Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This One Is A Doosie, Any Advice?


  • Please log in to reply
9 replies to this topic

#1 tutsky

tutsky

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 18 January 2007 - 01:07 AM

I believe my computer is infected with a trojan horse virus that has gotten gradually worse. When i try to run internet explorer, it generates an error, closes itself and starts up once again on its own, then cycling this action. The virus was initially received when i was gone from town (roomates left it on for 5 days). AVG virus had found ia trojan horse.gud file and "fixed" it everyday at 24hr periods. Problems didn't occur until a week later, and now the AVG virus software finds like 22 infected files. When I try to mannuallly delete these files in safe mode, when I startup again the files have come back (AVG tells me that 20 of the files are fixed out of 22 but even if manually delete them they still come back). I am going to give you the last files that came up as infected on the two programs I used to evaluate the extent of the virus. If anyone has a suggestion, I would really like to know if this is just too hardcore to fix and whether I should consider wiping the hard drive. I have a separate hard drive to store work files and music, and no virus scan has not turned up anything in that drive, is it unharmed? I also picked up the newest version of Mcafee Internet security, do you think this software is adequate to prevent this from happening again? Any feedback is much appreciated.


from AVG software TH= trojan horse

File Result / Infection Location

1.dllb TH clicker.DBH C:\Documents and Settings\ administrator\localsettings\temp
5.dllb THDownloader.Generic2. TSV "
nkogcgfl.exe THGeneric2.FKU "
fjvmimxj.exe TH Dropper.Agent.AOI "
v3x1.g22me TH BackDoor.Agent.DSS "
v4x3.ga2me TH Dowloader.Generic.QUS "
v5x4.ga2me TH " .YNY "
v6xt4.game TH " .YY "
vx1t1.game Virus found Downloader.Tibs "
vx1t3.game TH Downloader.Gneric2.WFV "

kvab03[1].exeTH Dropper.Agent.AOIc:\Documents and Settings\administrator\localsettings\temp internetfiles
runfile[1].exe TH Clicker.BKR "
load[1].php TH Generic2.FKU "

adir.dll Virus Identified I-Worm/generic.AJK C:\WINNT\system32
dlh9jkd1q1.exe TH Clicker.DBH "
dlh9jkd1q5.exe TH Downloader.Generic2.TSV "
vxg3am1et3.exe TH " .WFV "
vxg6am4.exe TH " .YNY "
vxga1me4t1.exe Virus Found Donloader.Tibs "
vxga4m1et4.exe TH Downloader.Generic3.YY "
vxga4me1.exe TH Backdoor.Agenet.DSS "
vxga5me3.exe TH Downloader.Generic.QUS "

Also After the scan was Complete, AVG test results showed that
1. the Partition Table (MBR) had aReading Error
2. the Boot sector of disk C had a Reading Error


I know this infection is probably too bad too fix but I only hope someone can maybe help me to save the frustration of wiping the disk and losing some files.

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:54 PM

Posted 18 January 2007 - 01:16 AM

Have you run AVG in Safe Mode?
Run these online virus scanners:
BitDefender
http://housecall.trendmicro.com/

Also this online Trojan scanner:
TrojanScan
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 whintersby

whintersby

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 18 January 2007 - 09:17 AM

as TG1911 recommended, does running AVG in safe mode improve matters?

Searching google using the filenames listed mostly pops up Sophos or Prevx stating they're part of Trojan VXGame, Covert Sys Exec and Trojan Taskdir.

I would recommend running a scan with either Prevx1 or Superantispyware which should help matters if AVG won't play ball.

Superantispyware is completely free, whereas Prevx1 offers a free trial which will remove any infections free of charge during this period. If you don't wish to keep it after cleanup you can uninstall it.

Edited by whintersby, 18 January 2007 - 09:19 AM.


