Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Killav (trojan.chost) Infection


  • Please log in to reply
1 reply to this topic

#1 dmbRedGetta

dmbRedGetta

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 23 May 2008 - 08:51 AM

I have run into the exact same problem as this post

Basically, my mom's computer was infected with a couple of things so she had me come look at it. As the other member did, I used my jump drive to transfer files from my laptop to her computer (removal tools from Symantec's website because LiveUpdate wasn't working).

Even though I was able to clean her computer most of the way, I still couldn't update Norton's. After I did some research I found out about the Hosts file, so I check it and hers was clean (although I didn't look for others).

Since I spent a day and a half really getting no where, I told her we would need to reformat. That's scheduled for this weekend, but if you all have anything you'd like me to try I'm definitely willing to give it another shot (I want to beat this thing). I think the more common name for the trojan is KillAV, but it looks like it has many names (http://www.threatexpert.com/threats/trojan-chost.html).


What's more urgent is that it seems that the virus has jumped to my laptop. Now, every time I boot Windows (XP Pro, btw), my Norton pops up that it deleted 3 files:
C:\bs.exe
C:\Documents and Settings\...\Local Settings\Temporary Internet Files\Content.IE5\6C10FLZB\planet[1].exe
C:\Documents and Settings\...\Local Settings\Temporary Internet Files\Content.IE5\6C10FLZB\planet[2].exe
although the last folder seems to be random every time.

I have run scans with Symantec (which I thought would be best since that's what is catching it to begin with), Trend Micro's online scanner, Trojan Hunter, and Ad-Aware and all say my system is clean.

So what could be kicking this off at startup? I get the message from Symatec that the files were deleted just as my desktop and settings are loading (right after I log in).

I have attached an OTScanIt log and a hijackthis log.

Thanks!
Matt

Attached Files



BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:54 PM

Posted 21 June 2008 - 07:31 AM

Hello dmbRedGetta and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users