• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

I am facing a problem with a malicious script and a file appearing whenever I start the computer. The problem begins with intermittent arrival of an incoming infected file. I frequently get a spyware security warning that trojan.w32.looksky “is detected on your machine.” The desktop background changes automatically . A security warning with popup comes up and I delete the offending files from my hdd. This process goes on for a number of times. All Internet addresses are lost. I am using a Windows XP system with SP2, 80Gb and 512 MB RAM. Please suggest a solution.

Balachandran This is one of the types of Trojan that downloads a misleading application onto the computer. When the Trojan is executed, it creates several exe files in Local Settings \Temp folder under the user directory (Documents and Settings\[USER NAME]). Next it may create a registry entry under the following sub key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Then it will display the message

Title:

Warning! Security Report

Message:

Your computer is infected! It is recommended to start spyware cleaner tool. Do you want to know more? Click here!

Trojan.w32.looksky is also called Smitfraud/zlob Trojan. There is a Trojan removal tool, SmitfraudFix.exe (982 KB) from S!Ri, which is freely downloadable from the site http://siri.geekstogo.com/SmitfraudFix.exe

This is a command line removal tool. Please go to command prompt from Start -> run -> cmd. Run SmitfraudFix.exe from the saved directory.

The tool will display a list of menus. First select the option to search for the Trojan in the computer. It will create a report of the infected files in the root of the system drive, usually c:\rapport.txt.

For removing the Trojan, please reboot the computer in safe mode (Before the windows icon appears, press F8 key continuously) and run the SmitfraudFix removal tool. Select the option to clean. Say yes when prompted to clean the registry. It will check if wininet.dll is infected. If file is infected, it will prompt to replace it. After completion, quit SmitfraudFix. A reboot may be required to complete the cleaning process. There is a report at the root of the system drive, usually c:\rapport.txt

Generally it is good practice to keep the computer installed with an antivirus program and update regularly for the latest virus definition. Keep the personal firewall ‘ON’. It is also advisable to update with the latest service packs and security patches. Only if the computer is properly updated with service packs, security patches and the latest virus definition can the antivirus program protect the computer from viruses and other threats.

Solution by P. Natarajan

More Stories on : Computer Usage | Tip Off

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
‘My mobile is me’

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line