Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse? No Internet Or Email Connectivity


  • Please log in to reply
7 replies to this topic

#1 miniviolet

miniviolet

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 July 2007 - 10:01 AM

I'm not sure if I should be posting here or in the internet forum. Yesterday morning I lost all internet connectivity and the ability to receive email. This was just about the same time that my AVG alerted me of a trojan horse downloader.agent.MQQ and moved it to the virus vault. To be honest I can't remember which happened first. This is on my main desktop computer that connects directly to the internet. My laptop that connects through the network can still connect just fine (that is where I am connecting from). My desktop is Windows XP Home Edition, SP2. I just don't even know where to start. My experience is not beginner, but I am far from an expert and this is out of my knowledge. I can follow directions though! Any help would be appreciated.

BC AdBot (Login to Remove)

 


m

#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 PM

Posted 31 July 2007 - 12:34 PM

Do you have a flash drive?

If you do, please download and run the Avast Virus Cleaner Use the flash drive to move Avast to the computer that does not have internet access. Leave the downloaded file on the flash drive and double click to run from the flash drive.

Please post the results back here.

Edited by oldf@rt, 31 July 2007 - 12:36 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 miniviolet

miniviolet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 July 2007 - 12:40 PM

Yes, I do have a flash drive. Thank you, I am doing this now and will report back.

#4 miniviolet

miniviolet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 July 2007 - 01:29 PM

OK, the scan is finished. Here is what it said:

avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\DOCUME~1\CAROLV~1\LOCALS~1\Temp\aswclnr.log

7/31/2007, 12:46:51 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (7.4s).
----------
Files scanning started...
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026204.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026297.dll... file could not be scanned!
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP107\A0026304.exe... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
C:\WINDOWS\Temp\ZLT0401f.TMP... file could not be scanned!
C:\WINDOWS\Temp\ZLT04022.TMP... file could not be scanned!
No virus body found.
Files scanning finished (173921 files, 0 infected, 2245.1s).
Drives scanned: C: F: L:


On the first 3 "System Volume Information" files that could not be scanned, at the same time those popped up the AVG popped up with 3 trojan horse detections. They are the exact same files. The first 2 were Trojan Horse PSW.Generic5.ARB and the last one was Trojan Horse Downloader.Agent.MQQ

Thank you
Carol

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 PM

Posted 31 July 2007 - 01:38 PM

It looks like you should post a hijack this log: download the latest version of Hijack this

Post the log is this forum
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 miniviolet

miniviolet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 July 2007 - 02:15 PM

Thank you. I have posted the log here.

#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 PM

Posted 31 July 2007 - 02:23 PM

miniviolet,


Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 miniviolet

miniviolet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 July 2007 - 02:29 PM

OK, thank you for your help oldf@rt (love the name btw!)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users