Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probs With Win32:zhelain-bjl Worm & Win32:small-epj Trojans


  • Please log in to reply
7 replies to this topic

#1 G_Eris

G_Eris

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 November 2007 - 12:47 PM

Hello,

I have a Dell Latitude CPIa with Win XP Pro that seems to be infected with both a worm and a trojan. The trojan turned up first. Name Win32:Small-EPJ. while trying to remove it, I suddenly got warnings from my Avast that it was also infected with a Win32:Zhelatin-BJL worm. My questions are this. How do I remove them and is it possible to find out where I picked them up?

My deepest thanks to anyone who can help me!


After an avast bootscan I have two other trojans trying to make a connection with my laptop. They are Win32:Agent-Kir and win32:Agent-MEB

Edited by G_Eris, 23 November 2007 - 01:15 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 23 November 2007 - 01:52 PM

Hello run these 2 items
1)Panda Activescan?. This Online scan should find and remove most Virus/Trojans.
2)Next:download,install and update. SuperAntispywareThen reboot back to Safe Mode
Scan your root drive (C:\) and quaratine all items found.

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.) Do not run a scan just yet
Reboot in "SAFE MODE using the F8 method and launch SUPERAntispyware.
In the main screen, under "Scan for Harmful Software" click Scan your computer.
There are three scanning options. Choose "Perform Complete Scan" and click "Next".
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure they all have a checkmark next to them and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked to reboot, click "Yes".
If not, select Close to exit the program and reboot normally.

Let us know how ut all went.

Edited by boopme, 23 November 2007 - 01:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 G_Eris

G_Eris
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 November 2007 - 02:15 PM

In your second step you said to download and install. What am I to install and where do I download it? ( I'm not referring to the pandascan in step one)

Thank you sooo much for your help so far!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 23 November 2007 - 02:20 PM

Click the word Superantispyware
The blue words are links. Sorry about that.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 G_Eris

G_Eris
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 November 2007 - 02:40 PM

OK. I'm running the pandascan on my pc. However, it seems my laptop is too far gone for that. It refuses to open the new window for the activescan. I've also seem to have suddenly lost my control panel and task manager. both say the application has been removed my your administrator. I'm assuming the only recourse I have left is reformatting?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 23 November 2007 - 10:46 PM

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "Safe Mode".

Then download and perform a scan with Trend Micro's Sysclean Package.
Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 G_Eris

G_Eris
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 27 November 2007 - 07:46 PM

Let me start by saying thank you to boopme and quietman! This was one heck of a headache for me!!! I had a great deal of trouble running either of the virus programs BUT the Superantispyware and the Dr. Web Cure It! was what saved me. What one spyware program missed, the other picked up. After running both those programs several time, I ferretted out the last in a bootscan with Avast. Then I used the repair options on the Superantispyware program to get back my control panel and my background! I'm assuming that is what is meant by being hijacked? Anyways, thanks again to you both for helping me out. You both should come out with a little extra karma for that one! ;)

Edited by G_Eris, 27 November 2007 - 08:06 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 27 November 2007 - 09:11 PM

Thank you and you're welcome on behalf of both of us.
NOW one last thing to prevent possible accidental reinfection by opening an infected Restore Point. Creating a new System Restore Point, that will be a safe point should you need to restore to it. Malware may still be lurking in these postions. Restore Points are system protected and not scanable by the softwares. So if in there they're still in there still.
Creating a manual Restore Point in System Restore Tutorial

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the most recent Restore Point.
Go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users