i think my computer is affected by a trojan and somebody is remote acessing my computer. How do i get rid of it.

Your antivirus will already discover quite a few when properly updated.

You might also want to download a trial version of <a target="_blank" href=http://www.mischel.dhs.org/trojanhunter.jsp>TrojanHunter</a>

Don't forget to update the trojan database before running a scan.

Finally, all backdoor trojans will show in your startups.

Do this:
Go to Start/run, and type Msinfo32, followed by OK.
Go to Software Environment/Startup Programs.
Click Edit/'Select all', and then 'copy'
Now paste the contents in your post.

these are the applications that run in my startup.
PLEASE TELL ME WHETHER IT IS ALRIGHT OR NOT

ZoneAlarm Common Startup Group "D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe"
run Win.ini hpfsched
Yahoo! Pager Registry (Per-User Run) D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
MSMSGS Registry (Per-User Run) "D:\Program Files\Messenger\msmsgs.exe" /background
ScanRegistry Registry (Machine Run) D:\WINDOWS\scanregw.exe /autorun
TaskMonitor Registry (Machine Run) D:\WINDOWS\taskmon.exe
SystemTray Registry (Machine Run) SysTray.Exe
LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM Registry (Machine Run) loadqm.exe
SaveNow Registry (Machine Run) D:\Program Files\SaveNow\SaveNow.exe
MediaLoads Installer Registry (Machine Run) C:\Program Files\MSN\MSNCoreFiles\DW.EXE /H
New.net Startup Registry (Machine Run) rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
NPROTECT Registry (Machine Run) D:\Program Files\Norton Utilities\NPROTECT.EXE
NAV Agent Registry (Machine Run) D:\PROGRA~1\NORTON~2\NAVAPW32.EXE
SoundMan Registry (Machine Run) SoundMan.Exe
KeyLogRegEntry Registry (Machine Run) "C:\GIRI\hotkeylog\KeyLog.exe" -ah
TkBellExe Registry (Machine Run) D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
Trickler Registry (Machine Run) "d:\program files\divx\divx pro codec\gain_trickler_3102.exe"
LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent Registry (Machine Service) D:\WINDOWS\SYSTEM\mstask.exe
TrueVector Registry (Machine Service) D:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
NPROTECT Registry (Machine Service) D:\Program Files\Norton Utilities\NPROTECT.EXE
ScriptBlocking Registry (Machine Service) "D:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
SCardSvr Registry (Machine Service) D:\WINDOWS\SYSTEM\SCardSvr.exe
Machine Debug Manager Registry (Machine Service) D:\WINDOWS\SYSTEM\MDM.EXE

I see a couple problems, and someone else may recognize something else and be of more help. Just to give you an idea...

NewDotNet is Foistware. You can check here for removal instructions.

http://itim.tamu.edu/htmlfs/keystrokelogging.shtml (http://www.cexx.org/newnet.htm>http://www.cexx.org/newnet.htm</a>

You)

Here's a bit more info. on the Keylogging software:

<a target="_blank" href=http://www.unh.edu/tcs/reports/sshesa.html>http://www.unh.edu/tcs/reports/sshesa.html</a>

There are several other things that don't need to be in your startup, but you can take care of those later.

<P ID="edit"><FONT class="small">Edited by Mocha on 08/18/02 10:50.</FONT></P>

You also have loads of spyware:

SaveNow, MediaLoads Installer, Trickler.

Go to Start &gt; run, type msconfig, and uncheck the following entries on the Startup tab:

LoadQM, SaveNow, MediaLoads installer, NewNet, Soundman, TKeyLogRegEntry, TkBellExe, Trickler, SCardSvr

Click OK, close msconfig, and reboot.

Uninstall NewNet

Now download and install Refupdate Utility (http://www.wyvernworks.com/Lavasoft/aaw.exe>Ad-Aware</a>).
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).

Run the refupdate.exe installation file, and once installed, go to Start Menu&gt;Programs, find the Lavasoft Refupdate entry and run it.
Click connect; it will open a connection to the internet to check and update the current signature file.

When that's completed open Ad-aware, look at the bottom left corner, it should now say "Signature file in use: "038-16.08.2002".

Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed.

Reboot

Tony to the rescue once again. /images/forums/icons/smile.gif

I should have instructed him to install Ad-Aware, too. You have such good instructions...maybe I should quote you. I had a feeling you'd be around before long!

Btw, would Ad-Aware remove that keylogging program? It looked to me like those two I mentioned would need special removal instructions, right?

Carol

Ad-Aware won't remove the keylogger.

On the other hand, it might be a surveillance program that rajan_giri installed him/herself.

If not uncheck it, and see whether you can find an uninstaller in the Program Files folder (Giri\Hotkeylog), or even in Control Panel\Software.

Oops, and about New.Net: go to Control Panel\Software Add-Remove, and uninstall New(dot)Net there.

You could also run this uninstaller:

http://www.new.net/support/uninstall3_88.exe. (http://www.new.net/support/uninstall3_88.exe.)

That's true, I realize they may have installed it themselves.

Btw, did you notice that MS has a link on removal instructions for both NewNet and Save Now? The link is on that site I had in my original response.

Iexplore Caused an Invalid Page Fault in Module Unknown with SaveNow or New.net Installed:

<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=KB;EN-US;q302463&>http://support.microsoft.com/default.aspx?scid=KB;EN-US;q302463&</a>

Yep, I'd seen that one.

In the case of New.Net Control Panel Add/Remove doesn't always work, which is why I included the link to the NewNet uninstaller as well.

Maybe we can turn rajan_giri on to the Pacmans Portal.

<a target="_blank" href=http://pacs-portal.hostinguk.com/startup_pages/startup_full.htm#D>http://pacs-portal.hostinguk.com/startup_pages/startup_full.htm#D</a>

Bob

We could have, but you may not have noticed that this thread actually is over two months old, so I rather think the problem may already have been fixed....


Cheers, Tony

oops, who looks anyway.

Bob /images/forums/icons/blush.gif