Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Themida.do, Trojan Downloader.win32.keenval.g


  • Please log in to reply
4 replies to this topic

#1 Jarlen

Jarlen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 09 April 2007 - 01:51 PM

Hi.

I have a problem with these Trojan i cant get them removed from my computer.
I have OS Windows XP.

The Themida.DO Trojan i got when i downloade some program and opened a exe file.
The Downloader keenval, i dont got i clue where it came from, maybe the same program.
I have tryed running, Norton AntyVirus, RegistryFix, SpyBot - seach and Destroy, Ad-Aware, Spysweeper and F-Souce internet service(this program pops op with windows, this is what is in them.)

None of these program, cant removed the Trojans, i have tryed now in about 5 hours the removed this trojans, adware and virus's but nothing simes to work.


----
Adware.win32.neon
Spyware Detected.
Type: adware
Object: C:\windows\ibbho.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
oject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\43014607.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
Object: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

adware.win32.altnet
Spyware Detected.
Type: adware
Opject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

Evil minded kode found in file: 48c20957.exe
Infected. Trojan downloader.win32.keenval.g

---

Thats the "only" one i got until now
I have runned out of ideas and i hope someone can help me

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 09 April 2007 - 03:52 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Jarlen

Jarlen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 10 April 2007 - 03:02 AM

Okay Thanks ill do that =)

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:11 AM

Posted 10 April 2007 - 03:44 AM

Adware.win32.neon
Spyware Detected.
Type: adware
Object: C:\windows\ibbho.dll

This belongs to the incredimail toolbar, which serves to insert graphics into your email.

The three entries in your quarantaine can be solved by deleting those particular files from the quarantaine. A google search did not show anything on those files so they are remants of a virus you had

For the rest please follow buddy's instructions

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:11 AM

Posted 10 April 2007 - 03:46 AM

Jarlen has posted his HJT log

after posting a log you should NOT make further changes to your computer. This includes installing/uninstalling programs, using special fix tools, deleting files, editing the registry, etc. unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users