Terrojan??

Discussion in 'malware problems & news' started by Cochise, Nov 5, 2005.

Thread Status:
Not open for further replies.
  1. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    Not sure how or why.....but I appear to have inherited Trojan 'DOWNLOADER. HUA'..??......AVG picks it up every time I scan.....but if I use A2, The Cleaner, Trojan Remover 6.4.4. or Trojan Hunter......they come up with nothing??......o_O.....Your comments would be appreciated Please.....

    Is it nothing or is it something??.......I've used AVG 'Heal' and restart and Quarantine but it still pops up on the scan??....

    Not sure if this is the right Forum though!!....

    Regards, Cochise,:cool:
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Have you manually gone to the location on your computer to see if it was there. If you have and it doesn't seem to be there it very probably could be a false positive. But I would go to the kaspersky web site and run their online scan just to be sure. Kav scan Here
     
  3. Beef

    Beef Guest

    Check your windows temp folder and clear your cache as well


    If that does not work boot in safe mode and run avg
     
  4. beef

    beef Guest

    forgot to mention that the clean the temp folder at start up with something like MRU blaster.....the trojan may be "in use" otherwise and not removalable
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    Good advice Beef;)
     
  6. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Not sitting in a system restore point?
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    In regards to BB's above post, what is the full path of the file chief?



    snowbound
     
  8. Beef

    Beef Guest

    BigC

    Thank you. Please excuse me tonight for not being talkative ...have been very ill for several days.........
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  10. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    Thanks everyone for your interest.....never had a virus before, so never had to find where they hide....:D

    Here's what KAV had to say....So where do I go from here, please speak slowly...:D :D

    Many Thanks, Cochise,:cool:
     

    Attached Files:

  11. Beef

    Beef Guest

    KAV discovered them LET KAV CLEAN THEM......download and install the trial version of KAV if you can.

    Not to worry.....there is enough experience around here to clean those bugs.........by the way start up in safe mode and scan with your AVG...bet that cleans at least one......

    The one in your temp folder try cleaning it out with MRU blaster as previously suggested
     
  12. Beef

    Beef Guest

    It just dawned on me that you did not mention if you have a trojan scanner on your system.......Chief you have trojans not viruses......many anti-virus programs do clean trojans but it may be worth considering installing a trojan scanner on you OS is you don"t have one......Ewido is nice...(free)...or trojan hunter (shareware) if your system is older
     
  13. FanJ

    FanJ Guest

    Hi Cochise,

    You said that you scanned with TrojanHunter and that it found nothing.
    Maybe a good idea to send at least that file c:\windows\system32\mscornet.exe to Magnus.
    Or maybe better: have a look at the following site.
    It gives you guidelines how to submit a file to all vendors, zipped and password protected:
    http://www.dslreports.com/faq/8428#submit

    Maybe a good idea to post a HijackThis-log and ask if an expert would have a look at it at one of the boards that handle HJT, like CastleCops for example.

    Cheers, Jan.
     
    Last edited by a moderator: Nov 7, 2005
  14. Beef

    Beef Guest

    OOPS....I gad not noticed that he had scanned with Trojan Hunter...my bad.
     
  15. FanJ

    FanJ Guest

    Hi Cochise,

    I couldn't see the full path, as Steve asked for in above quote, in your screenshot of the KAV-scan.
    Did you save a log-file of it?
    Could it be that the first file in that screenshot is in the system-restore folder? I am not too familiar with XP, so I'd better leave that to others...
    If it is indeed there, then disable for the moment system-restore and get rid of its content.
    (sorry in case I'm wrong here...).

    PS:
    I think that your thread would get more attention in the Trojan forum-section ;)

    Warm regards, Jan.
     
  16. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    Thanks Beef Mate.....Done that...check #1Post....:D

    Cochise,:cool:
     
  17. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    Well, that was an experience fans....I D/Ld KAV Trial...checked for all updates and ran the scan..(Result below)....after I closed the scan, up popped a window to say that the KAV update was out of date by 89 Days?? and would I like to update!!.....I OKd it and off it went to do it's thing.....then it advised I D/Ld all the 'Modules' it required to complete the job...I OKd that.....it took forever....(I have 2 gigs HDD, 512 Memory, XP and Broadband)......theres more..:D :D
    All of a sudden I get this squeal and a KAV window pops up to say I have 2 Dangerous doodads on my comp and would I like to delete them....I OKd that..my screen immediatley went black, then up came the old BSOD...Oh! Joy....."Your Computer is in danger of dying the Death, shut down now" or words to that effect.....:D :D :D

    I restarted and decided to uninstall KAV....it sure loads a lot of stuff...after the uninstall, to complete the process, I was asked to restart....I did that, and to my delight, everything on my Desk top and in All Programmes had created copies of themselves!!:D :D :D.

