Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus help please


  • Please log in to reply
17 replies to this topic

#1 Trexxie

Trexxie

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 25 July 2005 - 08:50 PM

Hello! Believe it or not I have never had a virus before...just luck I guess (and no porn sites ... I'm a girl ) until now :thumbsup: .
Well, the viruses name is TROJ DLOADER RF and I cannot find any info about it on the web.
There are all sorts of troj dloaders, but not mine, unfortunately. I've deleted the infected files via Trend Micro's web site (I'm not using any antivirus for a while now).
If anyone knows anything about this virus...what does it do and so on, I would be in your debt.
I've done a system restore...I don't know if that does any good...if the virus was already deep in the registry...Thank you for your help in advance.

BC AdBot (Login to Remove)

 


#2 sellingforcheap1960

sellingforcheap1960

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 26 July 2005 - 01:38 PM

Hello,
Have you by chance did a google search for the name of this? Also a system restore may have helped you, does all seem to be running ok? I would highly recommend you get a good virus protection and there are many and keep it updated and then run a scan on your system. AVG is ok and its free. Just thought I would try and help you...

#3 rmm55

rmm55

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 26 July 2005 - 01:53 PM

If you did a housecall scan from TrendMicro, cleaned the files and then did a system restore you may have reinstated some infected files from the system volume. Now you should turn off system restore, download the Sysclean Damage Package from TrendMicro, including the latest pattern files and run the scan in safe mode. Then turn system restore back on to create a clean fresh resotre point. I would also recommend downloading and installing AVG 7.0 free as soon as humanly possible.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:24 AM

Posted 26 July 2005 - 02:15 PM

Scan again while in "Safe Mode"
Then turn off your system restore. Reboot then turn your system restore back on.

Doing so will remove the infected files that were hiding in your restore points.


And yes, please install an Antivirus. ASAP
I recommend AVG Free Antivirus.

I'd also like to suggest: a-squared (aČ)


a-squared (aČ) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). aČ fills the gap that malware writers exploit.


You will find links to both in my sig. :thumbsup:

An informative read:
Simple Steps to Keep Your Computer Secure

Edited by Scarlett, 26 July 2005 - 02:24 PM.

Posted Image

#5 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 26 July 2005 - 03:40 PM

Thanks guys so much for your advices. I've been using Norton and it slowed my computer a bit so I've uninstalled it and of course, got a virus. My notebook seems normal now after the restore - I restored at the checkpoint when there were no viruses on my hard drive for sure.
I've googled a lot, but I can't find the TROJ LOADER RF...strange.
Although everything seems fine I'm curios what this virus does to the computer...
I'm downloading AVG Free Antivirus as fast as I can
:thumbsup:
Again, thank you very much! :flowers:

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:12:24 AM

Posted 26 July 2005 - 04:24 PM

Where did you get the name TROJ LOADER RF from? Most of the major anti-virus companies call a virus with a name they place on it and rarely is that name the same from company to company unless the public latches onto a name and it becomes public domain like Sasser or Netksy or GoBot.

Run a-squared as Scarlett suggests. This is a trojan specific program.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:24 AM

Posted 27 July 2005 - 10:07 AM

I can't find any reference to TROJ LOADER RF anywhere. There are some with the "rf" in them, though.

As Leurgy asked. Where did you get the name from? Are you sure that you are spelling it correctly?
Posted Image

#8 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 27 July 2005 - 10:15 AM

Where did you get the name TROJ LOADER RF from?

:thumbsup:
I got the name when I did a scan at Trend Micro's web site. I ran a-squared like Scarlett
suggested and the test was OK - no trojan, so I guess that the deleting the files and restoring to the non - virus checkpoint did the trick.
Guess I'll be sure that the virus is gone if my computer doesn't do anything funny in a week or so, right? :flowers:

#9 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 27 July 2005 - 10:26 AM

As Leurgy asked. Where did you get the name from? Are you sure that you are spelling it correctly?

I cannot be more sure because that was my first virus and it settled itself in 3 files so my scan showed 3 viruses - but it really was the only one (so it spelled TROJ DLOADER RF 3 times ). I was confused (and still am) that I couldn't find it anywhere on the web. It is exactly as you say: There are some with the "rf" in them, though.
Thanks, Scarlett for the a-squared info - it is a great tool!

#10 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 27 July 2005 - 10:37 AM

Again, sooo strange - I did a search for the virus on Trend Micro's web site (where I got the results) and it showed up 0 results for that name. I even have it copy pasted(I did that in the case I lose the post it I wrote the name on) so I double checked that the name TROJ DLODER RF is correct. Am I crazy or did Trend Micro pull a prank on me (kidding)? :thumbsup:

#11 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:12:24 AM

Posted 27 July 2005 - 10:54 AM

I just searched Trend Micro also and couldn't find that specific variant. Suffice to say that that type of virus will download more malware to infect your computer if it can.

Sounds like you have cleaned it up though. :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#12 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 27 July 2005 - 01:10 PM

Sounds like you have cleaned it up though. :thumbsup:

Yes I did! :flowers: And thanks to you lot I finally protected my computer and hope that that "ghost" virus will be the only one on my system.
I'm glad that I've stumbled upon at such a great page and friendly people! :trumpet:

#13 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:24 AM

Posted 27 July 2005 - 05:48 PM

I googled for this mysterious trojan, a litttle differently.
Instead of TROJ LOADER RF
I thought I would try it like this, Trojan Downloader RF
Since the way you had it, it seemed like an abbreviation of sorts.
Anyway, this is all I found.

http://vil.nai.com/vil/content/v_129482.htm

Edited by Scarlett, 28 July 2005 - 08:21 PM.

Posted Image

#14 Trexxie

Trexxie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 29 July 2005 - 09:39 AM

Thank you Scarlett! Good thinking - that different search info. Sorry for my ignorance, but I still don''t understand what does DOWNLOADER do? It says that it's subtype is a downloader - maybe it means that it downloads more malicious stuff? :thumbsup:
If it does that, then I'll obviously see in a few days it my computer is still infected. I know - asked and answered (guessed to be precise) - but I'm a total virus newb. :flowers:

#15 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:24 AM

Posted 29 July 2005 - 12:13 PM

Trexxie do not feel to bad, I'm learning as I go along. By far not an expert.
For now this may give you some basic insight.

Trojan.Downloader 

These kinds of programs are not "Trojans" by themselves, but they are intended to deploy Trojan programs to a victim's computer.

The "TrojanDownloader" programs contain information about names and locations of malware programs to download and install. This information is usually stored as an encrypted block of data at the end of a "TrojanDropper" file.

These programs can be used to install and download newer versions of malware software, or install several Trojan programs without user permission.


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users