#4 tutsky

tutsky
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 19 January 2007 - 02:40 AM

I have tried to go the sites mentioned above, but it seems that when I try to run Internet Exporer, the windows installer pops up, not stating what its installing, and basically lock that IE window up before ever opening the home page. I tried to find any of the files that AVG and Spybot found except files found in the temporary internet files and system32 files, where once again the computer locks the window and it eventually goes away. But its like the virus is preventing me from getting on the internet to find more specialized software to narrow down the source and its alos is protecting the location of potentially harmful files. Is there any way around this, or is this just a lost cause.

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:54 PM

Posted 19 January 2007 - 03:22 AM

Try to download firefox here so that you can contue surfing Empty your temp internet files by downloading install and update Ccleaner
After installing and updating go to options - advanced and tick prompt for registry back ups
Now Start up in safe mode
Do two runs

1) Click on problems and tick all. Click on analyse. At the end you will be prompted for storing a backup.
This will be stored, as a default, in My documents.
2) Click on cleaner click on analyse and accept all files to be removed.

To double up :
* Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Under Browsing History, click "Delete".
* Click "Delete Files", "Delete cookies" and "Delete history"
* Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu..
* Click the Clear now button below.. A new window will popup what to clear.
* Select all and click the Clear button again.
* Click OK to close the Options window

* Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

Edited by fozzie, 19 January 2007 - 03:23 AM.


#6 whintersby

whintersby

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 January 2007 - 05:44 AM

I have tried to go the sites mentioned above, but it seems that when I try to run Internet Exporer, the windows installer pops up, not stating what its installing, and basically lock that IE window up before ever opening the home page.

Are you able to download Firefox and try with that?

[edit] Ha ha - just noticed Fozzie already recommended that! Oops :thumbsup:

Edited by whintersby, 19 January 2007 - 05:45 AM.


#7 tutsky

tutsky
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 22 January 2007 - 10:53 PM

After trying to connect to the internet to visit these sites I have had no luck. I wonder if I could download some of the programs onto a computer at work, burn them to disk and try to load them that way if it would work. My other options that are left to consider are, Partition the disk or wipe the hard drive completely. I understand I must have all the proper disks, ASUS motherboard disk, dvd driver disk, and OS disk. I was running windows 2000, and have a copy of XP from my work. Is this smart to load xp on two machines (one at work too)? This is basically a non-brand built computer with an AMD athlon 3200 Barton core chip that was overclocked just a little, with an ASUS overclocker board,and two hard drives. If I did not find any virus infection on my extra drive, is it also infected? What are my options, is this too tough a problem to tackle for a computer user with moderate knowledge (and I suck at DOS)? Once again, I appreciate any feedback- thanks

-Chris

#8 whintersby

whintersby

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 23 January 2007 - 04:20 AM

After trying to connect to the internet to visit these sites I have had no luck. I wonder if I could download some of the programs onto a computer at work, burn them to disk and try to load them that way if it would work. My other options that are left to consider are, Partition the disk or wipe the hard drive completely.

The only problem in downloading any programs on a second computer before transferring across (to a computer with no active internet connection), is that you will not be able to download the most up-to-date definitions, and I know programs like Prevx1 require an active internet connection to even activate a free trial.

I would recommend downloading and transferring across HiJackThis and running a scan. Post this log in the correct forum and I would imagine there's a very good chance of getting this computer up and running again without re-format?

Edited by whintersby, 23 January 2007 - 04:21 AM.


#9 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:54 PM

Posted 23 January 2007 - 05:15 AM

You can download AVG antivirus ( check the link in my sig) and download latest definition files here
Firefox you can use my link, which gives you the latest version, burn those on CD and install on infected computer. With FF you can than download the programs I suggested. The only setback is you can can not run all the online scans since some of the require ActiveXinstall.

Here you have the best online scans
In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.

Please let us know whether any of this helps.

#10 jimig

jimig

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 23 January 2007 - 09:14 PM

Hope this works! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users