Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble Removing Trojan


  • Please log in to reply
4 replies to this topic

#1 Garbs

Garbs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 January 2008 - 01:09 PM

So I tried to download a serial number, and in downloading it I got myself a trojan. It was named vtspm.exe and vtspm.dll. I used the steps to remove it on this system, and I got rid of the exe and the dll. Problem is, each time I would restart, I would recieve and error message saying it was unable to execute vtspm.dll because it wasn't found. I also found out that there were other files of it (I can't remember the type of file they were, but one was a notpad file) that tried to trick me by having the name backwards (mpstv instead of vtspm), and the trojan made copies of itself by creating two more trojan exe files. iigh and one I can't name off the top of my head. I removed the exe files with autorun, but it seems like the files are still in my system.

Can anyone help out with what I'm dealing with here?

And just to let you know I have a Windows Vista.

Edited by Garbs, 24 January 2008 - 01:09 PM.


BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:03:31 AM

Posted 24 January 2008 - 03:06 PM

You have Virtumonde/Trojan.Vundo etc. You should see How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.b
Don't download serials, cracks, keygens from some friendly looking site (or a risky one) especially when it come in executable form. You have to know the good sites from the bad and there are many more bad than good. Even the trustworthy torrent sites like thepiratebay can't regulate all the stuff that goes through their site. So if your want trouble and you look in bad places you will get heaps of it.

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:31 PM

Posted 24 January 2008 - 03:13 PM

After you have tried VundoFix,
run a panda scan, that should get rid of it.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report

BBPP6nz.png


#4 Garbs

Garbs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 January 2008 - 07:16 PM

Ok, I tried both programs and neither detected anything malicious. However each time I load up my computer I get three error messages.

Posted Image

Any suggestions?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 25 January 2008 - 09:50 AM

So I tried to download a serial number...

Not only is that practice a security risk, it is considered illegal activity and a violation of our BC Discussion/Message Boards Rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen and pirated software sites. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

The "Cannot find...", "Could not run..." or "Error loading..." message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan or the uninstall of a program. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file(s) in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users