~~Help !!! Trojan.moo infected

Discussion in 'malware problems & news' started by Q-Bert23, Jul 18, 2005.

Thread Status:
Not open for further replies.
  1. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey peeps, I was infected yesterday with the Trojan.moo, it is located in

    C:\Documents and Sett\wv[1].ani

    My norton AV caught it, but couldnt repair the file. I just downloaded TDS-3
    and Trojancleaner but havent run them yet. My os is

    MS WinXP
    Home Edition
    Version 2
    Service Pack 2

    HP Pavillion
    AMD Athlon, 2800+
    2.08 GHz, 448 MB of RAM

    Also, Norton AV, Spy Sweeper, CCleaner, BHR, Slap,Ad Aware, Safe Windows,Counter Spy and EZ RegCleaner.
    So, after i run these definitions and cleaners will that help any?


    Q-Bert
     
  2. Ailric

    Ailric Guest

  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Kaspersky also detects this one, you can use the free Kaspersky Webscanner (link in my signature). :)
     
  4. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey thanks for the quick posting guys. I really appreciate it.

    Ailric: I already checked the Symantec Security Response. They dont offer much help when you've already been infected. I downloaded new definitions made specifically for the Trojan.moo( or Hacktool.Jpeg) and ran my Norton AV, which didnt work. So i downloaded the same definitions from a clean PC, and added them in which also didnt work. o_O?

    Don Pelotas( great friggin name btw) : Im going to try the link in your sig, these Kaspersky ppl are trusted right? I'll try anything once. But i went to the Symantec Security Sweep and ran that, which also didnt work. Ive downloaded TrojanHunter and TDS-3( dont know how to use it yet though, or add new def for it) which also havent worked.

    O yeh, I found the file it is in( Index.Dat) but I wasnt sure if I should delete this file since it is a valid Windows file.
    It was located in

    C:Documents and Settings\Owner\Local Settings\Temp Internet Files\ Content.IE5\YF24CEOS\wv[1].ani





    Does anyone here no how to read HJT logs? Thanks for any help given.


    Q-Bert23
     
  5. Ailric

    Ailric Guest

    As trusted as you can get. They have the best scanner out there.

    If I was you, this is what I would do.

    1. Download Microworld Toolkit (it uses Kaspersky engine and updates)
    http://www.spywareinfo.dk/download/mwav.exe

    2. Turn off System Restore.

    3. Reboot in Safe Mode. Scan and clean with Microworld.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Delete your Temporary Internet File cache and that should remove it....leaving your Index.dat file intact.
     
  7. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.

    Hey thanks for your concern Bubba. I downloaded Dr.Delete yesterday and turned off system restore. And like you said Bubba,I deleted the file and it disapeared so I thought I got rid of it....but lo' I have failed. While the wv[1].ani has been deleted, I cant seem to delete the whole Temp. Internet Folder. I get a popup saying that windows needs that folder to operate properly. And now my javascript isnt working so well. I play video pool alot, and now instead of the Yahoo pool screen I get a small white box with a red X in the middle. friggin weird....

    Q-Bert23
     
  8. Q-Bert23

    Q-Bert23 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    6
    Location:
    In the deep south.
    Hey Ailric, I heard it isnt good to have 2 AV's running at the same time...so should i still download the MicroWorld AV and try and chunk my Norton AV?


    ps...If I delete the whole Temp. Internet Files Folder with Dr.Delete, will my Windows still be able to run?



    Q-Bert23
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thats correct, but only if we are talking real-time monitoring, on-demand scanners you safely use two or three if you like a second opinion, if you use onlinesanners or a standalone scanner like DrWeb CureIt, just one at a time.

    Unfortunately it seems that Microworld has decided to discontinue their free version 4.47 which both clean/delete's.https://www.wilderssecurity.com/showthread.php?p=514308#post514308

    Yes, Kaspersky is a very trustworthy vendor with arguably the best overall detection, all the scanners in my signature is safe to use, and free!! :)
     
Loading...
Thread Status:
Not open for further replies.