Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan found TR/Kazy.27226.4 Please help!


  • Please log in to reply
3 replies to this topic

#1 Beeker

Beeker

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 22 June 2011 - 04:56 PM

I am working on a friend's computer with Windows 7. When I set it up for him, I installed Avira Antivirus, SuperAntiSpyware, Malwarebytes, and Spyware Blaster.
Yesterday, a new icon appeared on the desktop that claimed to be a antimalware program. He said it was a yellow sheild in a yellow dot with an arrow. I can't picture it, but maybe somebody here will recognize the description. I told him to update Avira, and the other antimalware programs and run the scans. Both Avira and Malwarebytes found this trojan, SuperAntiSpyware found nothing. Both Avira and Malwarebytes have tried to quarentine and remove the program. The icon that was on the desktop is gone, but everytime we restart and run the scans again to make sure the trojan is is completely gone, the files are detected again. Please help.

Thank you in advance.

BC AdBot (Login to Remove)

 


#2 Beeker

Beeker
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 June 2011 - 09:31 PM

I really need help. Please respond.
I have done my research and footwork to the best of my ability and feel like I am getting nowhere. Although I click remove when the Avira alert pops up, the trojan remains. Although I have scanned multiple times with Malwarebytes and have removed, quarantined, deleted the trojans, I keep finding them. Please help. I am at a standstill.

I have downloaded and run RKill, but I cannot find the log to post the findings.

I have updated and run Malwarebytes. Here is the log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6922

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/22/2011 7:32:35 PM
mbam-log-2011-06-22 (19-32-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295712
Time elapsed: 24 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8AD2C62B-4A7A-072B-A817-0ADC1457FC33} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AD2C62B-4A7A-072B-A817-0ADC1457FC33} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\programdata\kbd10332.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.


I have downloaded hijack this. Here is the log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:11 PM, on 6/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tom\Downloads\HiJackThis.exe

EDIT..HJT log removed

Edited by boopme, 25 June 2011 - 09:51 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 24 June 2011 - 02:02 PM

Hello,,,, the issue is that you need to post the HJT logs in this forum so the <Malware team will see and review them.
Which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Beeker

Beeker
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 June 2011 - 06:59 PM

Thank you. I have posted there and have many views, but no replies. I am getting sick over this. I need this fixed by tomorrow morning! I have done all I could to prepare for help and done the little I know of to try to fix it myself. I am getting nowhere. I don't want to have to return this computer to the owner saying "sorry, you have to reload all your stuff."!!! Please help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users