Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Not sure if I fully removed a Trojan-clicker

  • Please log in to reply
1 reply to this topic

#1 ShoeEars


  • Members
  • 4 posts
  • Gender:Female
  • Local time:03:22 AM

Posted 17 October 2011 - 11:13 AM

Okay, so today I got a file from a friend and didn't scan it first because I stupidly assumed it would be fine. It was a file for Nuance Dragon and it came with a lovely trojan-clicker.win32.agent.ryc. I have KasperSky and scanned the folder and ran a critical and full computer scan when a notification came up about the trojan, but it wouldn't let me quarantine the file or take any action against it. The file wouldn't let me delete it, it said I had to have permission from the admin, which I am. I tried Shift+Delete, and the file would look like it was deleted, but when I refreshed the folder it was in, it reappeared. I looked on the internet for a solution, I checked my processes and looked up the '.exe' things that were running, and downloaded and ran HijackThis, Spybot - Search & Destroy, Exterminate It, and MalwareBytes. Now, I think I got rid of it, the file isn't showing up where I originally put it. The full computer KasperSky scan I had been running since the the notification made progress from the 1% complete it had been stuck at for a couple of hours. The Nuance Dragon file was a '.rar' file so I uninstalled WinRar, which was not something I found anywhere online, but that seems to have allowed me to get rid of it. I recently had to uninstall winrar to get a program to install. One question I have is, is there a chance it could still be on my computer or have done something that could potentially harm my computer in some way or anything? Or is it really gone? I also found some things that I looked up that seemed like they could potentially or possibly be harmful, I found rundll.exe.mui in System32\en-US and these next three were all modified today; PerfStringBackup.ini, Perfc009.dat and Perfh009.dat, all in System32.
Is my system in jeopardy as far as you can tell with the info given? And if you need more info, I will gladly give it seeing as I would like not to fear for my beloved laptop and my files for school. I already had issues over the summer where I had to back my files up on a separate computer so I could set it back to factory settings twice because of a virus and stuff (I didn't have KasperSky at the time, but got it because of that incident).
I read something that said it may go to sites to increase ad views or something and that it may change internet settings and my HijackThis log showed those kinds of activities, along with several suspicious activities and am concerned that I did not fully remove the trojan-clicker.

BC AdBot (Login to Remove)


#2 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:22 AM

Posted 17 October 2011 - 11:16 AM

If you would like to get a through system check up you can, follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users