aug 28, 2003 #3 This thread has been Locked and is not open to further replies.
The system returned: (22) Invalid argument The remote host or network may be down. The Trojan copies itself to the Windows folder as caseyvid.exe. The Trojan then attempts to download and execute files from a remote web server and send gathered data to a remote FTP server. http://enterprisesoftwaresummit.com/infected-by/infected-by-spysheriff-please-help.html All rights reserved.