Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans


  • Please log in to reply
3 replies to this topic

#1 Dalzot

Dalzot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 January 2009 - 10:28 AM

Working on a friend of the family's pc who has had multiple trojan's on her machine (add in the list here in a few.) Think I got most if not all of them off the machine. Minus now when I open IE7 or Safari the home page or other sites will not load, oddly I can ping sites though. Hosts file is fine, only has localhost in it so far.
Also if you try to ctrl+alt+del it will say "Task manager has been locked out by your administrator" user account is a administrator and also if you try to changed the desktop background that is grayed out as well. have ran AVG, Spybot S&D, HijackThis, CCleaner (for temp folders) and Vundofix which found nothing. Going back again today to malware bytes? Possibly Combofix also.

Here is the list of found virues/trojans that AVG moved into the vault. There were more from spybot but was instructing over the phone so wouldn't get the log on that.
Adware.Altnet
Agent.ASLF
Agent.ASPD
Agent.ASQO
Agent.ASSG
Agent.ASXK
Agent.ASYI
BHO.GUL
BHO.GVD
BHO.GYU
BHO.GZA
BHO.GZN
BHO.HAC
Downloader.Agent.ATBF
Downloader.Generic8.OCD
Downloader.Generic8.PTP
Downloader.Tibs
Downloader.Zlob
FakeAlert
Generic12.ACEG
Generic12.ACUF
Generic12.AJHI
Generic12.AJOT
Generic12.AKSU
Generic12.AKXK
Generic12.AMQH
Generic12.AOVH
Generic12.APER
Generic12.AQCL
Generic_c.ABVX
Generic_c.ABVY
Generic_c.TST
Generic_c.TSW
JS/Downloader.Agent
PSW.OnlineGames.BLJK
SHeur2.GFO
SHeur2.JDY
SHeur2.KSW
SHeur2.LPR
Vundo.CI
Vundo.CJ
Vundo.CS
Vundo.CU
Vundo.CV
Vundo.CY
Vundo.DG
Vundo.DP

Thanks for any help.

EDIT: Typo and forgot to mention it is XP Home pc, 2.4GHz and 1.2GB of ram. Also don't have a XP Home disk.

Edited by Dalzot, 20 January 2009 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 AM

Posted 20 January 2009 - 03:53 PM

Hello and welcome. Please do this to fix the Task manager issue.

This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File Exit.

Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dalzot

Dalzot
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 January 2009 - 10:03 AM

Thanks for the link to the script, saved time surfing through the registry and got the pc cleared up yesterday. Combofix is new tool I like, had a few remaining well at least what combofix classified as backdoors. Files were in system32 and all started with sere then a bunch of random letters.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 AM

Posted 21 January 2009 - 03:51 PM

A note on ComboFix from it's author...IT is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users