I believe I have a trojan and I need help removing!

Discussion in 'malware problems & news' started by drumstickz07, Jun 19, 2004.

Thread Status:
Not open for further replies.
  1. drumstickz07

    drumstickz07 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    20
    I just found out that I have a trojan with the name "Downloader-KL" and I want to get rid of it. A description of the trojan is here at this link:

    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126091

    Sure it tells me about the trojan, but unfortunately I can't remove it without their McAfee software and I don't have that. I tried searching "Downloader-KL" in the AVG and Trend Micro virus databases but they don't show up in their databases. This makes me think that AVG or the Trend Micro scan won't pick it up. Does anyone know any way to remove this manually? And does anyone know any free software that could possibly remove this? I would appreciate all help thanks!
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Download McAfee's command line version "DAILYSCAN.ZIP" from http://vil.nai.com/vil/virus-4d.asp. Create a folder that would be easy to get to via the command line such as c:\mcafee. Disable system restore. Boot into safe mode. Go Start, Run and type cmd to open a command-prompt window. Navigate to the c:\mcafee folder (type cd c:\mcafee and hit enter). Once there, type scan and hit enter to see the help screen. To start cleaning right away: type scan c: /sub /clean and hit enter.

    Nick
     
    Last edited: Jun 19, 2004
  3. drumstickz07

    drumstickz07 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    20
    Nick S, thank you very much for helping me with this. By doing what you told me I was able to delete the Download-KL Trojan along with several duplicates of it AND at least 40 other trojans/virus. I didn't know I had all these keyloggers and backdoor trojans in my system! You've been really helpful! Thanks!
     
  4. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  5. drumstickz07

    drumstickz07 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    20
    Yeah you're right, I'm not running one. I might buy a commercial one because they seem to have more features, but AVG looks pretty good too. Just curious, but what anti-virus program do you use?
     
  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    drumstickz,

    Since your system has been infected by (many?) trojans/backdoors, better change all passwords in use; they most probably have been harvested and can/will be used by the bad guys ;).

    regards.

    paul
     
  8. drumstickz07

    drumstickz07 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    20
    Does that include my password to log into Windows XP?
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    In a word, yes. ;)


    snowbound
     
  10. drumstickz07

    drumstickz07 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    20
    Thanks all of you!
     
  11. donnylevon

    donnylevon Guest

    i have it too. any luck removing it?
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Follow the procedure as posted above ;).

    regards.

    paul
     
  13. donnylevon

    donnylevon Guest

    i can't figure out how to remove downloader-kl!
     
  14. dqk

    dqk Guest

    I have the latest McAfee (4370 data file) & when I tried cleaning... it said it can't be cleaned.. then I tried deleting, but again it said It can't be deleted.

    Wierd... So, I continued & re-scanned later but idn't find a 2nd time. What do you think?
     
  15. Kelly S

    Kelly S Guest

    I followed Nick's instructions and am getting stuck in safe mode. I'm fine until I'm at the instructions that say type scan and hit enter to see the help screen. When I'm in c:\mcafee and type scan I receive the following message: 'scan' is not recognized as an internal or external command, operable program or batch file. I'm at a total loss. Your help would be greatly appreciated. Thanks!
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Can you tell us what files/programs are in that c:\mcafee folder? (Type: dir ) Maybe you don't have all the programs in your McAfee install.
     
  17. Kelly S

    Kelly S Guest

    The files are: clean.dat, scan.dat, names.dat....
     
  18. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Sorry for missing your post. The contents of the folder should be:

    scan.dat
    names.dat
    clean.dat
    scan.exe
    mcscan32.dll
    rwabs16.dll
    rwabs32.dll
    license.dat
    messages.dat

    Make sure you are using DAILYSCAN.ZIP from http://vil.nai.com/vil/virus-4d.asp


    Nick
     
  19. SimpleKid

    SimpleKid Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1
    Just a quick one, how do I disable system restore? (and why do I need to do this?)

    Steve
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas



    Using system restore
     
Loading...
Thread Status:
Not open for further replies.