Trojan Found - Do I need to do a complete reinstall?

"Jason Wade" <savon1414_050404+gb2.nospam@earthlink.net> wrote in message
news:pan.2004.05.28.18.50.59.569599.763@earthlink.net...
> On Fri, 28 May 2004 12:31:30 -0500, Tim wrote:
>
> > I updated my virus detection file and found two viruses on my computer:
> > VBS/Psyme & Exploit-MhtRedir.gen. From what I read, these are trojans
> > that can download some other piece of software that wouldn't get
> > detected by my AV detector. If that's the case, my computer might now
> > have some lerking demon - a keystroke monitor / uploader etc. Should I
> > do a complete reinstall to be safe?
> >
> >
> yes
>
> > On the other hand, I would imagine that the trojan author would have his
> > secondary piece of software delete the trojan to cover his tracks. Any
> > thoughts?
> >
> > Thanks!
>
> no, usually trojans do not automatically delete themselves.
>
> They make themselves as difficult to delete as possible. Some even prevent
> you from backing up so that you can't delete them without losing
> everything.
>
> If you think you have a trojan, you need to get it off your system ASAP.
>
> If you do reinstall, I suggest installing linux alongside windows. You'll
> have a backup OS for times when windows gets messed up.
>
> That's what I did.
>
> good luck and safe computing
>
> --
> Please place your reply beneath the other person's text.
> Long discussions will flow more logically.
>

I have a major amount of time invested in the installation of programs, OS
updates etc on my system. I'd hate to go through the process again! If I
install a software firewall like ZoneAlert to tell me if something is
accessing the internet without my permission, will that suffice?

From my understanding, viruses make themselves hard to delete. But a trojan
delivers an incidious payload. And I would think that after it did so, it
would delete itself to cover up its tracks. What are the chances the trojans
left something behind if they were still around to be found?

Thanks.
 >> Stay informed about: Trojan Found - Do I need to do a complete reinstall? 

Tim wrote:
> I updated my virus detection file and found two viruses on my computer:
> VBS/Psyme & Exploit-MhtRedir.gen. From what I read, these are trojans that
> can download some other piece of software that wouldn't get detected by my
> AV detector. If that's the case, my computer might now have some lerking
> demon - a keystroke monitor / uploader etc. Should I do a complete
> reinstall to be safe?
>
> On the other hand, I would imagine that the trojan author would have his
> secondary piece of software delete the trojan to cover his tracks. Any
> thoughts?
>
> Thanks!
>
>
Try installing some anti-trojan software that has been mentioned in
other posts.Also what program are you using for your mail?
If you are using the one supplied by MS,try a different one.
-max

--
This message is virus free as far I can tell
Change nomail.afraid.org to neo.rr.com so you can reply
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)
 >> Stay informed about: Trojan Found - Do I need to do a complete reinstall? 

"Tim" <unidentified.RemoveThis@127.0.0.1> wrote in message news:SHKtc.13683$Tn6.3633@newsread1.news.pas.earthlink.net...
> I updated my virus detection file and found two viruses on my computer:
> VBS/Psyme & Exploit-MhtRedir.gen. From what I read, these are trojans that
> can download some other piece of software that wouldn't get detected by my
> AV detector. If that's the case, my computer might now have some lerking
> demon - a keystroke monitor / uploader etc. Should I do a complete
> reinstall to be safe?

This is a prime example of why it is sometimes necessary to do what
is otherwise considered overkill. This is a judgement call - that you
must make.

> On the other hand, I would imagine that the trojan author would have his
> secondary piece of software delete the trojan to cover his tracks. Any
> thoughts?

If the intruder wanted to make sure that the intrusion was not detected,
he would indeed do as you suggest. Not all intruders would bother to
try and cover their tracks though.

You could use every type of scanner imaginable to scan your system
for indications of actual intrusion. If no additional indications are found
you could assume that the intrusion was not successful and carry on as
if nothing had happened. If you are not comfortable with that, then the
only way to be sure is to break it down - and rebuild it.

On my home computer, I might be comfortable with making such an
assumption. But if I were responsible for an employer's computer or
network - I would not be at all comfortable with it. This is why it is a
judgement call that *you* must make.
 >> Stay informed about: Trojan Found - Do I need to do a complete reinstall?