    Anyway, back into battle...:D :-*

    Cochise,:cool:
     

    Attached Files:

  18. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    The first one is in a system restore point and may not be able to be cleaned from there. Disabling and then re-enabling system restore will clear all restore points...
     
  19. FanJ

    FanJ Guest

    Thanks bigbuck ! ;)

    Cochise,
    If a nasty is in your system-restore, it might come back again and again...
    So, you have to get rid of that.

    What happened with respect to all those copies you mentioned, I don't know....

    BTW:
    Did you try an online scan at Panda Active Scan and TrendMicro HouseCall:
    http://www.pandasoftware.com/products/ActiveScan.htm
    http://housecall.trendmicro.com/
    and a scan with the trial of Ewido (in Safe Mode):
    http://www.ewido.net/en/download/

    If nothing helps, I would again advice to post a HijackThis-log at one of the boards that handle them; for example:
    http://gladiator-antivirus.com/forum/
    http://castlecops.com/forums.html
    http://forums.subratam.org/
     
    Last edited by a moderator: Nov 6, 2005
  20. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    Hi Fanj,

    Did Panda and Trend-Micro......Result from Trend as an example??....Below...

    I have lost AVG totally??.....it won't even load from Grisoft??......I just get 'error'??.....

    It's been 9 hours now, tried just about everything.....:D :D......How time flies when your enjoying yourself....:D :D :D

    I'm off to my bed now.....To sleep, perchance to dream, Aye!, theres the rub...:D

    Many thanks, Cochise,:cool:
     

    Attached Files:

  21. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    All the 'Copies ' are still there.......I will start deleting all the (2s) tomorrow..:D


    Byeee, Cochise,:cool: Floundering in Florida.....
     
  22. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    You'll all no doubt be pleased to know that your valuable advice conquered in the end and the dreaded Trojans have been burned alive inside the horse they came in.....the 'City of Troy' is once more safe in the hands of Wilders Security Commandos....for which I'am grateful.....but, just to keep you on your toes....what do you make of this....a casualty of the battle....I can't find a way to delete the extra Icons.....but I bet some very kind person out there knows how though...Please...:D :D :D

    Very Best Regards to All, Cochise,:cool: Happy in Harlem...
     

    Attached Files:

  23. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Cochise! :cool:

    Would this page be too much for ya? :D If you need help, someone's just a few smoke signal's away. :D
    You should be able to determine where the double's are located from the info here.

    ht*tp://windowsxp.mvps.org/cpicon.htm

    Don't fret over downloading the ShellObjectEditor cause maybe it's only those few places you need to look,
    unless the registry isn't your gig. Otherwise the commands on that page:

    CD\Windows\System32 simply places you in the proper directory,
    Dir *.cpl /a /b >C:\CPLs.txt output's a wildcard listing which you'll find on your root directory.

    Deal with the asterisk if you could please.


    On our toe's ;)
    GF
     
    Last edited: Nov 11, 2005
  24. Cochise

    Cochise A missed friend

    Joined:
    Jan 26, 2003
    Posts:
    2,549
    Location:
    North Thoresby Lincs Good Olde England
    :D :D :D Many Thanks GF for 'leaping in' on your toes like a pas de deux in Swan Lake Mate......but your Links didn't get me any further than 'Explorer' Control Panel and Namespace are a no show??.....don't you just hate it when that happens?....:D :D

    As you can see, I'am still keeping a smile on my face even if it's through the tears......:D :D :D Lol....


    Cochise,:cool:
     
  25. Guess I shouldn't mind getting scalped :eek: stumped by you either my teary-eye'd friend. ;)

    I looked around not having much success (yet) with that double-vision of your's. :D Have you tried a system wildcard search using the somewhat efficient :p M$ utility under *change preferences* to narrow the field of other possible location's where any additional cp applet's may be stored (*.cpl)?


    I'll stay in smoke's range ....
    GF :D
     
Thread Status:
Not open for further replies.