Hit with Exploit-iframBO!shellcode trojan

Discussion in 'Trojan Defence Suite' started by Arctic, Nov 21, 2004.

Thread Status:
Not open for further replies.
  1. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I hope someone here can help me. I went to a website that I have gone to on numerous occassions and never had a problem. The name of the site is leoslyrics.com. When I went to this site Friday night my antivirus popped up to alert me. So I had to do a scan and it found the following:

    Exploit-iframBO!shellcode c[1].htm 1[1].exe

    I tried to clean but it said it could not be clean so it deleted the files.

    Then to be safe I ran my TDS-3 antitrojan and this is what it found.

    Trojan Dropper.win32.mudrop.k
    Adware.Ezula.t dll
    Adware.Ezula.t dropper dll
    \winnt\system32\in10b6s.dll
    \winnt\system32\kvif_11.dll

    So I deleted it with TDS-3. I then restarted my computer and did another complete scan just to be sure my systm was clean and it was.

    Now here is the problem. During this time I turned off my system restore because I certainly did not want it to restore to the point it was. After my system was all clean I tried to turn my system restore back on but it would not activate :'( I got the following message:

    "System Restore encountered an error trying to enable/disable one or more drivers. Please restart your machine and try again."

    I have tried for 2 days to fix this problem. I even called Microsoft when I could not find any reference on their site. If I cannot find how to restore this function my only option will be a total reinstall of my operating system. :doubt:

    I have:
    Windows XP Home edition SP1
    TDS-3
    Process Guard
    Port Explorer
    Warm Guard
    Zone Alarm
    Mcafee Antivirus
    Linksys router
    Linkslogger

    I had all software shut down with the exception of TDS3 when I was running my scan.

    I hope someone can help me soon. All help is appreciated :)
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    go to start/run and type services.msc

    when the services page opens scroll down and make sure that the following services are set to automatic and then reboot

    Help and Support
    Task Scheduler
    System Restore Service
    Remote Procedure Call (RPC)
     
  3. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you for your reply dvk01. Those services are active. They were the first things I checked when I started having this problem. I think something must have gotten deleted when I deleted the trojan with the tds-3. It may be some driver that I needed. I did a search for the dll mentioned in my first post but did not find them on any site. So at this point I am just really not sure what to do. :(
     
  4. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I think I found a solution to my problem. I turned process guard off and closed the program. I then turned on my system restore and it works now. I find this to be a bit weird because I did that earlier and it would not work but for some reason now it works. So, I hope it continues to work. :D
     
Thread Status:
Not open for further replies.