Help
I'm not sure if I should be posting here or in the internet forum. Yesterday morning I lost all internet connectivity and the ability to receive email. This was just about the same time that my AVG alerted me of a trojan horse downloader.agent.MQQ and moved it to the virus vault. To be honest I can't remember which happened first. This is on my main desktop computer that connects directly to the internet. My laptop that connects through the network can still connect just fine (that is where I am connecting from). My desktop is Windows XP Home Edition, SP2. I just don't even know where to start. My experience is not beginner, but I am far from an expert and this is out of my knowledge. I can follow directions though! Any help would be appreciated.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Page 1 of 1
Trojan Horse? No Internet Or Email Connectivity
Back to top
#2
- Forum Addict
-
- Group: Members
- Posts: 2,609
- Joined: 06-November 05
- Gender:Male
- Location:Avondale, Arizona USA
Posted 31 July 2007 - 12:34 PM
Do you have a flash drive?
If you do, please download and run the Avast Virus Cleaner Use the flash drive to move Avast to the computer that does not have internet access. Leave the downloaded file on the flash drive and double click to run from the flash drive.
Please post the results back here.
If you do, please download and run the Avast Virus Cleaner Use the flash drive to move Avast to the computer that does not have internet access. Leave the downloaded file on the flash drive and double click to run from the flash drive.
Please post the results back here.
This post has been edited by oldf@rt: 31 July 2007 - 12:36 PM
The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage
**WARNING** Links I provide might cause brain damage
#3
- New Member
-
- Group: Members
- Posts: 7
- Joined: 31-July 07
Posted 31 July 2007 - 12:40 PM
Yes, I do have a flash drive. Thank you, I am doing this now and will report back.
#4
- New Member
-
- Group: Members
- Posts: 7
- Joined: 31-July 07
Posted 31 July 2007 - 01:29 PM
OK, the scan is finished. Here is what it said:
avast! Virus Cleaner Tool - version 1.0.211 Unicode
Creating log file: C:\DOCUME~1\CAROLV~1\LOCALS~1\Temp\aswclnr.log
7/31/2007, 12:46:51 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (7.4s).
----------
Files scanning started...
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026204.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026297.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026304.exe... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
C:\WINDOWS\Temp\ZLT0401f.TMP... file could not be scanned!
C:\WINDOWS\Temp\ZLT04022.TMP... file could not be scanned!
No virus body found.
Files scanning finished (173921 files, 0 infected, 2245.1s).
Drives scanned: C: F: L:
On the first 3 "System Volume Information" files that could not be scanned, at the same time those popped up the AVG popped up with 3 trojan horse detections. They are the exact same files. The first 2 were Trojan Horse PSW.Generic5.ARB and the last one was Trojan Horse Downloader.Agent.MQQ
Thank you
Carol
avast! Virus Cleaner Tool - version 1.0.211 Unicode
Creating log file: C:\DOCUME~1\CAROLV~1\LOCALS~1\Temp\aswclnr.log
7/31/2007, 12:46:51 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (7.4s).
----------
Files scanning started...
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026204.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026297.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026304.exe... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
C:\WINDOWS\Temp\ZLT0401f.TMP... file could not be scanned!
C:\WINDOWS\Temp\ZLT04022.TMP... file could not be scanned!
No virus body found.
Files scanning finished (173921 files, 0 infected, 2245.1s).
Drives scanned: C: F: L:
On the first 3 "System Volume Information" files that could not be scanned, at the same time those popped up the AVG popped up with 3 trojan horse detections. They are the exact same files. The first 2 were Trojan Horse PSW.Generic5.ARB and the last one was Trojan Horse Downloader.Agent.MQQ
Thank you
Carol
#5
- Forum Addict
-
- Group: Members
- Posts: 2,609
- Joined: 06-November 05
- Gender:Male
- Location:Avondale, Arizona USA
Posted 31 July 2007 - 01:38 PM
It looks like you should post a hijack this log: download the latest version of Hijack this
Post the log is this forum
Post the log is this forum
The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage
**WARNING** Links I provide might cause brain damage
#7
- Forum Addict
-
- Group: Members
- Posts: 2,609
- Joined: 06-November 05
- Gender:Male
- Location:Avondale, Arizona USA
Posted 31 July 2007 - 02:23 PM
miniviolet,
Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage
**WARNING** Links I provide might cause brain damage
#8
- New Member
-
- Group: Members
- Posts: 7
- Joined: 31-July 07
Posted 31 July 2007 - 02:29 PM
OK, thank you for your help oldf@rt (love the name btw!)
Share this topic:
Page 1 of 1