Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.starter.896


  • Please log in to reply
10 replies to this topic

#1 ormes21

ormes21

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 27 July 2009 - 08:30 PM

Hi all,

I only recently put this computer on the net and Dr. cure it found a virus "Trojan.starter.896" :thumbsup: . I must have got it from an external harddrive, so far I have scanned my computer with most of the popular free tools and no such luck yet!!

Can anyone help?

Thanks alot,

Andy


**I Just realised there is a section for removing trojans, so this topic needs to be moved? I dont want to post the same thing twice. Sorry!!**

Edit: Moved topic from Vista to the more appropriate forum as requested :flowers: . ~ Animal

Edited by Animal, 27 July 2009 - 09:25 PM.


BC AdBot (Login to Remove)

 


#2 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 28 July 2009 - 02:09 PM

hello?? :thumbsup:

Currently running a dr cure it complete scan, will post up the results when its finished.

Andy

#3 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 28 July 2009 - 04:51 PM

Ran dr cure it. It took a long time to do a scan, not because my comp is running slow but because theres alot of files on this comp.

Anyway heres the results,

tmpF7CB1.tmp;C:\Documents and Settings\Andrew Ormes\DoctorWeb\Quarantine;Trojan.Starter.896;Incurable.Moved.;
Flash_Disinfector.exe\nircmd.exe;C:\Users\Andrew Ormes\Downloads\Flash_Disinfector.exe;Tool.NirCmd.1;;
Flash_Disinfector.exe;C:\Users\Andrew Ormes\Downloads;Archive contains infected objects;Moved.;
Flash_Disinfector.exe\nircmd.exe;J:\Documents and Settings\Andrew Ormes\DoctorWeb\Quarantine\Flash_Disinfector.exe;Tool.NirCmd.1;;
Flash_Disinfector.exe;J:\Documents and Settings\Andrew Ormes\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
tmpF7CB0.tmp;J:\Documents and Settings\Andrew Ormes\DoctorWeb\Quarantine;Trojan.Starter.896;Incurable.Moved.;

Flash disinfector was something that I read about on this forum so not sure if to ignore it?

any help would be really appreciated,

thanks!!

Andy

#4 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 28 July 2009 - 06:39 PM

Did a full scan using superanti spyware in normal mode, here are the results

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2009 at 11:55 PM

Application Version : 4.26.1006

Core Rules Database Version : 4024
Trace Rules Database Version: 1964

Scan type : Complete Scan
Total Scan Time : 00:48:14

Memory items scanned : 851
Memory threats detected : 0
Registry items scanned : 7412
Registry threats detected : 0
File items scanned : 42923
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Andrew Ormes\AppData\Roaming\Microsoft\Windows\Cookies\andrew_ormes@atdmt[2].txt
C:\Users\Andrew Ormes\AppData\Roaming\Microsoft\Windows\Cookies\andrew_ormes@doubleclick[1].txt
C:\Users\Andrew Ormes\AppData\Roaming\Microsoft\Windows\Cookies\Low\andrew_ormes@atdmt[2].txt
C:\Users\Andrew Ormes\AppData\Roaming\Microsoft\Windows\Cookies\Low\andrew_ormes@ad2.doublepimp[1].txt

The scan found adware but not the trojan.starter.896, I have run Mbam on quickscan yesterday and found 0 infections.

Questions;

How comes Dr cure it scanned over 1million files on full scan and superanti spyware only scanned roughly 50,000 on full scan :thumbsup:

Does running these programs in safemode make any difference?

What other software should I use to try and get rid of this?

Thanks,

Andy

#5 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 28 July 2009 - 09:58 PM

Is there a reason why everyone is ignoring this thread? Am I doing something wrong?

Im running on windows vista sp2. The trojan has only been found using Dr.web cure it!

I understand how busy you guys are and your volunterring but I feel a bit left out. I see everyone elses threads getting replies within reasonable time of them posting and this thread gets 80 views and 0 replies... :thumbsup:

Edited by ormes21, 28 July 2009 - 10:06 PM.


#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 28 July 2009 - 10:27 PM

Hello and welcome to Bleeping Computer. Your thread was not intentially ignores, but since you had posted some replies, it made it look like someone was already helping you. Please do this next:

Please Update malwarebytes and run a Full Scan and post back the log

Edited by Computer Pro, 28 July 2009 - 10:28 PM.

Computer Pro

#7 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 29 July 2009 - 09:23 AM

Hi, thanks for helping

here is the log report of a full scan from MBAM in safe mode,

Malwarebytes' Anti-Malware 1.39
Database version: 2519
Windows 6.0.6000

29/07/2009 14:15:06
mbam-log-2009-07-29 (14-15-06).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 467494
Time elapsed: 1 hour(s), 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\andrew ormes\downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 29 July 2009 - 11:08 AM

The file that Dr. Web found may be a False Positive. But you said that you were running SP2 of Vista, in the Malwarbytes file it says that you don't even have SP1.
Computer Pro

#9 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 29 July 2009 - 02:54 PM

Sorry, I thought I had installed it a while back to get a program to work :thumbsup:

What about the trojan.starter.896 that Dr Cure it found? This was my main concern.

Thanks,

Andy

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 30 July 2009 - 11:37 AM

Ok, so make sure that you run Windows Updates to see what comes through.

And the trojan that Dr. Web found is most likely a False Positive.
Computer Pro

#11 ormes21

ormes21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:19 PM

Posted 30 July 2009 - 01:03 PM

ok il run some updates.

Thanks :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users