Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! At least four Trojans and two Worms!


  • Please log in to reply
No replies to this topic

#1 greenduck

greenduck

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 19 November 2010 - 11:45 PM

I know my computer is infected because I checked the processes that were running in Task Manager. My regular virus software- Trend Micro, Kaspersky AntiVirus, Super Anti Spyware and Malware Bytes haven't picked the programs up.

I found the following programs by checking in TaskList.org:
explorer.exe- Trojan
TR/Agent.121
Location: %SYSDIR%\service\explorer.exe

firefox.exe- added by RBOT-ATP worm
Location: System (9x/Me) or System 32 (NT/2K/XP) folder

rundll32.exe- worm
Name: Worm/Antiman.E
Location: %home%\Start Menu\Programs\Startup|rundll32.exe

services.exe- worm
Worm/Antiman.E
%WINDIR%\services.exe

smss.exe- Trojan
Name: windupdates
Location: %SYSDIR%\smss.exe

A scan with a separate program (I think it was blue- somethingorother, I can't remember), apparently found the following:
TR/Proxy.Ciumz.BG
HKCR\CLSID\{5E212EE-0300-11D4-8D3B-444553540000}

TR/Proxy.Cimuz.BG.1
HKCR\CLSID\{5E212EE-0300-11D4-8D3B-444553540000}

TR/Spy.Goldun.EI
HKLM\Software\Windows

TR/Spy.Goldun.FN.3
HKLM\Software\Windows

I also have a few somewhat unnecessary programs running:
GoogleDesktop.exe
jusched.exe
SmoothView.exe

I want to remove these programs, but on looking in the Startup List, there are a vast number of possibilities for services.exe, rundll32.exe and explorer.exe that I don't even know where to start. I have read the information on removing Trojans etc. manually, but I want to know absolutely what I need to remove.
Not only that, it looks like many of the .exe files have Trojans and worms behind them, so I'd need to remove those as well.
Please help!
---------------------------------------------------------------------------------------------------------------------------

There's been some new development.
I followed the instructions given under this site's 'How to remove Trojans and malware' section. I went through every single tab within autoruns.exe. I found firefox.exe, rundll32.exe and explorer.exe. However, The Trojans apparently didn't exist because I couldn't find them anywhere inside the registry.
I also couldn't delete rundll32 and explorer. Why? Apparently, "TrustedInstaller" wouldn't let me. Who is TrustedInstaller? I have no bleep clue, and if I find 'TrustedInstaller' IRL, I will skin them alive. No, I'm not lying or exaggerating. I will probably be doing millions of computer users a favour.
(Also, TrustedInstaller? Come on, you moron. Naming it 'MostDefinitelyNotEvil' would be more convincing!)
I rebooted out of safe mode and checked task manager again. Apparently, two versions of csrss.exe are running. Explorer.exe is still running. services.exe is still running. And smss.exe is STILL RUNNING. I've probably missed some, too.
Oh, I went to properties --> permissions on smss.exe and services.exe. Apparently, TrustedInstaller has full permissions and control while I have only two measly checkboxes ticked.

Seeing as I haven't had any replies, I'll try fixing the problem with my limited range of knowledge. I'm going to try getting rid of all of TrustedInstaller's permissions, and reallocating them to me.
If that doesn't work, well, I'll just have to reinstall Windows. Joy.

Once again, I would really, really appreciate some help. Any kind of help. Please.
------------------------------------------------------------------------------------------------
I just installed CleanUp and SpyBot Search and Destroy. Somehow I don't think it matters how many programs I have on my computer.
Hmmm, think I'm gonna give up and take a hammer to my PC. Or the head of whoever made these programs.

Edited by greenduck, 20 November 2010 - 08:49 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users