Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sign Of "win32.wopla-ah[trj]"


  • Please log in to reply
1 reply to this topic

#1 reginagirl

reginagirl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 06 February 2008 - 02:21 AM

Hello,
I have been recently infected with the above trojan. I am operating on Windows Vista basic, and use Avast! 4.7 as my antivirus.
I know how I became infected, as I foolishly opened an .exe file. Avast alerted me of this, and advised me to move it to the chest. This did not seem to end my problem. My IE brower opened on its own and tried to connect to a website. It then opened up new tabs to try again. I immediately aborted my internet connection and rebooted my laptop into safe mode. I then ran a virus scan. It found two files that were infected, both being .wma files.
I have since ran 3 more virus scans in regular mode, but it does not say I am infected. However, my web browser still starts on its own, and continues to open new tabs. I am certainly not convinced my computer is clean.
The following is what Avast has found:

Sign of "Win32:WimAD-I[Trj]" has been found in "C:\Users\Owner\Music\Top of Charts - 2005 (touch).wma" file.

Sign of "Win32:WimAD-I[Trj]" has been found in "C:\Users\Owner\Music\Rare Recording.wma" file.

Sign of "Win32:TratBHO [Trj]" has been found in "C:\Users\Owner\AppData\Local\Temp\iuhgpxbw.dll" file.

Sign of "Win32:TratBHO [Trj]" has been found in "C:\Users\Owner\AppData\Local\Temp\xdnplvsu.dll" file.

Sign of "Win32:TratBHO [Trj]" has been found in "C:\Users\Owner\AppData\Local\Temp\pwulbmjk.dll" file.

Sign of "Win32:Wopla-AH [Trj]" has been found in "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8C4TSB8\Immqrv[1].htm\[UPX]" file.

Sign of "Win32:Adware-gen [Adw]" has been found in "http://w4s2.work4sure.com/c/ge/w4sgeen9.exe" file.

I was hoping someone here would have some directions on removing these things. Otherwise, since I only use my computer for storing pictures, music and instant messaging, am I better off just wiping my hard drive and starting over? If I have posted in the wrong area, I do appologize for wasting anyone's time.

Thank you for reading, and I look forward to the advise from anyone who can help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 AM

Posted 08 February 2008 - 10:31 PM

Hello please follow these instructions as I feel it's your best bet to be able to save your data. It'll take a few days as they are very busy bunch of volunteers.
Scrolll to step 9 .. Preparation Guide for use before posting a HijackThis Log
Then post that log HERE, by clicking New Topic and give it a title.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users