TrojanProxy.Sobit.A

Hi,

can somebody tell me something about TrojanProxy.Sobit.A? nod32 does detect it, can't remove it and i can't find any info on this TrojanProxy. Maybe you can give me some hints what it is and what i can do!

 

Detected as of 1.774

http://www.nod32-es.com/support/update_old_1761_1780.htm

I would make sure Nod32 is fully up-to-date, turn off system restore and reboot into "Safe Mode" and run a further scan with Nod.

Failing this, try the following for removal instructions:

http://www.pestpatrol.com/pestinfo/t/trojanproxy_win32_sobit.asp

Cheers

 

New Virus

Hi Blackbear we are also on the Gold Coast.

We have a new virus which I cant find listed anywhere.

Win32 Trojan Downloader/Agent.ab trojan

Which has installed itself as C:/Tempbdl74125.exe

Nod 32 is unable to quarantine, clean delate or rename.

Any suggestions gratefully received.

 

Thanx a lot!

BTW do you know a way to tell if the 'pest' has already registered itself or if the dll is only cached in TIF of IE?

Joerg

 

Re: New Virus

Detected as of 1.782

http://www.nod32.com/support/infoarchive.htm

I would make sure Nod32 is fully up-to-date, turn off system restore and reboot into "Safe Mode" and run a further scan with Nod while in Safe Mode.

Let us know how you go...

Cheers

Blackspear

 

After following what I advised above, you can then do a search of the registry for "sobit", be careful when touching the registry

Hope this helps...

Cheer

 

Re:New Virus

oops Blackspear Sorry.

Yes Nod 32 was uptodate as it is on Autoupdate

I will try your suggestion

 

Re: New Virus

I would also recommend setting up a automatic weekly scan, as shown here:

https://www.wilderssecurity.com/showthread.php?t=37509&page=1&pp=25

from post #20 onwards.

As well you should look at a few of the following products:

1. Zone Alarm (free) - Visual outgoing alerts
2. Spyware Blaster (free)
3. Spyware Guard (free) - Browser Hijack prevention
4. Spybot Search and Destroy (free) - if running the above 2 programs, should remain fairly clean
5. Adaware (free) - same as above
6. Script Defender (free) - Script protection
7. System Safety Monitor (free) - Registry change warning

These are discussed further here:

https://www.wilderssecurity.com/showthread.php?t=43117

Hope this helps...

Cheers

 

Blackspear

Thank you kindly for all your help and followed your instructions but the bottom box does not appear on my system as per your post 4

I do not get Methods on create options and am on update 1.833

Blackspear
Major Senior Member Join Date: Dec 2002
Location: Gold Coast, Australia
Posts: 1,142

Extra settings for Nod32

--------------------------------------------------------------------------------

Click on the “Methods” tab
Place a tick in “Runtime packers” and “Advanced heuristics”
Attached Images



__________________
"Illegitimis non carborundum."

Latin translation: "Don't let the bastards grind you down."

U.S. General Joseph W. "Vinegar Joe" Stilwell (1883-1946)

 

I mainly pointed you to that thread to set up a automated weekly scan so your system is checked for viruses at the very least, once a week.

The screen shots are for the new Beta, some pic's will vary from the version you have installed.

How did you go with removing the Trojan?

Cheers

 

New Virus

Blackspear

I ran Nod 32 in Safe mode but not only did it not clean the Virus in question but found 4 more.

I tried to delete the files which moved to recycle bin but then when trying to permanently delete its asked "Are you sure tou want to Delete Windows"

To which I replied no but I suppose it is just being a pest.

Anyway I then re started in safe mode and cleaned them but the pesky things came back again so repeated the exercise with System Restore turned off and eventually got rid of them.

One question though is if you turn of System restore and delete Win32 virus are you then in trouble if it corrupts the registry.

Thanks for all your help anyway....Your a star.

 

Re: New Virus

Generally infected files found in System Restore are deleted when you untick and reboot your PC, it removes all restore files and hence also removes viruses attached to those files.

As to corrupting the registry, if they are in system restore I don't think it could. Someone else may know for sure...

Hope this helps...

Cheers