Help please - Swizzor.br trojan

Discussion in 'malware problems & news' started by scatterbrain, Oct 27, 2004.

Thread Status:
Not open for further replies.
  1. scatterbrain

    scatterbrain Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    4
    Location:
    UK
    My PC has the swizzor.br trojan on it. It is not picked up by a virus scan but is by Adaware, I then quarantine and delete it, only for it to reappear again a couple of minutes later. How can I eradicate it completely? Also, I think this may be connected as the two have happened simultaneously, I have a lop.com search bar which keeps surfacing, along with regular pop-ups. I understand this is very hard to get rid of. Any suggestions please?

    I run AVG, Adaware, Spybot S & D and Spywareblaster as well as having a hardware firewall so am not sure how my PC has become infected o_O

    Thanks in advance for any help.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    scatterbrain

    Blackspear has put together some instructions on how to clean up your computer here .
     
  3. scatterbrain

    scatterbrain Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    4
    Location:
    UK
    Thank you. Will give it a try.

    Ellie
     
  4. Martinho

    Martinho Guest

    This is "how" I got rid of it.
    May not be very technical but it worked!
    As you noticed, your ad-aware scan provided a different name for the file containing the trojanDownloader each time you scanned the system and 'quarentined' the file. So, there must be a 'mother file' somewhere!
    I knew it was located at docum\myname\local settings\temp. However, after booting in safe mode DOS with F8 I could no longer have access to that directory. However, I noticed an equally long 239Kb file, FragAxis.exe, in a strange directory (myname\Application Data\online wma keep) but did nothing at that moment.
    I rebooted again and there it was again the trojan Downloader. I quarentined it and watched the system 'task manager, processes': the FragAxis was there! I 'end process' the task and went to the above 'online wma keep' directory and deleted all the files and the directory altogether!
    There!
    (Can it be 'Skype' the cover for the invasion? Sorry, just guessing)
     
  5. scatterbrain

    scatterbrain Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    4
    Location:
    UK
    Hi Martinho,

    Only just read your post. Thanks for your help - I eventually got rid of the pest by moving all my documents etc. into a separate file, then setting up a new user account, moving the new file over to the new user account, then deleting the old user account. I'm sure it's not a very orthodox way of doing it but hey, it worked for me, after hours and hours of frustration trying to beat the thing.

    Thanks again

    Scatterbrain
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For future reference, this particular trojan is a mongrel to delete through normal methods, it comes from LOP, it can be removed by downloading a file from here http://lop.com/new_uninstall.exe then run a fully up-to-date AdAware in “Safe Mode”.

    Being that you have this problem, I would suggest after cleaning off Swizzor.br that you run through each and every step found here: https://www.wilderssecurity.com/showthread.php?t=50662

    All the best…

    Cheers :D
     
  7. scatterbrain

    scatterbrain Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    4
    Location:
    UK
    Thanks Blackspear :) I will do what you suggest. I never seem to pick up any of this rubbish myself, it's always my daughters who manage to infect the system :mad: Kids, eh!
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, not just kids, I have a couple of "Click Happy" people in my household that just looooove to test out the security that I set up ;) :D

    Further down the link I provided are links advising on what security is wise on a PC...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.