Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Adware Trojan


  • Please log in to reply
4 replies to this topic

#1 daninthemix

daninthemix

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 10 January 2006 - 05:56 AM

Hello everyone,

I have a machine which had a huge trojan problem, which I was able to largely clear up with Virusscan and Xoftspy, and manually removing some stubborn stuff in safe mode.

Some of the malware present was:

SpySheriff
Command.exe

All now seems okay, with the exception of one piece of adware which I cannot see as a process, or as a file, and is not identified by either Xoftspy or Viruscan. What it does is generate a new flash-style advert every couple of minutes. It does not use a web browser.

Does anyone have any idea what this trojan is and more importantly WHERE it is?

Thx

BC AdBot (Login to Remove)

 


m

#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 10 January 2006 - 06:56 AM

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido again run from safe mode.

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 Computer Wizard

Computer Wizard

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Indianapolis
  • Local time:07:25 AM

Posted 10 January 2006 - 10:33 AM

Try using Process Exp and Autoruns. Both can be downloaded free from www.sysinternals.com.

Actually HijackThis does not show some of the things that start up but Autoruns give you the full list and even let you check whether the items are legitimate (checks their signature). But to be on the safe side use both software.

I have been cleaning up computers that have been infected and the above 2 tools are invaluable. I'm sure with these two you will find the process that's giving you a hard time.

Laszlo
Computer Wizard
Laszlo

#4 daninthemix

daninthemix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 10 January 2006 - 12:47 PM

Try using Process Exp and Autoruns. Both can be downloaded free from www.sysinternals.com.

Actually HijackThis does not show some of the things that start up but Autoruns give you the full list and even let you check whether the items are legitimate (checks their signature). But to be on the safe side use both software.

I have been cleaning up computers that have been infected and the above 2 tools are invaluable. I'm sure with these two you will find the process that's giving you a hard time.

Laszlo
Computer Wizard



Thanks. It's actually for someone's PC that's several hundred miles away from me. I'll have to rmote desktop in again I think and run these things you suggest.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:25 AM

Posted 10 January 2006 - 06:04 PM

I would also recommend that you download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions for Normal & Safe Mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users