Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What I think is a trojan..


  • Please log in to reply
4 replies to this topic

#1 JorDANK

JorDANK

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 03 January 2009 - 06:32 AM

Right well, I was browsing the internet using firefox and I got an alert for a trojan-downloader.zlob of some form, I told AVG to block it from running and AVG reported that it did, however, my PC went all jumpy and in my task manager processer there were various dll's, and prunnet.exe. Then I got an alert saying "System has detected certain errors, click here to get a scan to detect these errors and fix them, along with a flashing icon in the task bar. I began by removing prunnet.exe from the Startup part of the registry and then tried rebooting, but it didn't remove, however the flashing icon has never appeared again.

Symptoms
- Certain websites that could include help such as this one, on the infected PC, will not load, I get a "Connection Refused" error in both Firefox and on IE, however it works on other computers.
- AVG, Spybot S&D and Ad-aware refuse to update.
- Security Center is automatically turned off when the PC is turned on, however Auto-update and the Firewall are still set to on.

I ran an AVG scan and picked up the trojan-downloader.zlob again and attempted to remove it, but the symptoms still exist, however, nothing is picked up by AVG with a full system scan.
I also have noticed no strange processes in my task manager, i've had every single one for months now, as I check them regularly.

BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 03 January 2009 - 07:31 AM

Download Malwarebytes' Anti-Malware to your desktop.

* 2X-click mbam-setup.exe and install the program.

* At the end, checkmark:


o Update Malwarebytes' Anti-Malware

o Launch Malwarebytes' Anti-Malware



* Then click Finish.

* As soon as it loads, select quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad.

*Post the log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (i.e. Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

#3 JorDANK

JorDANK
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 03 January 2009 - 04:57 PM

Oh, thanks so much, i'll make sure to keep Anti-Malware, AVG, Spybot and Ad-aware all managed to fail in detecting these 17 virus I had hidden, even though I scan very regularly. I'm actually posting this on the ex infected PC. And AVG and Spybot were sucessfully updated.
I'd like to know which one of these trojans was causing me all this trouble all of a sudden though. I've been working on my own trying to get rid of it for 2 days now, editing registry entries with no luck.
I'd like to thank you Jay-P, for all of the help and taking your time with the reply, i'll not be so stupid as to let myself get this many trojans next time.
Yes thanks a bunch. :thumbsup:

Malwarebytes' Anti-Malware 1.31
Database version: 1604
Windows 5.1.2600 Service Pack 3

03/01/2009 21:54:55
mbam-log-2009-01-03 (21-54-55).txt

Scan type: Quick Scan
Objects scanned: 65177
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\senekapmmmujvk.dll (Trojan.Seneka) -> Delete on reboot.
D:\Documents and Settings\Ellis\Local Settings\Temp\seneka10da.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalyabayuf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaymevxfqr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekagskwkmna.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqla.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by JorDANK, 03 January 2009 - 05:07 PM.


#4 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 03 January 2009 - 09:11 PM

You are welcome.

Now, have you restarted your computer?


I've been working on my own trying to get rid of it for 2 days now, editing registry entries with no luck.

I recommend to always be very careful not to modify parts of the registry other than those expressly mentioned by any Trusted Installer or Computer guru. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. It cannot be guaranteed that problems resulting from the incorrect use of Registry Editor can be solved.

EDIT: Added quote from JorDANK

Edited by Jay-P VIP, 03 January 2009 - 09:17 PM.


#5 JorDANK

JorDANK
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 04 January 2009 - 11:08 AM

Yes, computer has been restarted and the problems have all gone, i've updated everything, defragmented and ran disk cleanup and made myself a nice fresh restore point to save some trouble if this ever happens again.
And about the registry editing, I really only look at the Software.. Run part, i'd never mess with the other parts. :thumbsup:

Anyway yes, thanks again Jay-P, you've been of great assistance. :flowers:

Edited by JorDANK, 04 January 2009 - 11:08 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users