Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SuperAntiSpyware resistant Trojans


  • Please log in to reply
2 replies to this topic

#1 vitaly7

vitaly7

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 21 October 2009 - 11:48 AM

Hi

I have had a serious attack on my machine, which I partly dealt with, but there are still some remaining problems.

System: Win XP SP2

Cause: probably after trying to run "Shockwave_Installer_Slim.exe", Adobe Shockwave Player 11.

Symptoms:

1. SuperAntiSpyware - could not update definitions ("There was an error trying to retrieve definitions... etc"; checked with my ZoneAlarm Firewall off, same effect); this is the first time in half a year of constant usage that I could not update definitions. I am pretty sure the reason for it is a block on my machine of www.superantispyware.com, see point 4 below.

2. Process FastNetSrv - appeared in the Task Manager; I killed it and tried to find the cause googling it; could not get to the sites - see the next two points

3. IE - massive phishing: after google search, clicking on the links leads anywhere, but to the sites shown (new symptom; IE had worked fine before this happened); copying and pasting solves the problem, but:

4. some Anti Malware sites are blocked - from both Opera & IE, namely:
www.virusremovalguru.com/?p=4378
www.superantispyware.com/malwarefiles/FASTNETSRV.EXE.html

The browser tries to load them, and then says "This page could not be displayed". I checked from an independent computer, the sites are working.

5. After trying to run SuperAntiSpyware on 18 Oct defintions, decided to reboot. On rebooting the Windows Logon appeared, and then DEP started closing userinit logon and any other application, resulting in an empty screen; Safe Mode did not work - freezing. I managed to gradually overcome that and made sure I can login and work. All programmes are operational as far as I can tell. :thumbsup:

6. SuperAntiSpyware sees several Trojans:
Trojan.Unknown Origin
Unclassified.Unknown Origin
Adware.WsnPoem
Trojan.Agent/Gen
Nvscv
Adware.Lop-Gen
Trojan.Dropper/Win-NV

Total scan results - items detected: registry - 6; files - 17; threats - 23.

After running the whole course and deleting it suggests to reboot. After rebooting all the Trojans stay intact.

7. Several nasty processes appear in the Task Manager after startup:
nvscv
st201
n2scv
msa
msc
h, a, i, b - any letter really

some of these processes crash themselves shortly.

Not sure what to do. :flowers: Any help would be appreciated.

Thank you in advance

-vitaly

Edited by vitaly7, 21 October 2009 - 12:37 PM.


BC AdBot (Login to Remove)

 


#2 vitaly7

vitaly7
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 21 October 2009 - 10:09 PM

meanwhile I have 2 more processes added:
lsm32.sys
opeia.exe

also, the site
www.spywareremovalblog.com
is blocked

#3 vitaly7

vitaly7
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 22 October 2009 - 08:38 AM

Studying the subject, I have discovered some further sites that are blocked:
www.prevx.com
symantec.com
www.malwarebytes.org

It appears Malwarebytes Anti-Malware can be helpful, and it can be downloaded from an independent site, e.g
http://download.cnet.com (this works)

But then I will need to update definitions - and would not be able to do this, as malwarebytes.org is blocked...

Moreover, my current concern is that the virus works at the time of rebooting (it would not allow SASW to complete its run on rebooting - as I described earlier.

Waiting for your help!

kind regards

-vitaly




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users