Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Swizzor.Gen.8


  • Please log in to reply
2 replies to this topic

#1 instacat

instacat

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 03 March 2010 - 12:58 AM

I use mbam and Defender Pro 15-1 with Windows 7 Premium Home version. As I was scanning, DP informed me it had "Trojan.Swizzor.Gen.8," in the following locations:

File C:\Windows\DeployWinRE\DeployWinRE.exe (moved to quarantine)
File C:\Users\Public\Desktop\Adobe Reader 9 Installer\Setup.exe (moved to quarantine)
File C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe (moved to quarantine)
File C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93r98E239D9{\setup.exe (moved to quarantine)
File C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (moved to quarantine)
File C:\Program Files (x86)\Canon\MP Navigator EX 3.0\Maint.exe (moved to quarantine)
File C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\AC76BA86-7AD7-1033-7B44-93000000001}\Setup.exe (moved to quarantine)
File C:\Program Files\eMachines\eMachines Recovery Management\HidChk.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\Realtek Audio Generic Driver\WDM\vncutil.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\Realtek Audio Generic Driver\Vista\vncutil.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\nVidia Onboard VGA Generic Driver\Display\setup.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\nVidia Onboard VGA Generic Driver\setup.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\nVidia Chipset Generic Driver\Display\setup.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\nVidia Chipset Generic Driver\setup.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\Display\W7_INF\B_83920\atieclxx.ex_ (blocked)
File C:\OEM\Preload\Autorun\APP\Earthlink eMachines Edition\Earthlink_8.1.7.7_eMachines\SKU0\Utilitiesw\PPCODUN.exe (moved to quarantine)
File C:\OEM\Preload\Autorun\APP\Adobe Reader v9.1\Setup.exe (moved to quarantine)

I can't really translate all of the above, DP said all issues were resolved successfully, but is there a way to be SURE??
Thanks for your help and great advice.

BC AdBot (Login to Remove)

 


#2 tinyfighters

tinyfighters

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 04 March 2010 - 07:20 PM

1. Disable System Restore (malware can enter system restore files and screw everything up)
2. Scan with your program thingy
3. Probably there is nothing infected
4. You have to download some anti-rootkit thing but I don't have any links becuase I can't find any anti-rootkit programs
*cough* BACKUP *cough*
5. Scan with your anti-rootkit program and remove all the infections
6. Reboot your computer
7. Your computer is clean!
8. Victory :trumpet:

Rootkits are really annoying...
:flowers:


And sometimes when you try to remove rootkits it comes back up. Then you have to:
1. Reinstall Windows and forget about all your stuff
2. Backup (everybody knows you should) data then reinstall windows
3. Ask one of those IT guys for help or those "trained" people.
4. :thumbsup: Shout out "I HATE ROOTKITS!" to the world.

Edited by tinyfighters, 04 March 2010 - 07:27 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:42 AM

Posted 04 March 2010 - 07:27 PM

Hello. actually we prefer to clear the Restore points last. Rather have an infected point to falll back on than none.

Lets get a second opinon on infection possibilities.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Edited by boopme, 04 March 2010 - 07:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users