Tons o' Trojans

Discussion in 'Trojan Defence Suite' started by Muerte Roja, Jul 27, 2004.

Thread Status:
Not open for further replies.
  1. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    My friend, recently clicked a link for something along the lines of a Windows update search toolbar. He clicked the "No" option and right then, my computer froze. When I rebooted, I had AVG Anti Virus tell me I had a couple problems:

    These are all the viruses it found:
    BackDoor.Ruledor.D
    Downloader.Agent.AR
    Downloader.Turown.G
    Downloader.Turown.J
    Downloader.VB.3.AD
    Backdoor.VB.11.AM
    Downloader.Small.7.Q

    (I checked Symantec's virus encyclopedia, and they had no information on any of the above viruses, so I came to the next best source for help)

    The first problem upon viewing my desktop, was that I had a search toolbar above my taskbar. Fortunatley, AVG caught the viruses and automatically healed my system. I was able to get rid of the toolbar, but there are still suspicious files floating around my hard drive. Then, I ran Spybot S&D to get rid of any extra spyware it recognized.

    The problem? My system takes a really long time to start up now. Are the trojans still there? Is there a way to get rid of them?

    P.S. Earlier, I had been having some trouble with AVG randomly picking up the "SecThought.E" virus, but it never gave me that much trouble. Here's the discussion on it:

    https://www.wilderssecurity.com/showthread.php?t=30203

    If you want me to, I can post a HijackThis log. I already have one posted for the SecThought.E virus here:

    https://www.wilderssecurity.com/showthread.php?t=39544
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    It often helps to run a full scan in Safe Mode, update TDS-3 and run a scan of C:\ in there and delete anything positively identified - adware, trojans

    Your HJT log looks clean, but you can remove these

    O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27eef280a7b382...ip/RdxIE601.cab

    You also appear to have 2 resident antivirus scanners, which is very risky. AVG and McAfee ? You should stick to one resident, and the other on-demand
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hello Muerte Roja

    In addition to Gavin's help you can always get some more info here:

    http://www.virusbtn.com/resources/vgrep/

    Simply type in the name and click Search [select Any Vendor]

    *Note: Symantec often does not have a lot of these as they class them as either Trojans or Malware/Spyware and their claim is Virus detection. Just an observation I have seen in many threads/forums re Symantec's perceived lack of response to these issues of what's considered to be input into their data bases.

    I tried one of those names and got the following [see pic]

    TAS
     

    Attached Files:

    • 010.GIF
      010.GIF
      File size:
      19.3 KB
      Views:
      1,176
  4. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Thanks for the help. About the two resident virus scanners, I usually exit out of McAffee when my system starts up because it is such a drag on the resources. Should I uninstall it completely?

    I just set myself up with Ad Aware, Spyware Blaster, and Zone Alarm. Is there any threat with having all these programs?
     
    Last edited: Aug 1, 2004
  5. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I am doing this for a friend, but if you need a HJT log, I'm sure I can convince them to download it. Another reason I am only replying is because I seem to have lost my ability to post new threads.

    Does anyone know how to defeat the W32.Spybot.Worm?

    Thanks for any help.
     
  6. gr49erluvr

    gr49erluvr Registered Member

    Joined:
    Jul 26, 2004
    Posts:
    13
    I don't think you'll have a problem with having those programs running together. I have them and all is well.
     
  7. rrainbow

    rrainbow Registered Member

    Joined:
    May 22, 2004
    Posts:
    16
    Location:
    Canada
    I as well run ZA, adaware and Spyware Blaster together and have never had any problems with them together. I also run Spybot, sometimes too. So you'd always be Safe with these ones! ;)
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Antivirus programs (not spyware blaster, adaware, tds, others) install filesystem drivers which control file access - which is why you should avoid installing 2 of those. Even when you close the McAfee GUI down, the driver should still be active. It would be better to at least choose "disable" first ;)

    You could uninstall it, but what if you want to file scan with it to check a possible false alarm, or to have a backup scanner ? It would be better to disable the driver/service which controls the protection, and remove the startup for the GUI. If you want to, email support and I'll help you work through it :)
     
  9. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Thanks for all the help, I think I will e-mail support.

    Oh and by the way never mind about the W32.Spybot.Worm, I killed it.
     
  10. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Ummm...call me retarded, but what's the e-mail for help? I tried the "Contact Us" link and haven't gotten a response yet.
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Try this address: support(at)diamondcs.com.au

    Change (at) to @
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    only the good ones get respons.
    :D
     
  13. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
Thread Status:
Not open for further replies.