~~Help !!! Trojan.moo infected

Hey peeps, I was infected yesterday with the Trojan.moo, it is located in

C:\Documents and Sett\wv[1].ani

My norton AV caught it, but couldnt repair the file. I just downloaded TDS-3
and Trojancleaner but havent run them yet. My os is

MS WinXP
Home Edition
Version 2
Service Pack 2

HP Pavillion
AMD Athlon, 2800+
2.08 GHz, 448 MB of RAM

Also, Norton AV, Spy Sweeper, CCleaner, BHR, Slap,Ad Aware, Safe Windows,Counter Spy and EZ RegCleaner.
So, after i run these definitions and cleaners will that help any?


Q-Bert

 

Here's what Synmantec (Norton) has to say about trojan.moo.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.moo.html

If that is the only problem, couldn't you just delete wv[1].ani?

 

Kaspersky also detects this one, you can use the free Kaspersky Webscanner (link in my signature).

 

Hey thanks for the quick posting guys. I really appreciate it.

Ailric: I already checked the Symantec Security Response. They dont offer much help when you've already been infected. I downloaded new definitions made specifically for the Trojan.moo( or Hacktool.Jpeg) and ran my Norton AV, which didnt work. So i downloaded the same definitions from a clean PC, and added them in which also didnt work. ?

Don Pelotas( great friggin name btw) : Im going to try the link in your sig, these Kaspersky ppl are trusted right? I'll try anything once. But i went to the Symantec Security Sweep and ran that, which also didnt work. Ive downloaded TrojanHunter and TDS-3( dont know how to use it yet though, or add new def for it) which also havent worked.

O yeh, I found the file it is in( Index.Dat) but I wasnt sure if I should delete this file since it is a valid Windows file.
It was located in

Cocuments and Settings\Owner\Local Settings\Temp Internet Files\ Content.IE5\YF24CEOS\wv[1].ani





Does anyone here no how to read HJT logs? Thanks for any help given.


Q-Bert23

 

As trusted as you can get. They have the best scanner out there.

If I was you, this is what I would do.

1. Download Microworld Toolkit (it uses Kaspersky engine and updates)
http://www.spywareinfo.dk/download/mwav.exe

2. Turn off System Restore.

3. Reboot in Safe Mode. Scan and clean with Microworld.

 

Delete your Temporary Internet File cache and that should remove it....leaving your Index.dat file intact.

 

Hey thanks for your concern Bubba. I downloaded Dr.Delete yesterday and turned off system restore. And like you said Bubba,I deleted the file and it disapeared so I thought I got rid of it....but lo' I have failed. While the wv[1].ani has been deleted, I cant seem to delete the whole Temp. Internet Folder. I get a popup saying that windows needs that folder to operate properly. And now my javascript isnt working so well. I play video pool alot, and now instead of the Yahoo pool screen I get a small white box with a red X in the middle. friggin weird....

Q-Bert23

 

Hey Ailric, I heard it isnt good to have 2 AV's running at the same time...so should i still download the MicroWorld AV and try and chunk my Norton AV?


ps...If I delete the whole Temp. Internet Files Folder with Dr.Delete, will my Windows still be able to run?



Q-Bert23

 

Thats correct, but only if we are talking real-time monitoring, on-demand scanners you safely use two or three if you like a second opinion, if you use onlinesanners or a standalone scanner like DrWeb CureIt, just one at a time.

Unfortunately it seems that Microworld has decided to discontinue their free version 4.47 which both clean/delete's.https://www.wilderssecurity.com/showthread.php?p=514308#post514308

Yes, Kaspersky is a very trustworthy vendor with arguably the best overall detection, all the scanners in my signature is safe to use, and free!!