Really Bad Case Of Download.Trojan

Discussion in 'malware problems & news' started by The Trooper, Dec 19, 2004.

Thread Status:
Not open for further replies.
  1. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    Hi, i need some help, badly. My other computer has been infected with Download.Trojan, :mad: it's been on the computer for ages without me even realising and its disabled the internet. My two computers are connected together so i was going to send some programs over but its disabled the connection of the network. I have some disks though but still i need some serious help, thanks :)
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi The Trooper, welcome to Wilders.

    From what I have just read about this Trojan, working your way through the following comprehensive steps found in General Cleaning should resolve your situation.

    If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  3. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    ok im doing everything but i cannot update the programs, as the interent does not work and when i send most of the programs on the cd, the evaluation period ends. Also i have located where the file is its in C:/Program Files/Norton Antivirus/Quarintine/Portal. The file is named 30580BC5.exe. When running a scan with TDS, the file was marked as locked and would not scan it. Any ideas on how to access it so i can scan it?
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  5. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    can i just move the file somewhere where i can scan it?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What happens when you scan your system while in Safe Mode.

    Can you purge the Quarantine file in Norton (I've never used Norton, so I don't know how it functions).

    Cheers :D
     
  7. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    Sorry im lousy at my English, could you tell me what purge means?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That's ok, I only speak english and I'm not too good at spelling it ;) :D

    Does Norton have a DELETE Quarantine files option?

    Cheers :D
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Open up Norton, in quarantine, highlite the file you want to delete and hit delete.

    I would probably do this while in Safe Mode.

    Cheers :D
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  11. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    when i go into norton quarintine, the file is not there. I can only find the file when i go into program files.
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I think I would rename the file that you want to get rid of in program files to most anything you want to and try to delete it then. And if it still won't delete I would zip it and then try to delete it. You might disable norton antivirus while you try to delete it.

    P.S. just remember what you change the name from.
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    when you run tds3 disable your antivirus just in case that is what has the file locked and then maybe it can get rid of it.
     
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I don't know if you have tried running ad-aware se, my grand daughters comp. had fourty nine instances of the download trojan and ad-aware se removed every one of them. As a last resourt it is worth a try.

    bigc
     
    Last edited: Dec 19, 2004
  15. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    im going to try the cleaning thing first, how can i fully update my computer if i cannot acess the internet on the computer??
     
  16. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If you have no internet access you will just have to do the best you can with what you have.
     
  17. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    should i rename and attempt to delete the file in safe mode?
     
  18. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    the file has changed names without me doing anything? What is the cause of that?
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    OK, now I would suggest the following course of action:

    Download and run “Hijack This” found here and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    As what you have said sounds more like Spyware...

    Cheers :D
     
  20. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    could spyware have done like that much to my pc??
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That much and more...

    You may want to continue with General Cleaning, however when files begin changing names, I tend to head for a HijackThis Log...

    Just to be clear, Wilders do not review HJT logs any more.

    Cheers :D
     
  22. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    OMG its gone all i did was rename the file, delete it and restart my computer. The net is up and running again. thankyou blackspear and bigc73542, you guys are living legends!!!!!!!!
     
  23. The Trooper

    The Trooper Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    16
    im going to do a hijack this log just to be on the safe side too
     
  24. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Not always but sometimes the simplest way is the best way. Glad you had a good result.

    bigc
     
  25. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    ROFLMAO, well excellent, now run through General Cleaning just to be sure.

    After this you may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    Let us know how you go…

    Cheers :D
     
Thread Status:
Not open for further replies.