~~Help !!! Trojan.moo infected

Discussion in 'malware problems & news' started by Q-Bert23, Jul 18, 2005.

Thread Status:
Not open for further replies.
  1. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey peeps, I was infected yesterday with the Trojan.moo, it is located in

    C:\Documents and Sett\wv[1].ani

    My norton AV caught it, but couldnt repair the file. I just downloaded TDS-3
    and Trojancleaner but havent run them yet. My os is

    MS WinXP
    Home Edition
    Version 2
    Service Pack 2

    HP Pavillion
    AMD Athlon, 2800+
    2.08 GHz, 448 MB of RAM

    Also, Norton AV, Spy Sweeper, CCleaner, BHR, Slap,Ad Aware, Safe Windows,Counter Spy and EZ RegCleaner.
    So, after i run these definitions and cleaners will that help any?


    Q-Bert
     
  2. Ailric

    Ailric Guest

  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Kaspersky also detects this one, you can use the free Kaspersky Webscanner (link in my signature). :)
     
  4. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey thanks for the quick posting guys. I really appreciate it.

    Ailric: I already checked the Symantec Security Response. They dont offer much help when you've already been infected. I downloaded new definitions made specifically for the Trojan.moo( or Hacktool.Jpeg) and ran my Norton AV, which didnt work. So i downloaded the same definitions from a clean PC, and added them in which also didnt work. o_O?

    Don Pelotas( great friggin name btw) : Im going to try the link in your sig, these Kaspersky ppl are trusted right? I'll try anything once. But i went to the Symantec Security Sweep and ran that, which also didnt work. Ive downloaded TrojanHunter and TDS-3( dont know how to use it yet though, or add new def for it) which also havent worked.

    O yeh, I found the file it is in( Index.Dat) but I wasnt sure if I should delete this file since it is a valid Windows file.
    It was located in

    C:Documents and Settings\Owner\Local Settings\Temp Internet Files\ Content.IE5\YF24CEOS\wv[1].ani





    Does anyone here no how to read HJT logs? Thanks for any help given.


    Q-Bert23
     
  5. Ailric

    Ailric Guest

    As trusted as you can get. They have the best scanner out there.

    If I was you, this is what I would do.

    1. Download Microworld Toolkit (it uses Kaspersky engine and updates)
    http://www.spywareinfo.dk/download/mwav.exe

    2. Turn off System Restore.

    3. Reboot in Safe Mode. Scan and clean with Microworld.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Delete your Temporary Internet File cache and that should remove it....leaving your Index.dat file intact.
     
  7. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.

    Hey thanks for your concern Bubba. I downloaded Dr.Delete yesterday and turned off system restore. And like you said Bubba,I deleted the file and it disapeared so I thought I got rid of it....but lo' I have failed. While the wv[1].ani has been deleted, I cant seem to delete the whole Temp. Internet Folder. I get a popup saying that windows needs that folder to operate properly. And now my javascript isnt working so well. I play video pool alot, and now instead of the Yahoo pool screen I get a small white box with a red X in the middle. friggin weird....

    Q-Bert23
     
  8. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey Ailric, I heard it isnt good to have 2 AV's running at the same time...so should i still download the MicroWorld AV and try and chunk my Norton AV?


    ps...If I delete the whole Temp. Internet Files Folder with Dr.Delete, will my Windows still be able to run?



    Q-Bert23
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thats correct, but only if we are talking real-time monitoring, on-demand scanners you safely use two or three if you like a second opinion, if you use onlinesanners or a standalone scanner like DrWeb CureIt, just one at a time.

    Unfortunately it seems that Microworld has decided to discontinue their free version 4.47 which both clean/delete's.https://www.wilderssecurity.com/showthread.php?p=514308#post514308

    Yes, Kaspersky is a very trustworthy vendor with arguably the best overall detection, all the scanners in my signature is safe to use, and free!! :)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.