Author Topic: Big Problem!!!!! (Read 43413 times)

Broni · « **Reply #45 on:** October 14, 2007, 12:54:25 AM »

I checked couple of sites, and I can see this particular trojan was first detected by AVG.
There is not much info about it. Google has 10 hits, 9 of them in Chinese. I tried automatic translation, but not much help there.
One thing, you can try (I'm gonna go to bed pretty soon)
Download avast!Free Virus Cleaner:
http://www.avast.com/eng/avast-virus-cleaner.html
and see what it can do.

See ya tomorrow.

Ivy · « **Reply #46 on:** October 14, 2007, 12:56:36 AM »

Thanks for help Broni,
Goodnight.

Broni · « **Reply #47 on:** October 14, 2007, 12:59:23 AM »

You can also try free a-squared:
http://www.emsisoft.com/en/software/free/
This a good tool. I have it installed on my rig, running in a real time.
Regards.

Ivy · « **Reply #48 on:** October 14, 2007, 01:02:45 AM »

Thanks i will try downloading them.
Night

Ivy · « **Reply #49 on:** October 14, 2007, 09:23:05 PM »

Broni will http://www.emsisoft.com/en/software/free/ detect or remove the Trojan?
If not we could think of somthing else.

Broni · « **Reply #50 on:** October 14, 2007, 09:32:42 PM »

From their site:

Quote

Remove infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs.

You may also try "Trojan Remover":
http://www.simplysup.com/tremover/download.html
It's fully functional for 30 days.

Ivy · « **Reply #51 on:** October 14, 2007, 09:33:52 PM »

Yes Boss

Broni · « **Reply #52 on:** October 14, 2007, 09:36:38 PM »

LOOOOOOOOOOL

Ivy · « **Reply #53 on:** October 15, 2007, 01:25:57 AM »

Here is my homework Broni.
a-squared Anti-Malware - Version 3.0
Last update: 10/14/2007 10:21:58 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start:   10/14/2007 10:22:51 PM

C:\Documents and Settings\Administrator\Cookies\administrator@computerhope[2].txt    detected: Trace.TrackingCookie
C:\WINDOWS\AppPatch\AcLue.dll    detected: Trojan-Spy.Win32.FtpSend.a
C:\WINDOWS\~Temp3510.tmp    detected: Trojan-Downloader.Win32.Small.eta
C:\WINDOWS\~Temp5988.tmp    detected: Trojan-Downloader.Win32.Small.eta
C:\WINDOWS\~Temp6143.tmp    detected: Trojan-Downloader.Win32.Small.eta
C:\WINDOWS\~Temp6330.tmp    detected: Trojan-Downloader.Win32.Small.eta
C:\WINDOWS\~Temp9198.tmp    detected: Trojan-Downloader.Win32.Small.eta
C:\WINDOWS\~Temp9910.tmp    detected: Trojan-Downloader.Win32.Small.eta

Scanned

Files:    32127
Traces:    338752
Cookies:    29
Processes:    32

Found

Files:    7
Traces:    0
Cookies:    1
Processes:    0
Registry keys:    0

Scan end:   10/14/2007 10:40:52 PM
Scan time:   12:18:01 AM

Now after this result and after removing the above detected things , i restarted my comp, and scanned again and the trojan reappeared, what to do now , i have a few ideas but i need your advice first.
Thanks Broni

Ivy · « **Reply #54 on:** October 15, 2007, 03:26:28 AM »

OK , here is my latest scan report with location
a-squared Anti-Malware - Version 3.0
Last update: 10/14/2007 10:21:58 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start:   10/15/2007 1:22:54 AM

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PQ0A2U4N\x[1].exe    detected: Trojan-Downloader.Win32.Small.eta
C:\System Volume Information\_restore{88F0CDD3-F86F-465E-A138-4DE6072B8AAA}\RP6\A0019378.dll    detected: Trojan-Spy.Win32.FtpSend.a
C:\WINDOWS\~Temp5288.tmp    detected: Trojan-Downloader.Win32.Small.eta

Scanned

Files:    32514
Traces:    338752
Cookies:    27
Processes:    34

Found

Files:    3
Traces:    0
Cookies:    0
Processes:    0
Registry keys:    0

Scan end:   10/15/2007 1:45:45 AM
Scan time:   12:22:51 AM
Since this Trojan Downloader is in Temp files , i tried to delete the Temp files in my C:\ files , but it says i cant delete them as they are used by another program.

Broni ,
The a-squared Anti malware seems to be working , it gave a message that Trojan downloader is tryng to connect to internet , it asked me to allow or deny it, i clicked on Always deny it, since then im not getting any warnings.

I clicked on the description of Trojan Downloader in a-squared Anti malware console (there was the option to click on the trojan name and find info on it , i also did some search in google), It said that a Trojan downloader is a program which downloads programs into your computer, This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file 3072 bytes in size. It is not packed in any way.

When launched, the Trojan checks whether the victim machine is connected to the Internet. If a connection is detected, the Trojan will download the following files from u***ti.lycos.it/vx9:

Trojan Downloader comes with a download which appers to do nothing , like a game download etc. It sends the information of your Hard Drive to the internet.
So i was thinking that i will scan my comp again and even if my comp is protected now , what about the already infected files......

I also tried to go to http://www.simplysup.com/tremover/download.html, but i get a warning that this site is dangerous .
Waaaaa what should i do Broni!!!!!!!

Broni · « **Reply #55 on:** October 15, 2007, 09:04:40 AM »

Well, we are making little progress.
I'm not clear on one thing, though. What was a-squared final say. It couldn't remove all of that trojan, or what?

Quote

I also tried to go to http://www.simplysup.com/tremover/download.html, but i get a warning that this site is dangerous

You got that warning from where?
That download is recommended by Softpedia, so it shouldn't be dangerous. I went there, and I'm still alive...LOL

Ivy · « **Reply #56 on:** October 15, 2007, 09:14:53 AM »

Quote from: Broni on October 15, 2007, 09:04:40 AM

Well, we are making little progress.
I'm not clear on one thing, though. What was a-squared final say. It couldn't remove all of that trojan, or what?

It removed everything that it detected but it keeps giving me those notifications that Trojan-Downloader.Win32.Small.eta is trying to execute somthing allow or deny , so i select deny, In the latest scan it showed no infection , i wonder why it gives the message then!!

Quote from: Broni on October 15, 2007, 09:04:40 AM

You got that warning from where?

It was a Web Security Guard Warning.

Quote from: Broni on October 15, 2007, 09:04:40 AM

That download is recommended by Softpedia, so it shouldn't be dangerous. I went there, and I'm still alive...LOL

Im glad you are doing fine and I pray that you continue to do well

Broni · « **Reply #57 on:** October 15, 2007, 09:46:17 AM »

LOL....Just get that thing...

Ivy · « **Reply #58 on:** October 15, 2007, 10:23:25 AM »

It downloaded the whole thing but then it says the files are corrupted .......it asks me to download again .
Im downloading again......reminds me of the problem that person had in the other thread , you told him to download TCP somthing $:-\$
Shall i ?

Ivy · « **Reply #59 on:** October 15, 2007, 10:42:43 AM »

The download is complete , im updating right now......

Computer Hope Forum

News:

Author Topic: Big Problem!!!!! (Read 43413 times)

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Broni

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!

Ivy

Re: Big Problem!!!!!