Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help With Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 OkCherokee

OkCherokee

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 12 December 2007 - 02:12 AM

A friend gave me a download link for Internet TV. I d/l and scanned the file with Norton. I installed the program and imediately my Norton and Spybot went off.

A spybot menu pops ups every few minutes saying (below)...I kept hitting Deny Change but it returns every few seconds. I hit automatic but still get a Spybot blacklist notification every few seconds.

Catagory: System Startup user entry
Change: Value added
Entry: Winsock2driver

New Date TRYC.EXE

Clicking the info button says

Current filename: TRYC.EXE
Database status: Not required - virus, spyware, malware or other resource hog
Value: Winsock2 driver
Filename SDJOIJE.EXE

Description: Trojan

Source: Paul Collins Startup List


Can you please help me remove this item from my computer. I ran Spybot and Immunized the registry changes but it seems to continue to return.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:53 AM

Posted 12 December 2007 - 06:44 AM

Try SAS to remove the malware.
Download and Install Super Antispyware free. Reboot into Safe mode and Run SAS. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

W32.Spybot!dr is an installer for threats that drops W32.Spybot.Worm. It also installs a Backdoor Trojan which is detected as Backdoor.IRC.Cloner.

This is a dangerous piece of malware. Malware listed as "Backdoors" have the ability to completely compromise your computer. They are used to gather and transmit data found on your computer concerning banking details, credit cards, paypal,etc.

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 December 2007 - 07:18 AM

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of worm, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 OkCherokee

OkCherokee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 12 December 2007 - 05:46 PM

wa-do u-do-hi-yu u-tsa-ti (wah doe ooh doe he you ooh chaw tee) Thank You Very Much (in Cherokee)

I ran Superantispyware but it didnt even pick it up. I went into the regedit files and found Winsock2driver TRYC.EXE in the Local Machine RUN file and deleted it. Rebooted and ran Spybot, Super Anti Spyware (normal mode) and both came back clean. Should I redo this in safe mode? Think Im clean of this undesirable critter?

#5 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:53 AM

Posted 12 December 2007 - 06:21 PM

Best to post a Hijack This log. Use the link in my first post. Be sure to post in the HJT Forum. NOT in this forum.

Just as a side note, my great grandmother was Cherokee.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 OkCherokee

OkCherokee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 12 December 2007 - 08:41 PM

I think I followed each of the steps correctly and posted the logfile in the correct location on the forum.


Best to post a Hijack This log. Use the link in my first post. Be sure to post in the HJT Forum. NOT in this forum.

Just as a side note, my great grandmother was Cherokee.


If your great grandmother was Cherokee..then so are you. Glad to meet you!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 12 December 2007 - 08:57 PM

OkCherokee, Yes the log is properly posted,thank you.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users