PCTechTalk - View Single Post - trojan

overlord999 · 08-29-2003, 05:22 AM

I had some little problems with viewing some webpages offline, so I tried to fix the problem. With active mouse driver the system hang. Disabling the mouse driver or going online fixed the problem. First I made a virus scan witjh Norton - nothing. I updated driver, reinstalled Java VM, but nothing. So finally tried something else - netstat -n 10. That was it. My computer was connecting to 65.54.254.145:25 or 65.54.166.99:25. In my firewall I immediately blocked the whole IP range 65.54. and began to look for answers...

See what I've found

Beast 2.01
Released july 2003. Be aware of it, it can't be detected by the following SW:
HouseCall On-Line Anti-Virus
Kaspersky Anti-Virus Personal 4.0
Norton AntiVirus 2003
The Cleaner 3.5
TrojanHunter 3.5
Trojan Remover 6.0.3 - (6.0.4 can detect, but can't remove it)

To remove it:
--- WINDOWS XP / WINDOWS NT ---

1. Turn on PC, press F8 and start in Safe Mode
2. Go to <WinDir>\msagent directory (usually C:\windows\msagent) and delete a file ms****.com (**** are random characters), which has 70k - 80k.
3. Go to <SysDir> (usually C:\windows\system32) and delete a file ms****.com, different from previous, which also has 70k - 80k.
4. Go to <WinDir> or <SysDir> (where you chose the dll to reside) and delete the dxdgns.dll file (or how you renamed it).

(source: http://battleforums.com/history/show/25372.html)

PS: I had no success with removal in safe mode. I had to put XP as slave and delete the files this way.

More info about Beast 2.01 - here

08-29-2003, 05:22 AM	#1 (permalink)
overlord999 Registered User Join Date: Jun 2002 Location: HU Posts: 44	trojan - beast 2.01 I had some little problems with viewing some webpages offline, so I tried to fix the problem. With active mouse driver the system hang. Disabling the mouse driver or going online fixed the problem. First I made a virus scan witjh Norton - nothing. I updated driver, reinstalled Java VM, but nothing. So finally tried something else - netstat -n 10. That was it. My computer was connecting to 65.54.254.145:25 or 65.54.166.99:25. In my firewall I immediately blocked the whole IP range 65.54. and began to look for answers... See what I've found Beast 2.01 Released july 2003. Be aware of it, it can't be detected by the following SW: HouseCall On-Line Anti-Virus Kaspersky Anti-Virus Personal 4.0 Norton AntiVirus 2003 The Cleaner 3.5 TrojanHunter 3.5 Trojan Remover 6.0.3 - (6.0.4 can detect, but can't remove it) To remove it: --- WINDOWS XP / WINDOWS NT --- 1. Turn on PC, press F8 and start in Safe Mode 2. Go to <WinDir>\msagent directory (usually C:\windows\msagent) and delete a file ms**.com ( are random characters), which has 70k - 80k. 3. Go to <SysDir> (usually C:\windows\system32) and delete a file ms**.com, different from previous, which also has 70k - 80k. 4. Go to <WinDir> or <SysDir> (where you chose the dll to reside) and delete the dxdgns.dll file (or how you renamed it). (source: http://battleforums.com/history/show/25372.html) PS: I had no success with removal in safe mode. I had to put XP as slave and delete the files this way. More info about Beast 2.01 - here