Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan probems


  • Please log in to reply
1 reply to this topic

#1 GeraldUK

GeraldUK

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 21 August 2011 - 06:37 AM

Hello
Not sure if it this is the best forum, but it is problems from a trojan which has been
quarantined.

I do not have internet access so this is being sent from a friend's computer.

Am running a Desktop, Windows XP SP3 with 2gig RAM.

Anvira AntiVir said:
The file 'C:\WINDOWS\system32\ble.dll'
contained a virus or unwanted program 'TR/Agent.osnw.1' [trojan]
Action(s) taken:
The registration entry
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath> was successfully
repaired.
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '549309d1.qua"

I ran Malwarebytes and that took over an hour, Event Viewer reporting it had timed out about
30 times. It showed a clean result. I then rebooted (which took much longer than usual) and
find I have now lost my Internet Connection and all sound.

Ran Spybot search & Destroy and that came up with a clean result. Ran scannow without any
problems.

Looking at the Internet connection Network Diagnostics says that there was an error in the
Winsock provider catalog and the TCP/IP protocol had not been set properly plus an error in
detecting offline status of IE with error in InternetOpen call 12159. It offers to fix the
problem, but nothing changes.

From a previous visitation I have rkill.scr; FixExe.reg; and unhide.exe still on my desktop. I
also have an old copy of Hijack This and attach a log of my system now. ( I normally would
not do this, but am using a neighbour's computer).

Logfile of Trend Micro HijackThis v2.0.2

Log removed. ~ OB

Sorry about the amount of information. Have already spent an hour on the phone to my ISP
in India. Would be very grateful for any assistance from the more knowledgeable.

Edited by Orange Blossom, 21 August 2011 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 GeraldUK

GeraldUK
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 21 August 2011 - 11:14 AM

Sorry about adding the Hijack log with the post.

One of my neighbours is pretty IT savy and he came up with running a file called "winsockfix.exe" which did the trick, altering the Registry entries back to pre-trojan so I now have internet connectivity plus sound.

Therefore a happy bunny, and this thread could be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users