Troj_checkin.b

Discussion in 'malware problems & news' started by rodo, Jun 20, 2003.

Thread Status:
Not open for further replies.
  1. rodo

    rodo Registered Member

    Joined:
    Jun 20, 2003
    Posts:
    2
    Location:
    Portugal
    Hi,

    I do have two weeks problems with troj_checkin.b.
    TrendMicro virus scanner detects thes troj and deletes it.
    Also I try to delete it manualy in the register. But it comes back again.
    I saw also that is makes ttps.exe and owmngr.exe active and try to contact serveral sites: popunder.info.... and fastfind.org
    Does anyone know to get them out of my register en system for good!!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi rodo,

    Welcome at Wilders. :)

    See if you can get rid of it with these instructions: http://www.f-secure.com/v-descs/checkin.shtml

    If that doesn't work, please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.

    Regards,

    Pieter
     
  3. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hello rodo :).

    Have you checked out Trend's website and the info for manual removal?
    Troj_checkin.b also downloads the spyware detected as TROJ_ADWAREAPS.A. by Trend.

    Check it out here: http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=troj%5Fcheckin%2Eb%2E&alt=checkin%2Eb%2E

    Click on TROJ_CHECKIN.B, and it will take you to the page with instructions for manual removal.


    Regards, Jade.
    BTW, use Hijack This! like Pieter said after trying this and/or the f-secure link and post as stated previously.
     
  4. rodo

    rodo Registered Member

    Joined:
    Jun 20, 2003
    Posts:
    2
    Location:
    Portugal
    thanks Pieter,

    http://www.f-secure.com/v-descs/checkin.shtml makes it clear to me.

    This TTPS.EXE file is re-created every time it is deleted by a user.After an investigation we found out that the file is being hiddenly downloaded and activated by the SBSRCH_V22.DLL file which is customized search plugin for Internet Explorer.

    Jade, sure I checked for checkin.b at trendmicro - and did what they told me to do, but it didn´t fix the re-creating problem.

    I hope its gone know.

    gr, Rodo
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Good job, rodo. :cool:

    Don't hesitate to post your log in case it has the nerve to show up again.

    Regards,

    Pieter
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    TDS detects both variants of this, but we weren't sent a copy of the DLL, SBSRCH_V22.DLL

    If you have a copy of that, please do send it in to support@diamondcs.com.au , thanks :)
     
Thread Status:
Not open for further replies.