Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan virus cannot be removed from computer.


  • This topic is locked This topic is locked
4 replies to this topic

#1 viglionk

viglionk

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 01 December 2009 - 09:33 AM

I received some sort of malware onto my computer this morning. I ran my updated malware bytes and it found 5 trojan downloader virus'. I also ran my McAfee scanner and it so far has found nothing. After re-starting my computer I found that it still re-routes me when I am on a website.

This is the site that it brings up.
http://www.xn-->,-kkagu.com/



I have attached the log from my malware. I ran it again and it didn't find anything this time.
If someone could give me an idea as to what to do next that would be great!
Thank you!
............................
Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 5.1.2600 Service Pack 3

12/1/2009 9:17:54 AM
mbam-log-2009-12-01 (09-17-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 244918
Time elapsed: 1 hour(s), 33 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\15264844 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Krista Viglione\Local Settings\temp\573.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Krista Viglione\Local Settings\Temporary Internet Files\Content.IE5\TP035G04\op[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP123\A0011487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\15264844\15264844 (Rogue.Multiple) -> Quarantined and deleted successfully.


......................................................................

BC AdBot (Login to Remove)

 


#2 Terps2005

Terps2005

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 01 December 2009 - 12:13 PM

That 573.exe was something I had today and it tooks me hours to find. I finally got it with malwarebytes and went into temp files and personally deleted it and then emptied recycle bin. Make sure once you quarantine these, you delete them. Make sure you have the updated malwarebytes and run it after rebooting. Make sure to run it AS SOON as your computer starts. Make sure to go into the following file and delete that 573.exe file, that's the one that is rerouting you.

C:\Documents and Settings\Krista Viglione\Local Settings\temp

that is where the 573.exe is located. Make sure you have SHOW ALL HIDDEN FILES selected in your computer before you do this.


Windows XP and Windows 2003

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.





Windows Vista

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
3. Click on the Control Panel menu option.
4. When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
1. Double-click on the Folder Options icon.
2. Click on the View tab.
3. Go to step 5.

If you are in the Control Panel Home view do the following:
1. Click on the Appearance and Personalization link .
2. Click on Show Hidden Files or Folders.
3. Go to step 5.

5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and shutdown My Computer.
9. Now Windows Vista is configured to show all hidden files.


hope this helps. that virus SUCKS!!!!!

#3 viglionk

viglionk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 01 December 2009 - 02:40 PM

Yeah. That file isn't there anymore. I am pretty sure malware bytes deleted it. I went in a looked for all of the ones that it found shortly after I posted. I just went back and looked like you said, and it's not longer on my computer, well the virus is, but other than that I don't know what else there is to do. My McAfee doesn't fine anything, Ad Aware or Mal ware doesn't either.

Thank you.

If anyone else has anymore suggestions to how to get it off that would be great! :thumbsup:

#4 viglionk

viglionk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 02 December 2009 - 02:23 PM

It now has started to simply re route usually when I seem to be on a website that I clicked on off of google. It's doesn't seem to do it unless it is connected that way some how. I can put it at bay for a few min by clearing my private data on firefox.
I have continued to run other scans.

I realized I didn't put this information in my original post, but I am running Microsoft XP on a dell dimension E520.
I have McAfee Virus scan, malware bytes, and ad aware SE personal.

So far they are finding nothing. I have run it in safe mode as well, but this seems to give me problems when I try to go into safe mode. It brings up the blue screen of death.


I think it might be similar to a rootkit that I had back in July. I ended up having McAfee go into my computer to remove after my fiancee demanded that they fix it since they didn't catch
I am not so sure it'll work this time though.

If anyone has any ideas, or thinks that I should run a hijack this log, let me know.

Thank you. It's getting ridiculous , any suggestions would be greatly appreciated.

#5 viglionk

viglionk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 04 December 2009 - 11:32 AM

I have received help from geekstogo.
I am closing this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users