Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very strange trojan.


  • Please log in to reply
12 replies to this topic

#1 DaYoshi

DaYoshi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 05 March 2013 - 11:54 AM

I've found this trojan on my PC, i beated the crap out of it using malware bytes. :D

The trojans name is image.bin. How do i know the name, well here's the story:

I was playing The Sims game (nostalgia to the x-treme.) when i exited out of the game my desktop background was pitch black. The icons were broken and the explorer.exe wouldn't let me open folders, instead gave me an error message (System call failure). I used task manager to kill it and it was hiding as iexplorer.exe, LOCAL-something like that...

I killed the task and a folder popped up with an folder opened, inside it was image.bin.

 

Well, i don't know really what to say.


Edited by Orange Blossom, 05 March 2013 - 12:46 PM.
Moved to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 PM

Posted 05 March 2013 - 11:00 PM

Hello DaYoshi and Welcome -

 

This scan is best downloaded and performed with Internet Explorer if you can -

Please run a free online scan with the ESET Online Scanner
Disable your antivirus program - Information on A/V control (temporary disable) HERE if needed
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
If you have not run this scan, it must install the engine, then it will update itself -
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If ESET doesn't find any threats it will NOT produce any log.


 

Once the report is produced  - Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Thank You -



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 06 March 2013 - 10:31 AM

I moved this to the Am I Infected forum.

 

Just to add info to Nokojohn's post. Do you have the Image hosting software "ImageBin " installed?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 DaYoshi

DaYoshi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 06 March 2013 - 05:08 PM

No, i have no imagebin hosting thing installed, i already removed it, but thanks for the info.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 PM

Posted 06 March 2013 - 05:24 PM

Please run the scans requested, and post back with any results -

 

Thank You -



#6 adambrown1985

adambrown1985

  • Banned Spammer
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 07 March 2013 - 05:05 AM

Hello dayoshi you can scan your computer with latest updates Norton antivirus. It will remove all kind of virus from your compter. you can get help from the Norton online chat team for solving your pro



#7 DaYoshi

DaYoshi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 March 2013 - 12:47 PM

Thank you so much for the link, this happened again and now malware-bytes couldn't find it.



#8 DaYoshi

DaYoshi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 March 2013 - 01:05 PM

Well guys, i found it, it's name is actually Gendel.



#9 DaYoshi

DaYoshi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 March 2013 - 03:00 PM

C:\Program Files\ZTE\ZPST_DL_P300\setup\gendel32.ex_    Win32/HackTool.Gendel.A trojan
C:\Users\Marko\Desktop\LicReg_cracked.exe    a variant of Win32/Packed.Enigma.AAF trojan
C:\Users\Marko\Desktop\shogun\Total_War_Shogun_2_Fall_of_the_samurai_[Crack_pirat.ca].rar    a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\Marko\Desktop\shogun\Crack\steam_bleeper.dll    a variant of Win32/Packed.VMProtect.AAH trojan
 

I'll run that TCF or whatever



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 PM

Posted 07 March 2013 - 07:01 PM

Hi -
Please see File names - VirusTotal for more information, and you will see variations of the name.


The item has been picked up by the ESET Antivirus scan, as it was a Virus rather than a Malware item tor Malwarebytes to pick up -


These also returned positive readings - Win32/HackTool.Gendel.A trojan - Packed.Enigma.AAF trojan - VMProtect.AAH trojan -

 

Are you using a Full Version of The Sims, or a downloaded "cracked version" ??
Please delete this program now, as it is infected with quite a few problems.


You can also upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners, then you have the result.
Alternatives are > Jotti     http://virusscan.jotti.org/en > VirSCAN   http://virscan.org/ > Metascan   http://www.metascan-online.com/
I just used VirusTotal to check it -

 

NEXT -

Please download Security Check by Screen317 from HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Thank You -



#11 DaYoshi

DaYoshi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 08 March 2013 - 04:44 AM

Well gee, how else are you gonna get a 10 year old game like sims in the store?

 

I deleted all the files.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 PM

Posted 08 March 2013 - 05:04 AM

Hi -

I was not being a judge in this case, just trying to stop the infection from coming back to your computer.

If we know how a problem starts, then it can be halted a bit quicker - I only wanted to confirm the ideas I had.

 

Please post the requested security scan, and we may be able to help further.

 

Thank You -

 

P.S. I still have an original copy of "The Sims", as some of us older ones may do -



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 PM

Posted 12 March 2013 - 09:08 PM

this is AVIRA this program is the best of the best antivirus!!!!

Hi computerfail123 -

 

Please note that not all Antivirus programs will detect all infections, as the listed online scanner is a deeper scanner than Avira -

Infections are found with Antivirus and Antimalware scanners used in the correct manner.


Please read the AntiVirus, Firewall and Privacy Products and Protection Methods area of this forum.

You may find that there are many other Antivirus and Antimalware programs that are better suited in some cases -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users