Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Trojan Downloader.vb.axa


  • Please log in to reply
1 reply to this topic

#1 sourav1

sourav1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 07 March 2008 - 10:28 AM

HI,

This is Sourav here. I have dell Inspiron 1520. I have spyware doctor and Mcfee installed in my machine ( but this is out of warranty , o doesn't work). I use xp home edition. I am writting down in a list what the problem I have with my laptop and how did I got into this. I f someone can help me how to get rid of this, it would really be helpful to people as newbee as me.

1. I tried intalling some activex stuff from net.
2. After clicking RUN it did not do anything, just the samll window with run button disappeared.
3. Just afetr that I heard one peculiar music is coming from my laptop. I cloased all Internet explorer window but still the music went on. I ran spyware doctor , it found smoe of the spywares along with trojan downloader.vb.axa. As many times I an the doctor it cudnt remove this. So I followed the path it found the spyware, went ther and shift deleted everthing. The paths are

C:\Documents and Settings\Friends\Local Settings\Temporary Internet Files\content.ie5\ZLYBZGO7\data[6].htm
C:\Documents and Settings\Friends\Local Settings\Temporary Internet Files\content.ie5\X8QQVJRY\index[4].htm

But it didnt work. what \i got update about this trojan is it connects some server to download software unknowingly. perhaps the music was coming from that server.
4. Then I installed CCleaner and ran it to delete my temporary internet folder. But problem is still there.
5.While installing CCleaner, I ran registry checking utilities which said there are 131 infected files in registry.
6. I tried a scanning by spyware isolator which found many infection with the trojan downloader.
7. Moreover I am not able do ctrl alt delete as it says task manager is disabled by your adminisrator. I am actually in a different account, not in the admin account. I tried ctrl alt delete after that from admin account and it works there.
8. My default IE browser is getting redirected to

//softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
which in turn redirects to
//ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

9. There was also another report worm.win32.netsky infection. I went to ren, typed MRT there, went to Microsoft checking, then scanned full, deleted the infections. Still no hope.
10. I keep on getting spyware alert, one red ball with white cross in the right side down on the desktop and many system alert messages.

The uploaded file has got infections found by spyware isolator and microsoft windows malicous software removal tool.

If anyone can help this poor soul, I shall be really grateful. It is only 3 months I bought the new laptop.....

Edited by KoanYorel, 07 March 2008 - 10:50 AM.
To disable hot link URLs above and move to more appropriate forum


BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,696 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:37 AM

Posted 08 March 2008 - 12:47 AM

Hello and welcome to BC sourav1 :flowers:

I have spyware doctor and Mcfee installed in my machine ( but this is out of warranty , o doesn't work)


I wish to clarify. The way you've phrased this says that your machine is out of warranty and doesn't work, but I don't think that is what you meant. Did you mean that McAfee's license has expired, that Spyware Doctor's license has expired, or both?

I tried intalling some activex stuff from net


Please identify what these ActiveX programs were. What site were you on to download them? (Please do not post a live link. Change the letters http to htxp or something similar, and www to wnw or something similar.) This is important as it appears that this is the source of your infection and may help us identify it.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users