Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Psw Infections - How Much Damage Can They Do?


  • Please log in to reply
1 reply to this topic

#1 Johnsbomb

Johnsbomb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kent, England.
  • Local time:06:41 AM

Posted 05 August 2007 - 12:32 PM

Good afternoon Gentle People. I am running the latest edition of AGV Free, which is updated automatically daily around 10.00 a.m. GMT. I do a full scan of my computer on a fairly regular basis, approx every 2 - 3 weeks which has always shown to be virus free. However, just recently my computer has started to shut itself down and restart on the very odd occasion, usually when on the internet. On restart it runs normally for the rest of the session. The other day, in my Google history, I found a few web sites that I would not dream of visiting, and when I next looked in the AVG virus vault it showed a Trojan virus which I am sure was not there before despite what the details show.
Details:
Virus Name: Trojan horse PSW. Generic 4.ivy
Path: C:\ WINDOWS\ SYSTEM 32\ iexacxa.dll
Date of Detection: 22/05/07 12.26:25
Filename: iexcxa:dll
File Size: 39.5kb
Healable: No
Source: Backup Copy
Status: Infected
I have searched on the Internet for information about this particular virus and found nothing except that it appears to be part of a group of Trojans that steals passwords, keystrokes, and personal information.
Also, for the past few weeks, on starting up my computer I keep getting the following messages:
1) BT MODEM LOCK ALERT, BT YAHOO INTERNET:- WARNING: THE MODEM CONFIGURED FOR DIAL - UP ACCESS CANNOT BE LOCKED - NOT SUPPORTED OR BADLY INSTALLED.
2) SMARTBRIDGE ALERTS: BT HELP NOTIFIER.EXE - ENTRY POINT NOT FOUND:- THE PROCEDURE ENTRY POINT 'GETPROCESSIMAGEFILENAME W' COULD NOT BE LOCATED IN THE DYNAMIC LINK LIBRARY PSAPI.DLL
I do not use a dial-up modem to access the internet, being on Broadband.
On Friday, I downloaded and ran Windows Defender to do a second computer scan and that also showed no infection. I am not particlarly computer literate so I don't know what damage this Trojan has done, can do, or if it could still be active despite being in the Virus Vault. I most certainly don't know how to repair or clear it from my computer. It seems that maybe it is giving another computer remote acces to mine, but with my very limited experience, I don't know.
Sorry to be so long winded, but I am trying to give as much information as I can.
Can anyone help without being too technical, and thanks for your patience.

BC AdBot (Login to Remove)

 


m

#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:41 PM

Posted 05 August 2007 - 12:45 PM

I would recommend taking this computer off the internet or disabling the internet connection and posting a Hijack this log:
  • A new version of HijackThis has now been released.
  • please download and install the new version.
  • download the installer for Hijack this, and save it to your desktop.
  • Double click on the HJTinstall to run the installer.
  • Agree to install
  • Agree to the license agreement.
  • Hijack this will then open.
  • Click on the do a system scan and save a logfile.
  • notepad will open with your log.
  • Please start a new topic and post the results in the hijack this forum

Edited by oldf@rt, 05 August 2007 - 12:45 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users