Free Malware Removal Forum

by **Glynnroy** » April 5th, 2006, 5:37 pm

ChrisRLG wrote:A new Trojan has been sighted at Dell.

Can anyone write a removal instruction (canned) for it please.

WARNING! WARNING! WARNING!

IF YOU RECEIVE A GIFT IN THE SHAPE OF A LARGE WOODEN HORSE DO NOT
DOWNLOAD IT!!!! It is EXTREMELY DESTRUCTIVE and will overwrite
Youâ€™re ENTIRE CITY!

Please note you have been infected by a wooden horse and although it might seem all right at the time do not permit your firewall to allow data and files from characters especially those who have influences from Greek.dllse. Odysseus and TROY Palladium.temp.

The "gift" is disguised as a large wooden horse about two stories
Tall. It tends to show up outside the city gates and appears to
be abandoned. DO NOT let it through the gates! It contains
hardware that is incompatible with Trojan programming, including
a crowd of heavily armed Greek warriors that will destroy your
army, sack your town, and kill your women and children. If you
have already received such a gift, DO NOT OPEN IT! Take it back
out of the city unopened and set fire to it by the beach.

FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!

I would advise you to do the following on your computer as this is probably the worse infection have seen.

1. Unplug your computer make sure its free from attack this must be for at least ten long years, but bear in mind the Trojans would not surrender.
2. The Greek.DLLE will made several attempts to break down the firewalls and the ports but each time they failâ€¦To help you out down load Greek General Menelaus,or Prince Paris These are not fool proof but the conjunction in love will pull your computer through.
3. IMPORTANT after lengthy spells on your computer do not fall asleep as this is where you are most venerable to attack from a thousand Trojans DO NOT OPEN YOUR FIREWALL GATES TO ANYBODY.
4.If all else fails run

by **AndyAtHull** » April 6th, 2006, 8:04 am

Gary R wrote:You appear to be under threat from the Wooden Horse trojan.

This is a serious infection, and can lead to rape, pillage and general slaughter if the following preventive measures are not taken.

Do not take any vacations in Greece.
Do not seek the aquiantance of any women by the name of Helen.
If you are an inhabitant of Troy, apply to your doctor at once for sick leave.
If large numbers of strange drunken tourists appear outside the city looking for a fight, do not open your city gates.
Under no circumstances should you open the gates to strange wooden deities (no matter how much of an equine fan you are).
If you have not heeded the prior advice, you should not go near the city square on or about midnight.

rofl

by **rav009** » April 6th, 2006, 9:03 am

I'd use WinFixer to remove this one...AlfaCleaner also might be useful

To remove the "BIG WOODEN HORSE" (Win32.BHW/GRGEN -Symantec AV or WTF.BHW.??:P/FAKE-MacAfee AV) please follow my instuctions..

When BWH is executed, it performs the following actions:

1. Creates the following files:

* C:\Documents and Settings\administrator\Desktop\BGW.ink
* C:\Documents and Settings\administrator\Local Settings\Temp\BWH.exe
* C:\Documents and Settings\All Users\Start Menu\Programs\BWH\Contact customer support.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\BWH\Uninstall BWH.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\BWH\BWH on the Web.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\BWH\BWH.lnk
* %ProgramFiles%\Common Files\ShittySoftware\CrXML.dll
* %ProgramFiles%\Common Files\ShittySoftware\PCheck.dll

Adds the value:

"BIG WOODEN HORSE 2005" = "C:\Program Files\BWH-FX5.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so that the risk runs every time Windows starts." = "C:\Program Files\BWH\FX5.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so that the risk runs every time Windows starts.

removal instructions

The following instructions pertain to all WinFixers & AlfaCleaner products that support security risk detection.

1. Update the definitions.
2. Run a full system scan.
3. Delete any values added to the registry.

Alternative Cleaning precedure

Should do the trick

by **winchester73** » April 6th, 2006, 10:21 am

The trojan is also known to stick these in the HJT log:

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\_.gof

O4 - HKLM\..\RunServices: [Microsoft is Gay] nesse69.exe

If you use WinFixer to remove the pest, you'll likely see this warning:

http://atom.smasher.org/error/random_image.png.php?

by **rav009** » April 6th, 2006, 1:43 pm

@winchester73 , LOL

by **Nellie2** » April 6th, 2006, 4:11 pm

In my opinion, if anyone is stupid enough to get hit by the BIG WOODEN HORSE trojan then the only option is R&R and serves 'em right and all.

by **ChrisRLG** » April 6th, 2006, 4:14 pm

anyone object to this being moved to the 'Open for sharing' room - in the public.

Others might like to see the humor

by **Gary R** » April 6th, 2006, 4:16 pm

Sounds good to me. :thumbleft:

by **Nellie2** » April 6th, 2006, 4:26 pm

Not at all, R&R = reformat and reinstall

by **SpotCheckBilly** » April 7th, 2006, 3:53 am

I'm with Winchester73. The only true way to remove a BWH Trojan, short of Nellie's recommended R&R is the use of the BFH tool. Post removal cleanup will most likely require the use of BFS, followed immediately by execution of the BFB and BFDP tools.

I have also been hanging out around the hacker sites lately and have devised my own one step cure for BWH. It is a small executable named GTC.exe. It is installed on the root drive and is triggered when BWH tries to execute. Once triggered it releases the Giant Termite Colony program which literally devours the BWH Trojan before it can do any damage. Only one caveat. Make sure that your PC case is isolated from any wooden structures such as computer desks, etc., as GTC is slightly unstable and occasionally leads to a buffer overrun which could possibly cause irreparable damage to nearby wooden structures. 2 to 3 inches isolation should do the trick.

by **ChrisRLG** » April 7th, 2006, 4:09 am

Very Good

by **turtledove** » April 7th, 2006, 4:44 am

SpotCheckBilly wrote:I'm with Winchester73. The only true way to remove a BWH Trojan, short of Nellie's recommended R&R is the use of the BFH tool. Post removal cleanup will most likely require the use of BFS, followed immediately by execution of the BFB and BFDP tools.

I have also been hanging out around the hacker sites lately and have devised my own one step cure for BWH. It is a small executable named GTC.exe. It is installed on the root drive and is triggered when BWH tries to execute. Once triggered it releases the Giant Termite Colony program which literally devours the BWH Trojan before it can do any damage. Only one caveat. Make sure that your PC case is isolated from any wooden structures such as computer desks, etc., as GTC is slightly unstable and occasionally leads to a buffer overrun which could possibly cause irreparable damage to nearby wooden structures. 2 to 3 inches isolation should do the trick.