Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Dropper Virus


  • Please log in to reply
3 replies to this topic

#1 lazbreath

lazbreath

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:08:09 AM

Posted 28 December 2007 - 12:33 AM

Hi. My PC is running on a Windows Vista Home Premium. Earlier today, I rebooted my PC after installing a game from EA. On startup, a notification with this message came up: "Could not load or run 'C:\Windows\system32\tustt.exe'. Other programmes that load on startup like MSN Messanger and my wireless adaptor's software did not run. I get a notice telling me that I do not have the right permission to access the programmes. After doing a scan, the virus that was detected was the trojan Dropper.Agent.GIT.

Having read an earlier post on using the aswclnr Virus/Worm cleaner, I did so and this is the log:
avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Users\LAZBRE~1\AppData\Local\Temp\aswclnr.log

28/12/2007, 12:39:23 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (42.4s).
----------
Files scanning started...
C:\Boot\BCD... file could not be scanned!
C:\Boot\BCD.LOG... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{38afcdc8-b4f6-11dc-a41b-001d091dc549}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{38afcdce-b4f6-11dc-a41b-001d091dc549}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{444fe052-b1f6-11dc-b26e-001a7033b884}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{444fe058-b1f6-11dc-b26e-001a7033b884}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{444fe18b-b1f6-11dc-b26e-001a7033b884}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{7e6ff75e-b4f8-11dc-b9f8-001d091dc549}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\Users\IUSR_NMPR\ntuser.dat.LOG1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb1... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb2... file could not be scanned!
C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\lazbreath\ntuser.dat.LOG1... file could not be scanned!
C:\Users\lazbreath\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat... file could not be scanned!
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1... file could not be scanned!
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0... file could not be scanned!
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0... file could not be scanned!
C:\Windows\System32\catroot2\edb.log... file could not be scanned!
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\config\COMPONENTS.LOG1... file could not be scanned!
C:\Windows\System32\config\DEFAULT.LOG1... file could not be scanned!
C:\Windows\System32\config\SAM.LOG1... file could not be scanned!
C:\Windows\System32\config\SECURITY.LOG1... file could not be scanned!
C:\Windows\System32\config\SOFTWARE.LOG1... file could not be scanned!
C:\Windows\System32\config\SYSTEM.LOG1... file could not be scanned!
C:\Windows\System32\config\RegBack\COMPONENTS... file could not be scanned!
C:\Windows\System32\config\RegBack\DEFAULT... file could not be scanned!
C:\Windows\System32\config\RegBack\SAM... file could not be scanned!
C:\Windows\System32\config\RegBack\SECURITY... file could not be scanned!
C:\Windows\System32\config\RegBack\SOFTWARE... file could not be scanned!
C:\Windows\System32\config\RegBack\SYSTEM... file could not be scanned!
No virus body found.
Files scanning finished (89409 files, 0 infected, 1363.2s).
Drives scanned: C: D:
----------

Hope you guys can help. Thanks!

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 28 December 2007 - 05:00 PM

To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the tustt.exe file in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.

After doing a scan, the virus that was detected was the trojan Dropper.Agent.GIT.

Can you provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Peacimowen

Peacimowen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 30 December 2007 - 07:36 PM

Can you provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?


I've got the same trojan, Dropper.Agent.GIT, which so far has eluded my attempts at removal, as it always comes right back.

And this would be the full path to the file that always returns:
C:\WINDOWS\system32\mljjg.exe

and now on to trying other solutions...

oh.. note that I'm on XP, not Vista like the OP

Edited by Peacimowen, 30 December 2007 - 07:37 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 30 December 2007 - 11:39 PM

Welcome to BC Peacimowen

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users