Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With A Trojan

  • Please log in to reply
4 replies to this topic

#1 Lathrup_Baseball


  • Members
  • 8 posts
  • Local time:04:05 AM

Posted 03 August 2007 - 01:28 PM

Hello, I have a Trojan that I am unable to get rid of from my computer. My computer is an EMachines T3306, 2.0GHz, 100 GB Hard Drive, AMD Sempron Processor 3300+ and 512 MB DDR SDRAM. I am running Windows XP-SP2 on the PC. My computer does not experience any slow down or noticeable issues. I do not have any anti-virus software, and my currently only uses the built-in Windows Firewall.

After reading through some bleeping computer forums for tips on how to keep my PC safe from viruses, malware, etc., with anti-virus, anti-malware and other software, I then downloaded "A-Squared Anti-Malware" to see what might turn up because someone highly recommended it. This is when I first discovered I had the trojan, a deep scan of the PC using A-Squared gave these results:

Trojan.Win32.VB.aqt 4files - high risk
File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP226\A0148533.exe
File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP226\A0148534.exe
File: D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP226\A0148535.exe
File: D:\Recycled\cftmon.exe

detected: Trojan.Win32.VB.aqt

After quarantining the files, I went to the Microsoft website and found the Trojan listed, but no details were given regarding the purpose and behavior this Trojan exhibits. I did learn that some Trojans are set to run every time Windows starts up and I believe that is the case with this one, since it is found in the deep scan every time I restart the computer.

Outside of the obvious notification of "high risk" from the deep scan performed using "A_Squared", my level of concern was rasised significantly last night while browsing bleeping computer's forums and running the A-Squared Anti-Malware program, which once again turned up the Trojan in the deep scan. My computer shut down twice on me for no apparent reason, the first time I unplugged the power supply and the second time I just went to bed because it would not cut back on directly by pressing the power button. I am not sure if these are possible effects of the Trojan or if my computer is hijacked, but I wanted to include this information nonetheless.

Thank You for the time and I appreciate any and all responses to help resolve this issue.


BC AdBot (Login to Remove)


#2 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:05 AM

Posted 03 August 2007 - 02:09 PM

First thing I recommend immediate installation of an antivirus program. Check the freeware replacement thread here.

Being online in todays internet without an antivirus is suicide.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Starbuck


    'r Brudiwr

  • Malware Response Team
  • 4,150 posts
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:05 AM

Posted 03 August 2007 - 04:38 PM

Hi Lathrup_Baseball,
Here's some info on the trojan...............

as you can see from this line you posted.......
File: D:\Recycled\cftmon.exe
it's a classic symptom of this trojan.

The other files seem to be in your restore points, which if you follow the advise by oldf@rt will be sorted.

If you are still getting problems try this..

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer into SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Use the ENTER key to make your selection.
Then choose your normal account.

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


#4 Lathrup_Baseball

  • Topic Starter

  • Members
  • 8 posts
  • Local time:04:05 AM

Posted 03 August 2007 - 11:51 PM

Thank you both for the assistance. However, I have not solved my problem. I downloaded and have Avast antivirus protection running. After this, I attempted to run a BitDefender online scanner and my computer shut off as it had done the previous evening. Once, I was able to power it back on (by removing the power cord and plugging it back in), I tried scanning my PC again with A-Squared, which was the first program I downloaded to help detect and remove virus, malware, etc.

Next, I did exactly as Starbuck suggested and downloaded DrWeb-CureIt, saved it to my desktop, rebooted the computer into SAFE MODE using the F8 method. I was prompted to run a scan while the computer booted and I chose yes. So, the program did it's thing and came up with 6 trojans and I prompted for deletion of the infected files. I then chose my owner account to log in once the scan completed. I then tried to scan with DrWeb-CureIt following those directions. I got as far as this step:

*Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

but then the computer mysteriously shut off completely again. I have been on the computer for hours now without having run any antivirus/malware software. I am totally at a loss for what I should do.

#5 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:05 AM

Posted 03 August 2007 - 11:58 PM

Try trend micro's housecall, make sure that you use the java kernel. you can also try to run the scan in safe mode with networking.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users