PDA

View Full Version : Trojan.Cachecachekit



-N-
06-27-2005, 04:16 PM
I've tried the Symantec solution and another solution I found online to get rid of this problem, but no matter how many registry entries I delete, full scans I run, or what the fuck ever else, it still keeps popping up on reboot. In addition, I can't quit three CC* programs that show up in taskman, obviously having something to do with the trojan. Anyone have any ideas where to start, at least?

Here's the stuff I've tried.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.cachecachekit.html
http://www.geekstogo.com/forum/Norton_detected_trojan_horse_rdrivsys_RESOLVED-t31516-s15.html

Lenna
06-27-2005, 04:50 PM
Neel you need to turn off system restore, to do this go to My Computer right click and select properties, then click the system restore tab ticking the "disable system restore on all drives"

-N-
06-27-2005, 10:42 PM
That was one of the first things I did. :\

-N-
06-28-2005, 01:58 AM
Whee fixed!

Samuraid
06-28-2005, 03:45 AM
CC* programs are symantec/norton related.

ccApp, CCEvtMgr, ccSetMgr

-N-
06-28-2005, 06:13 AM
That's one of the things I found out on my journey. :p

disapointedchild
06-28-2005, 08:31 PM
I think I have the same problem as -N-, but when I do what Lenna told -N- to do, I only get as far as properties. I dont have a system restore tab. What do I do?

Nevermind, I found it. Is it safe to turn it off, cause it gives me a warning.

-N-
06-29-2005, 05:16 AM
Yeah, go ahead. I even tried using it at one point and went all "LOL I FAILED" on me. There's a lot more to do than that, though. I'd suggest going into Safe Mode, and deleting all new files created in the past few days that you don't recognize, and look for rdriv.sys and a.exe and other such known destructive files. Also look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete and registry values of programs you don't want, so they don't run on startup. Be sure to parse the rest of the registry for files like those too and delete them. Finally, run AdAware and SpyBot and Norton a couple times in Safe Mode, and then switch on back. Good luck.

disapointedchild
06-29-2005, 08:04 PM
Yeah, go ahead. I even tried using it at one point and went all "LOL I FAILED" on me. There's a lot more to do than that, though. I'd suggest going into Safe Mode, and deleting all new files created in the past few days that you don't recognize, and look for rdriv.sys and a.exe and other such known destructive files. Also look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete and registry values of programs you don't want, so they don't run on startup. Be sure to parse the rest of the registry for files like those too and delete them. Finally, run AdAware and SpyBot and Norton a couple times in Safe Mode, and then switch on back. Good luck.
Will do, thanks, uh, I may need a little more help, on doing everything between getting into safe mode, and parsing registry files, to delete.