Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans Galore..


  • Please log in to reply
5 replies to this topic

#1 moomoo

moomoo

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 04 November 2006 - 07:19 AM

Well i finally downloaded Spybot and Ad-Aware....Spybot found alot of adware and when i ranAd-Aware...i found 2 trojan droppers i had about 3 months ago which i thought windows 1 live care got rid of...i thought wrong...i deleted them obviously...restarted the computer...ran every scan: NOD32,NOD32 in-depth, F-Secure Online,Malicious Software Removal,Windows Defender,Ad-Aware, and Spybot...all of them showed up clean(as in no viruses,spybot and ad-aware picked up some spyware and spybot is doing something weird but thats another story) except for f secure online....3 more viruses...i cant remembeer the names but...Trojan.Dropper.HQ, Trojan.Agent...something like that...by the way the Droppers i found first were Trojan.Agent.Dropper & Trojan.Agent.Dropper.gen and so im deleting the ones f-secure detected right now. id lke to know WHAT IS GOING ON?! I deleted that dropper so long ago and i was sure of it...and i ran f secure 2 weeks ago and it was clean. If you would offer me your help to clear these evil things that would be great. Would you think its from the scanners i downloaded> Ad-Aware and Spoybot? Because i only got them yesterday.
Thank You,
Nick.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 04 November 2006 - 08:03 AM

Sounds like you are getting reinfected. What OS (Win XP/2000, etc) are you using? Have your tried doing your scans in "SAFE MODE"?

Download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Download and scan with SUPERAntiSypware Free for Home Users
If you encounter any problems while downloading the updates, manually download and unzip them from here.

Then if your running Win XP/2000, download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out the AVG Anti-Spyware Install-Scan Instructions and read the User Manual.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 04 November 2006 - 09:06 AM

Thank you very much. Ill run those scans now. Ive ran the original scans that picked it up and it seems its gone to ill restart and do a full scan.
Thanks ,
Nick

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 04 November 2006 - 09:09 AM

Your welcome.

As soon as your scans show a clean system you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 04 November 2006 - 11:17 AM

Alright i ran it...i found 2 more trojans...W32.Multidrp.GB...2 of the same so there wasnt a mutex...it was in system volume information and i *supposevly* deleted it...before i restarted i checked the file and it was gone..so i restarted and i believe its gone. i made sure it was gone because i hear you cant delete from scanners...so its gone for sure..ill rescan everytihng later on and ill post you results.

THanks,
Nick

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 04 November 2006 - 12:03 PM

i found 2 more trojans...W32.Multidrp.GB...it was in system volume information...

That's why you need to set a new restore point when you system shows clean and delete the old ones as I previously indicated.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users