Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Trojan


  • Please log in to reply
1 reply to this topic

#1 ozibryan

ozibryan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 November 2007 - 11:50 PM

Hi,

I've a bit of a battle with a recent virus that I've experienced, my home PC is a winXP(Pro) that has been embattled for the last 36 hours and this is a more spohistictaed virus than I have previously seen.

I got an initial warning message suggestion: -

Warning! Pote`ntial Spyware` Operation!

Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unauthorised access your files. Click yes to download spyware remover.

There is also a screen that displays the same false warning located at "
http://avsystemcare.com/data/?mtrt=avds22&...info=3923_0_758

However, when trying to search out a resolution I've discovered this one was not so simple. A number of key components became apparent including

Task Manager Unavailable with the message that: Task Manager has been disabled by your administrator

Regedit Unavailable with the message that: Registry editing has been disabled by your administrator

Gpedit.msc was also disabled through the early stages but running through the various steps managed to get this going

Early in the attempt to isolate the problem I downloaded the avast scan which highlighted some more apparent bugs including :

Win32:Warezov-CLK [Wrm]
Win32:Small-EPJ [Trj]

There are other intermittent issues, however the most persistent issue being Win32:Small-EPJ appear alternative every minute or so or floods in every few seconds.

The aVast!warning dialogue identifes the actial virus although the message text on the bottom of the screen suggest that these source of these include the following locations:-

http://62.72.1243.static.theplanet.com/s_1...5205061636b2032
http://208.66.194.241/s_122_167837955?m=3&...5205061636b2032
http://616957.ds.nac.net/s_122_167837955?m...5205061636b2032

I've have run through the various recommended steps in order to prepare to submit to submit the Hijackthis as per your preparation guide, alI suspect with mixed results.

The avast warnings are more frequent than ever and when trying to get to microsoft updates I found that this access had also been disabled.

When looking at the Sygate Log Viewer, there was a message..

Somebody is scanning your computer.
Your computer's UDP ports:
26824, 1468, 30547, and 17337 have been scanned from 10.1.1.3..

Please see attached log.

At any rate I would appreciate some help.

Regards
Bryan

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:16 PM

Posted 25 November 2007 - 01:16 PM

Hello Bryan and welcome to BleepingComputer!

Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users