Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Metajuan Trojan


  • Please log in to reply
6 replies to this topic

#1 pilaar39

pilaar39

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 31 March 2009 - 02:47 PM

I have a notebook pc infected with the Metajuan Trojan. Everything I have tried so for will not remove it.

I am currently running from another PC, as I am somewhat concerned with running the infrected pc until I get it fixed.

The infected pc is a Toshiba notebook, running windows xp home. Norton AV detected the Metajuan Trojan, but fails to remove it, instead prompting me to visit their home site for information on this trojan and specifics on how to remove it. Why Norton just did not remove it beats me.

Anyway, following their instructions, they say:

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

Navigate to and delete the following registry entry:

HKEY_CLASSES_ROOT\CLSID\68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50}\InprocServer32\"Default" = "%Temp%\[NAME OF TROJAN EXECUTABLE].dll"

Navigate to and delete the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50}


Unfortunately, neither of these registry keys exist in my registry.. I did a FIND several times, and just cannot find them.

They also suggest running my AV in safe mode, which I did, but in safe mode it does not detect the trojan. Now this may be because (for whatever reason), Norton in safe mode is not up to date. I get a warning message saying that in safe mode, Norton is not that reliable and may not work correctly. Furthermore, in safe mode, it says my AV defintions are out of date! Which of course, are not when I do not run in safe mode.

I have done a number of internet searches on this trojan, and all seem to indicate that it resides in the registry, and not any file(s) - yet I just cannot find it in my registry.

Any ideas/suggestions would be GREATLY appreciated!!

Everything is up to date on the PC, including the latest MS patches and Norton liveupdates. I should mention that this version of Norton is supplied by my ISP, ROGERS.COM. I did contact them regarding this issue, but they were of no help, and suggested I contact Symantec. I tried that but the wait list is long, and I highly suspect they will tell me that because I am running an ISP version of Norton, to contact my ISP.. and I will end up going in circles.

Edit: one more thing.. when I click on the virus link that norton gives me, it says the affected areas are one file, uacddmakwfl.dll in the sustem32 folder (which of course I cannot find either), and also one additionat affected area, which is 'unknown). Lots of help!!

Edited by pilaar39, 31 March 2009 - 03:06 PM.


BC AdBot (Login to Remove)

 


#2 pilaar39

pilaar39
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 April 2009 - 05:12 PM

Well, I would have edited my first post, but can't seem to find the edit button anymore. So, I am posting this reply with more info.

I fear I may be in deep trouble here, as I downloaded Hijackthis to see what was the status of my system, however, Hijackthis will not install.. it just sits there with the install process running in the taskmanager, but nothing happens. Maybe something in the virus is preventing me from installing it?

Anyway, am now running House Call to see if it detects Metajuan...

#3 KonamiYoto

KonamiYoto

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 01 April 2009 - 07:35 PM

If I recall correctly, a Metajuan Trojan won't allow you to install any Anti Virus or removal programs. Either that, or you attempted to download something for the wrong system.
But, if I'm wrong, I recommend clicking the link in my signature entitled "Panda Security Active Scan" and scan your computer with that.
Norton is known to send pop up messages saying there's a virus in your computer even though there isn't.

Now, in order to see if the file "uacddmakwfl.dll" is on your computer, click start >> Run >> Type in the name of the file >> Click OK.
Now wait to see if it comes up with anything.

Has your PC been running slower, anything different?

Edited by KonamiYoto, 01 April 2009 - 07:35 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:23 PM

Posted 01 April 2009 - 08:09 PM

Please follow the preparation guide for submitting a HJT log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 pilaar39

pilaar39
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 April 2009 - 09:24 AM

Well, it now appears to be fixed... will closely monitor it for the next few days.

garmanma: I thought I had mentioned that I could not install HJT - it just hung after attempting to launch it.

Anyway, on a whim, I ran a CounterSpy scan, and to my surprise, it detected about 5 more trojans, in addition to single Metajuan detected by Norton, and successfully deleted/quarantined them. I then re-ran Norton and it ran clean.

The most disappointing thing was that I generally practice very safe computing. If I get a new executable file, I always run a scan on it before running it.. obviously, this time Norton failed me, indicating that there was no threat in the file, when in fact it has a payload that took me days to get rid of.

edit: btw.. House Call did not detect any problems on my computer.. not impressed!

Edited by pilaar39, 02 April 2009 - 09:26 AM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:23 PM

Posted 02 April 2009 - 06:16 PM

It is not "Hijack This" per se. It is a DDS scan log that contains a pseudo HJT log. If that doesn't run we have two other options to try
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 pilaar39

pilaar39
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 April 2009 - 08:01 PM

The problem was that Hijackthis would not install at all. Later when I got rid of the trojans (there were 5 others besides Metajuan), it was able to install,and of course, run a trace log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users