Novice - I have trojans

Discussion in 'malware problems & news' started by trotterfrosty, Nov 15, 2006.

Thread Status:
Not open for further replies.
  1. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    Hello all

    Im abit of a novice with computers but I recently did a scan on my PC (using ewido) and i found the following... can anyone tell me how to get rid of them?

    I keep getting pop-ups from winantivirus, systemdoctor, freemp3s, ameena, errorsafe etc etc, the list goes on, this happens on every website i visit, whether its Microsoft, bbc, hotmail, everything!!!!

    any help would be appreciated, oh by the way, I cant just re-install windows, its a works machine so I cant take anything off...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: TrackingCookie.Esomniture
    Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@-1shz2prbmdj6wvny-1sez2pra2dj6wfkicldzskow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt
    Risk: Medium

    Name: TrackingCookie.Bpath
    Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@ads49.bpath[1].txt
    Risk: Medium

    Name: TrackingCookie.Hitbox
    Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@hg1.hitbox[2].txt
    Risk: Medium

    Name: TrackingCookie.Myaffiliateprogram
    Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@www.myaffiliateprogram[1].txt
    Risk: Medium

    Name: TrackingCookie.Yadro
    Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@yadro[1].txt
    Risk: Medium

    Name: Trojan.P2E.cl
    Path: C:\windows\eg_auth_1049.dll
    Risk: High

    Name: Dialer.EGroup.s
    Path: C:\windows\p2esocks_1047.dll
    Risk: High

    Name: Trojan.P2E.cl
    Path: C:\windows\p2esocks_1049.dll
    Risk: High

    Name: Trojan.P2E.cl
    Path: C:\windows\system32\eg_auth_srv_1049.dll
    Risk: High
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Oh my god, that's a nice collection.
    Just do something simple.
    1. Download a light free AntiTrojan like Asquared. (Here the Direct Download).
    2. Install it and Update the Database
    3. Restart the PC in safe mode and run a full deep scan with aSquared. Quarantine ALL (don't delete in first place) suspicious and infected files.
    4. Restart PC and look if everything is running well.

    Report back in case further steps are nececarry.

    Second you should think about a security setup on your PC to prevent such infiltration.
     
  3. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    Cheers, i'll give that a go in the morning... i've shown that list to 2 people and both have said... 'oh my god' !! lol, I take it they are quote bad?

    when i've done the above, will the popups stop?

    what sort of security setup would be good?

    sorry I'm a complete beginner to computers... I wouldn't know where to start!
     
  4. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Sime info to tide you over until someone more knowledgeable than I comes along.
    http://remove-winantivirus.info/
    This article talks about a program called Xoftspy to help temove this, to the best of my knowledge Xoftspy is not free to remove stuff, and some others will advise you on how to get rid of this stuff for free I'm sure.
    I have found this help forum useful
    http://www.geekstogo.com/forum/index.php?showforum=37
     
  5. betauser2

    betauser2 Guest

    What's your current setup?

    What is your system spec and operating system?
     
  6. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    What do you use right now? When i see your first post i think you use nothing.
    1. You should defenetly install as a base setup an AntiVirus and an AntiTrojan/AntiMalware application.
    2. Then think about a Firewall (for now activate XP Firewall)
    3. Than a HIPS.

    But as you are a total newcomer, i would suggest to stay for the moment with point 1 and 2 if you have Win XP.

    Before making suggestions regarding to your future setup, do you want to spend a little money for your setup and which OS are you using?

    Btw: Make a signature in this forum with regarding informations, this helps in further cases you need help.
     
  7. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    here goes...
    I've been trying to get rid of these pesky pop-ups for a while now, so I've downloaded the following:

    Windows Defender
    SpyBot s&D
    CCleaner
    Ad-Aware
    Hijackthis
    AVG Free

    I have 'Virus Scan on demand" running all the time when the pc is on!

    OS is Windows XP Pro, (but I cant find my disc to update to SP2) I know I probably should spend some money on sorting it out, but as its a works computer I dont think I can...

    If you need anymore info, let me know!

    Cheers!
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't understand if Ewido found that, it should be able to remove it! No??
     
  9. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    well thats what I though, but im still getting all these popups... I clicked on the 'delete infected' and they disappeared, but as soon as I open I.E. they were all there again??

    like I said, im a novice... and clueless !
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    OK. Follow the others advice then. Try also CWShredder.
    List of good Antispyware: Spybot S&D, AVG Antispyware, A-Squared, SuperAntispyware.
     
  11. JohnnyBravo

    JohnnyBravo Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    82
    How about turning off the System Restore ;)
     
  12. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    what would that be ? (system restore) ? and where would I find it ? and what does it do ?
     
  13. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
  14. yaggy

    yaggy Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    14
    Theres a large part of your problem...... IE (unpatched even)
    Switch to Firefox

    BTW Cookies are nothing to worry about.

    Sounds to me like you should start a clean slate. Format that thing then when XP is Reinstalled, update it. After that get an Antivirus, Firewall and use Firefox instead of IE

    You don't need a crap load of programs to protect you, just the basics and some common sense.... Practice Safe Hex
     
  15. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Sounds like a 'SmitFraud' infection. Do the following.

    Download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip to your Desktop.
    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Report if infection is found and we'll proceed further.
     
  16. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    Hello again,

    Thanks for the advice, I ran the deep scan and its found the same trojans and Dialer as 'ewido' did, so i've 'quaratined' them. I didn't run it in safe mode as im not 100% about stuff like this and I dont want to lose anything I might later need.

    As for reformating the machine, I simply cannot do it, its a works machine which is being used as a server for 5 other machines, all machines are networked to mine and everyone has access to all files/folders etc.

    so then, where do I go from here?

    baring in mind, I have already tried to delete these trojans / dialer using the 'ewido' scanner....
     
  17. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Let it stay quarantined. Being that sensitive i advise you to use HijackThis, save the log and request expert opinion.
    Use these instructions : http://wiki.castlecops.com/Malware_Removal:_Getting_Expert_Help_With_Your_HijackThis_Log
    Explain the situation and what you have done so far.
    There are other forums for expert opinion with HijackThis. Search this forum and you'll see other options for expert opinions. But not here. Don't post the log here, for there is a policy here that prevents that.

    Cheers and good luck
     
  18. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    As someone said, no pun intended, seek expert step by step guidance from one of the sites mentioned where you can post a hijackthis log, if that computer is serving others there is a significant risk that it will infect them all sooner or later if not already, then when cleaned take some advice here off the many helpful people in how best to secure that setup
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    lol that was one reason to pick this name. "wqdeffef" by someone. "As someone said..." Sooner or later you're all talking about me without knowing lol:D
    I should choose another name, but i haven't decided
     
  20. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Last edited by a moderator: Nov 15, 2006
  21. trotterfrosty

    trotterfrosty Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    7
    Thanks alot for your help, i've done what you advised so hopefully I wont have anymore popups soon!

    thanks again!
     
  22. marcromero

    marcromero Guest

    I would recommend you run the Dr.Web CureIt Utility. It's a free anti-malware utility. Click on the link in my signature.
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Those files you had are EGDACCESS dialers.
    Sometimes these are bundled with the Navipromo rootkit.
    This is usually the case if Ewido can't remove them.
    The person helping you might appreciate that information. :)

    Regards,

    Pieter
     
  24. donsan

    donsan Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    149
    Location:
    grand prairie tx
    If this computer is networked with other computers the first thing i would do is disconnect the infected computer from the network asap or you will have bigger problems.
     
Loading...
Thread Status:
Not open for further replies.