Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojandowloadere.xs?


  • This topic is locked This topic is locked
11 replies to this topic

#1 h_i_mcdonnough

h_i_mcdonnough

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 01 October 2007 - 06:39 AM

Looks like I have the trojandownloader.xs ?and am unable to get rid of it running Trend PCillin? have ran a full system scan and still getting the pop ups.

can anyone point me in the right direction?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:50 AM

Posted 01 October 2007 - 08:34 AM

Likely smitfraud.
Use the smitfraudfix tool in the link below. Read the directions carefully. Run option #1 first and if it finds anything, run option #2.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Follow up with the two programs below.

www.superantispyware.com/
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 AM

Posted 01 October 2007 - 10:19 AM

Is Trend PCillin providing a file name and location associated with Trojandowloadere.xs?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 03 October 2007 - 08:29 PM

quietman7 let me check. and post it here.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 AM

Posted 03 October 2007 - 08:45 PM

Ok. That may help to provide a clue as to what your dealing with here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 October 2007 - 06:07 PM

I have 2 screen shots that I can email?

where do I send them?

#7 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 October 2007 - 06:29 PM

ran all the above steps and still getting pop up balloons about computer infected with spyware, and the desktop screen that wont go away.

Noticed a couple of new things. I will get a message that windows cant find c://windows/system32/drivers/pt.htm. The other thing is after windows

I notice a box pop up in the upper left corner of the screen that says something about c:windowasystem32/nusmsgr. then it goes away.

#8 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:50 AM

Posted 05 October 2007 - 07:10 PM

I have 2 screen shots that I can email?

where do I send them?

You don't need to send them nor should you send them to anyone. Please post them right here within your thread. That way everyone can see them and assist you. Please follow the directions here for Inserting An Image Within A Post.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#9 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 October 2007 - 08:24 PM

I did a copy and pasted it as a word document.

#10 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 October 2007 - 08:43 PM

http://s237.photobucket.com/albums/ff286/h_i_mcdonnough/

thanks

#11 h_i_mcdonnough

h_i_mcdonnough
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 October 2007 - 09:11 PM

i will paste my hijack this log in the HJT forum.

#12 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:01:50 AM

Posted 05 October 2007 - 11:06 PM

Hi h_i_mcdonnough,

Now that you have a HJT log posted in the HijackThis Logs and Malware Removal forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

This topic will now be closed, since you have an open log posted.
If you have any questions, feel free to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users