CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

andt.sys ??????

 
Post new topic   Reply to topic       All -> FavForums -> MIRT Discussion [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
rushdenx1

Cadet
Cadet


Joined: Feb 07, 2008
Posts: 6
Location: UK
PostPosted: Thu Feb 07, 2008 8:18 am    Post subject: andt.sys ??????
Reply with quote

Have just found ' andt.sys ' on my PC. Is this a 'trojan', if so how do I get rid of it as it won't let me delete it. Any help would be appreciated. Shocked [/b]
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

MIRT Premium

PostPosted: Thu Feb 07, 2008 4:07 pm    Post subject:
Reply with quote

If you still have the file on your PC please add it to a .zip file (right click on it -> send to -> compresses zip file) and upload it to this post as an attachment.

If you have Windows XP install Windows Defender from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Then run Windows Update (Internet Explorer -> Tools -> Windows Update) and install all the patches.

Then open Windows Defender and do a "full scan".

Then have a look at http://wiki.castlecops.com/MRP

After you've followed the instructions, if you are still infected or worried that you may be please make a post in CastleCops Link/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html and someone will help you.


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
rushdenx1

Cadet
Cadet


Joined: Feb 07, 2008
Posts: 6
Location: UK
PostPosted: Thu Feb 07, 2008 8:04 pm    Post subject: andt.sys
Reply with quote

Thanks for your comments. I attach the offending file 'andt.sys'.

I have Windows Vista and have run a full scan with Windows Defender aswell as a full scan with Norton. Neither have picked up anything harmful. However the file is still on my system and browsing on the internet it does say the file is dangerous.

What should I do next. Thanks Shocked
Back to top
View users profile Send private message
fatdcuk

MIRT Hunter
Premium Member

Joined: Oct 31, 2006
Posts: 2986
Location: Uk
MIRT Premium

PostPosted: Thu Feb 07, 2008 8:28 pm    Post subject:
Reply with quote

Hi download and run the free version of the following Botkiller>>>
http://www.superantispyware.com/

It has this Trojan-Downloader in its target database(i have confirmed this by custom file scan Wink )

VirusTotal have confirmed it as malware too.

CastleCops Link/p1054713-MD5_f7f8d30c5c9b9f20e2835dc3b275510f_andt_sys.html#1054713

So i have escalated it onto Malware Listserve for distribution to the defenders.Thankyou for sharing this malware Cool


_________________
Malware hunter....Got Bot ?
http://www.castlecops.com/f269-Malware_Listserv.html
Back to top
View users profile Send private message Visit posters website
rushdenx1

Cadet
Cadet


Joined: Feb 07, 2008
Posts: 6
Location: UK
PostPosted: Sun Feb 10, 2008 9:50 am    Post subject: andt.sys
Reply with quote

Thanks for all your help. Have run SuperAntiSpyware and it has picked up the 'andt.sys' file and deleted it. However the file keeps re-appearing. Is there a way of getting rid of it once and for all or do I have to keep running SuperAntiSpyware everyday. Thanks Shocked
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

MIRT Premium

PostPosted: Sun Feb 10, 2008 7:37 pm    Post subject:
Reply with quote

Have a look at http://wiki.castlecops.com/MRP

After you've followed the instructions, if you are still infected or worried that you may be please make a post in CastleCops Link/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html and someone will help you.


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> MIRT Discussion All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
156ppm 0.286s (0.04s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer