Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble Removing Trojan


  • Please log in to reply
6 replies to this topic

#1 JimmyH

JimmyH

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 February 2007 - 05:30 PM

Hi,

wonder if someone can help me. My AVG 7.5 detects and deletes the trojan "downloader.generic3.OPD", but it shows up again on the next scan. I've tried after numerous updates of AVG and have searched for advice re this trojan with little luck.

Also tried Spybot and Ad-aware to no avail.

I'm quite a novice and would be very very grateful for some help.

Cheers

Jimmy

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:34 AM

Posted 27 February 2007 - 06:37 PM

Are you referring to AVG AntiSpyware or AVG Antivirus?
--------
Also, try this:

Download and install SUPERAntiSpyware free found here: http://www.superantispyware.com/superantis...efreevspro.html

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).

Here you can see what if found and didn't find and what it did with it.

Click close and close again to exit the program.

Please let us know how that turns out.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:34 AM

Posted 28 February 2007 - 01:31 PM

Where is AVG detecting this trojan downloader? Did it provide a location and file name associated with it?

If you only have AVG anti-virus, then download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 JimmyH

JimmyH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 February 2007 - 07:26 PM

[b][i]Hi Orange Blossom and Quietman, thanks for helping me out.

I have AVG anti-virus, but will download anti-spyware.

Here's the results from SUPERantispyware:

SUPERAntiSpyware Scan Log
Generated 03/01/2007 at 00:10 AM

Application Version : 3.5.1016

Core Rules Database Version : 3191
Trace Rules Database Version: 1201

Scan type : Complete Scan
Total Scan Time : 01:47:18

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 5660
Registry threats detected : 1
File items scanned : 71934
File threats detected : 34

Adware.Tracking Cookie
C:\Documents and Settings\Jimmy\Cookies\jimmy@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@questionmarket[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@ad.yieldmanager[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@cgi-bin[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adrevolver[3].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adrevolver[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@tradedoubler[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adtech[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@a[1].txt
C:\Documents and Settings\Mich\Cookies\mich@adinterax[1].txt
C:\Documents and Settings\Mich\Cookies\mich@bannersng.yell[1].txt
C:\Documents and Settings\Mich\Cookies\mich@cz4.clickzs[2].txt
C:\Documents and Settings\Mich\Cookies\mich@dist.belnk[2].txt
C:\Documents and Settings\Mich\Cookies\mich@keywordmax[1].txt
C:\Documents and Settings\Mich\Cookies\mich@kmpads[1].txt
C:\Documents and Settings\Mich\Cookies\mich@starware[2].txt
C:\Documents and Settings\Mich\Cookies\mich@www.dgm2[2].txt

Malware.SpywareBot
HKU\S-1-5-21-790525478-1078081533-682003330-1003\Software\SpywareBot
C:\Program Files\SpywareBot\DataBaseNew.ref
C:\Program Files\SpywareBot\Log\log_2007_02_27_22_40_12.log
C:\Program Files\SpywareBot\Log\log_2007_02_27_22_40_14.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Quarantine
C:\Program Files\SpywareBot\Registry Backups
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\ScanResults.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\SpywareBot
C:\WINDOWS\Prefetch\SPYWAREBOT.EXE-086C4670.pf

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WINTSVTR.EXE




During the scan, AVG anti-virus was sparked into action and detected the generic3.OPD trojan.

The scan took ages, so I'll do further scans tomorow with AVG anti-virus and anti-spyware and will post new note should I still have probs if anyone can help me further.

Thanks so much guys

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:34 AM

Posted 01 March 2007 - 08:19 AM

SpywareBot is a program that is listed as a rogue on the Rogue/Suspect Anti-Spyware List. "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection. I recommend that you uninstall it and use one of the Trustworthy Anti-Spyware Products.

WINTSVTR.EXE is related to Purity Scan. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight any of the following programs (if listed) and select Remove.
PuritySCAN By OIN
OIN
MediaTickets by OIN
Yazzle by OIN
Yazzle Cowabanga by OIN
Yazzle ActiveX By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
TizzleTalk by OIN
or anything similar with OIN or Outerinfo in it

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 JimmyH

JimmyH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 01 March 2007 - 04:58 PM

Hi Quietman,

I'm chuffed to say the trojan has gone!

I didn't locate those programs you stated but having done AVG anti-virus scan, no threats were found.

SUPERAnti-spyware worked a treat and seems a great scan to use should AVG have trouble getting shot.

Cheers again to you and Orange Blossom!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:34 AM

Posted 01 March 2007 - 05:07 PM

:thumbsup:

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users