Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Slow...trojan Virus!


  • Please log in to reply
5 replies to this topic

#1 Arrow92

Arrow92

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:07:28 AM

Posted 20 May 2008 - 01:42 AM

Hey People!

Ok well the bad news is that my computer has a virus.

The good news is that i know it has a virus and what virus and where.

Well it started out like this. My computer was slow. I thought it was software problem(RAM, memory stuff like that) and i thought maybe like defragmenting and stuff will be sufficient. I was WAY wrong. But i dint suspect a virus at first because i scanned with AVG(paid version!)and nothing came up at all. But i was still doubtful, so i used spybot search and destroy AND ad-aware 2007....Nothing....

Then i used Kaspersky online scanner....Woah! Bad stuff ppl. Heres what the report looked like.( I only included the infected stuff to make it shorter)

C:\Program Files\LimeWire\Incomplete\T-3545425-june pona karaoke.mp3 Infected: Trojan-Downloader.WMA.Wimad.n

C:\Program Files\LimeWire\Incomplete\T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccyvt.dll.vir Infected: Trojan.Win32.Monder.gen

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgddc.dll.vir Infected: Trojan.Win32.Monder.gen

C:\System Volume Information\_restore{DA35E196-A2DB-47B7-9EC5-9827389EE05B}\RP194\A0078918.dll Infected: Trojan.Win32.Monder.gen

C:\System Volume Information\_restore{DA35E196-A2DB-47B7-9EC5-9827389EE05B}\RP194\A0078929.dll Infected: Trojan.Win32.Monder.gen

For the full report i attached a file.

So i used bit defender online scanner(it also remover viruses) and it managed to remove the virus in C:\QooBox\Quarantine. Unfortunately the other viruses i could not remove. I used everything i have (AVG, Spybot, Ad-Aware, even bit defender online) but nothing. So, can any one help me now.

Thanks!

For additional information see this closed post: http://www.bleepingcomputer.com/forums/topic146790-15.html

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 20 May 2008 - 07:54 AM

Hi there Arrow92,

C:\Program Files\LimeWire\Incomplete\T-3545425-june pona karaoke.mp3 Infected: Trojan-Downloader.WMA.Wimad.n

C:\Program Files\LimeWire\Incomplete\T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l

These two are files that you have downloaded using the file-sharing programme Limewire. P2Ps are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove Limewire is entirely up to you, but I would strongly recommend that you do.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccyvt.dll.vir Infected: Trojan.Win32.Monder.gen

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgddc.dll.vir Infected: Trojan.Win32.Monder.gen

These are files that have been deleted by Combofix and as such are quite harmless. However there is a slight danger whereby you may accidentally run them, and this will cause infections to surface. To make sure this does not happen, delete the Qoobox folder from your C:\ drive.

Finally, the remaining two are in infected System Restore points; this means that if you decide to roll your PC back to an earlier stage you will become infected once again. In order to prevent said danger, we need to purge them:
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Check Turn off System Restore, click Apply, and then click OK.
More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start | All Programs | Accessories | System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create, and after it has created the restore point, click "Close".
Further instructions on creating a restore point can be found here

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:07:28 AM

Posted 20 May 2008 - 08:10 AM

Ok, i deleted the QooBox. I also deleted all my incomplete Lime Wire files. Should deleting the files be sufficent to remove the virus that is located in that file or should i do anything else?

For the system restore point, i shall do it and report back. But before i do that, just a few questions:
a)By following the steps u have given me, will i change anything on my comp(such as files folders,applications, programmes)
b)Does this get rid of the virus completely or are there more steps?If it does, just wondering how it works(if it is too complicating to explain and too hard,then its ok)

Well yeah basically thats all i can think of right now. Thanks!

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 22 May 2008 - 01:25 AM

To be completely safe you should get rid of Limewire completely, but it doesn't appear that you are going to do so.

a)By following the steps u have given me, will i change anything on my comp(such as files folders,applications, programmes)

Nope, everything will be the same. All we are doing is deleting old, infected Restore Points.

b)Does this get rid of the virus completely or are there more steps?If it does, just wondering how it works(if it is too complicating to explain and too hard,then its ok)

That gets rid of the malware that was present in the log you posted. However, it is always a good idea to run another scan to get a second opinion on the matter. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:07:28 AM

Posted 01 June 2008 - 08:55 AM

Yay! My com is ow officially free of viruses! I used Kaspersky online scanner, AVG scan, Spybot Search and Destroy scan and Ad-Aware scan and everything came up clean! Thanks everyone!

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 01 June 2008 - 09:29 AM

Yay! My com is ow officially free of viruses! I used Kaspersky online scanner, AVG scan, Spybot Search and Destroy scan and Ad-Aware scan and everything came up clean! Thanks everyone!

what happened to the malawarebytes program you were asked to run? do you have its report?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users