Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rat Trojans


  • Please log in to reply
4 replies to this topic

#1 cautiouz

cautiouz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 09 February 2007 - 11:19 AM

:flowers: Okay I cant belive what Im going through. First I get a black screen on my other PC which had been given to me by a church so I dont have the boot disk and they cant fine it. So there goes my files.

so then since I cant afford to buy one in the first place, I was fortunate to have been given another PC. OKay so I log in to the internet and it starts sticking and then the next thing you know Im being maneuvered to my desktop and aftwhich, an advertisement pops up for updating real player. After running a virus/spy removal program, it showed almost 87 various trojans, spyware and viruses. I only had the trial versions so I removed them all off them manually paying careful attention to each location...except for one --- Glacier I cant find it but its located in my files system32/.exe Ive donwloaded every known application and software on the net and its still there.

Does anyone have any ideas about it? The person who had the PC stated that they were having problems with it but I didnt know they were this extreme.

Is there a fix for this puppy? Or is this PC brokedown too? :thumbsup:

Hey.. I really appreciate the help you guys give in this forum.. you rock!!

//Mod edit: Moved from Windows XP Home and Professional forum to the more appropriate.

Edited by KoanYorel, 09 February 2007 - 11:23 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:24 AM

Posted 09 February 2007 - 11:47 AM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode.
http://www.bitdefender.com/scan8/ie.html

Post a Hijack This log in the appropriate forum by following the directions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:24 AM

Posted 09 February 2007 - 11:56 AM

run this scan ...free home user version in safe mode after install and update

http://www.superantispyware.com/

How to start Windows in Safe Mode

please lt us know your results

Edit sorry we posted about the same time

Edited by boopme, 09 February 2007 - 12:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 cautiouz

cautiouz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 12 February 2007 - 06:26 PM

ok.. I did everything you said plus a tad bit more. This is what happened:

I followed your instructions by scanning with superantispyware in safemode. Did the bit defender and also scan with trojan hunter, stinger 260, Windows-KB890830-V1.24.zip, ccleaner, atf cleaner, regvac, ad aware SE and xoffspySE. During these scans, the following trojans were present:

Rbot.navopdaterx
Portless
Win32.exe bundle.272
A bunch of other program files by View Point
PC Bloodhound and,
Glacier

I kept scanning and removed lots of infections from my registry; rebooted scanned more, removed more until there was nothing left except Glacier which was like this

c:/windows/system32/.exe

After 2 days I ran Stinger 260. Stinger spotted it in my files hidden deep in the common file folder. I had to click at least 5 folders to get to it .. It had the name of

Win32/Rbot.gen

I ran all of the softwares zooming in on just the files and found it . The program was actually

system32.exe which was found in the area where the security folder was

When I removed it.. Heres what happened next:

My PC started fluttering and it started a system shut-down on its own. I had no control over my PC. AFter rebooting, I was able to get back on the internet and everything. However, Glacier evidently took a lot of my Win32 files with it.

1. I have no audio
2. My Windows CE Application Manager module is missing
3. windows Installer was gone (I replaced that)
4. I cant download windows files... I get a WIN32 components missing
5. My browser is useless after about 15 minutes. I have to reboot and start again
6. The only way I can access My Computer is through Explorer.
7. And more little bitty stuff and it gets more and more irritating.

I'm unabel to access my command prompt .. I cant even access it through task manager...it as though Im clicking at space.

After careful research and sleuthing around... I find there is a program out called BOOM which was made to capture Yahoo IDs Cost: $300 Apparently, the trojan is undetectable by antiviruses, spyware and it can become a part of your system without you even knowing it and will record your keystrokes and send the info to you ftp server.. which is what you would need prior to purchasing this program.

I have installed many anti-yahoo sites, have come in contact with many people in various anti yahoo forums doing signatures and etc. Im sure I got it by email or replying to IMs regarding site problems and etc. Someone I knew gave that to me. The PC was clean. There was not nothing on it and the previous owner (my church) they did not have internet service at all and I only had the PC less than 24 hours when all this stuff happened. :flowers:

What is my next step? Please tell me I dont have to purchase another Windows xp sp2 software :trumpet:

Thanks for your time and stuff..I tried to do stuff myself without asking for help up to a point. But I can only go so far on my own not knowing certain things about computers. Its a good think I joine Bleepingcomputers because I didnt know where else to go :thumbsup:

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:24 AM

Posted 12 February 2007 - 06:48 PM

Continue with the rest of Boopme's instructions:

Post a Hijack This log in the appropriate forum by following the directions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users