Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.win32.monder.gen


  • Please log in to reply
11 replies to this topic

#1 Hoki

Hoki

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 02:44 PM

Hello. i've got a problem ! couple of trojans in windows\system32 and i dont know how to delete em. my friend tried , he got those deleted but the computer started to crash. so he went to boot window and restarted it with the last working system so the trojan's got back to my pc.

i dont have any idea when these came to my pc and i would appreciate if some1 could help me in this hard situation.

and im using XP home edition.

i'll be waiting for response now.

Edited by garmanma, 08 May 2008 - 04:47 PM.
moved to more appropiate forum


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 08 May 2008 - 02:54 PM

Hi :thumbsup: could you kindly tell us your antivirus program and other protection programs you have on board; when were they all last fully updated and run on deep computer scans?

what tools etc did your friend try on your behalf?

#3 Hoki

Hoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 02:58 PM

my friend tried AVG 8 free and some spybot - search & destroy.

and my antivirus program is so lame... its f-secure (i told my mom to get a better 1) and it was last updated few days ago and the full scan was hmmmmm week ago i guess.

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 08 May 2008 - 03:05 PM

Hi; you need to decide what of those TWO antivirus programs you wish to keep on there ; the protocol is to have only ONE ;

may one ask if your friend knows that f secure is an antivirus program ? one might wonder why they went ahead and installed another on top of it

I suggest you remove the avg 8.0 , then fully update your f secure , reboot and run a complete system scan with it ;

also please run superantispyware




Superantispyware; guide on how to install and run



If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

#5 Hoki

Hoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 03:19 PM

mmmmmmmmm... f-secure got malfunction :thumbsup:

it dont let me update or either start the full scan :flowers:.

what should i do now ?

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 08 May 2008 - 03:31 PM

will it let you run the superantispyware scan? that will tell us a wee bit of what might have hit you .....

also please read this pictorial tutorial on xp system restore ; see if IT is still functioning ; if it IS try accessing it to see what might be in there


http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

#7 Hoki

Hoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 03:41 PM

it let me to run the superantispyware. i'll let it run there and read the tutorial.

i'll edit this when im done (might take a while because im slow reading english)

superantispyware found some Adware.180solutions and unclassified.oreans32

and it let me to do system restore but there was that if the PC is infected the infected files get there too

HOLY S*** !! my virus protection just expired !!

Edited by Hoki, 08 May 2008 - 04:06 PM.


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 PM

Posted 08 May 2008 - 03:59 PM

Hi Hoki,
You might also want to download ad-aware 2007, and see if there is any spywares.
Download Ad-aware 2007 from here: Ad-aware 2007 free double click it to run it, follow the steps to install ad-aware 2007. After you installed ad-aware 2007 double click on ad-aware 2007 icon. Check for updates first before you run a scan. After you updated it scan and post back the results.
Above was just a general guideline on how to use ad-aware 2007. A more detailed explanation can be found here: http://www.bleepingcomputer.com/tutorials/use-ad-aware-2007-to-remove-spyware/

You might also want to post this in the "Am I infected" forum, that forum deals with malwares. I am not allowed to help with any malwares in the Am I infected forum. So that's all I can help you.
Good luck

Also try running some online scans as well:

http://www.pandasecurity.com/homeusers/solutions/activescan/
http://www.kaspersky.com/virusscanner
http://www.bitdefender.com/scan8/ie.html

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Hoki

Hoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 04:35 PM

looks like ad-aware dont let me to update. and im running kaspersky atm

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 PM

Posted 08 May 2008 - 06:00 PM

Hi Hoki,
Can you explain what happens when you try updating ad-aware?
Tell me what kaspersky deleted or just show me what kaspersky found?

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Hoki

Hoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:34 PM

Posted 08 May 2008 - 06:09 PM

kaspersky still running but it has found 2 viruses and 4 infected :thumbsup:

"An error occured"

Update

SSL download failed

Suggested Action

Run webupdate.

that's what ad-aware gives and for some reason webupdate dont work. or then im just too amateur.

Edited by Hoki, 08 May 2008 - 06:49 PM.


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 PM

Posted 08 May 2008 - 07:33 PM

Hi,
I see then try reinstalling ad-aware 2007, actually you don't have to, you can just use superantispyware that ruby1 suggusted. Anyways, 4 infected and 2 virus allready!! Wow... that's alot let me know what virus/infections it was once scanning is done.

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users