Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove Trojan Horse Generic10.abza


  • Please log in to reply
5 replies to this topic

#1 Ineedsumhelp

Ineedsumhelp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 27 May 2008 - 12:17 PM

Hi I need some help please. About a week ago i got the malwarrior virus in my computer. so i started getting info on how to remove and after a week of running programs to remove it i have gotten rid of it. i even ran the sdfix download i got from your website and it helped. Now to my problem. Everything seems like it is back to normal except i keep getting pop ups when i'm online and when i run avg it tells me i have the trojan horse generic10.abza in these to files c:\windows\system32\byXNdbXQ.dll and c:\windows\system32\lsass.exe. When i try and remove them the computer tells me i have no access to one file and the other says it is being used in another program. I also tried removing them using autoruns but they keep coming back. Please Please i need some help removing these files. Thank you for all your help.

{Mod Edit:Moving from XP to AII!!boopme}

Edited by boopme, 27 May 2008 - 12:29 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 27 May 2008 - 02:08 PM

hello would you please do this scan and post back the log.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ineedsumhelp

Ineedsumhelp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 27 May 2008 - 03:30 PM

Thank you so much for responding so quick here are the results-
Malwarebytes' Anti-Malware 1.12
Database version: 791

Scan type: Quick Scan
Objects scanned: 36294
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\diylqlqp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0ec6386 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\diylqlqp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pqlqlyid.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516104310359.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516110903171.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516154817796.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516160825093.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516163419390.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516165841562.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516170538062.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080517063521187.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

Another question (sorry). Is my pc ok now after this scan or do i have to repeat this scan daily?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 27 May 2008 - 03:47 PM

OK good and you're welcome.
You need to reboot if you haven't. Please run it once more after that and let's see. tell me if you still have any symptoms.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 family guy

family guy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 21 September 2008 - 05:04 AM

Just a quick thank you ,my pc had almost ground to a halt ,spent all morning trying to find a solution going from forum to forum ,website to website ,came on here had a look about ,read one of the headers on the side advising to down load
Malwarebytes' Anti-Malware 1.12

did just that it was FREE 10 minutes later vundo was in the bin ,i have upgraded to the pro version as i was so pleased .
After dredging the net ,reading various articles i cant believe it was so simple

thanks again

Peter Griffen

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 PM

Posted 21 September 2008 - 06:16 AM

Your MBAM log indicates some files will be deleted on reboot. If MBAM encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. If you have not rebooted, make sure you do this.

Your MBAM log also indicates you used an older version of MBAM with an outdated database. Since you just updated to the Pro version, I recommend you perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users