Hi, I do have two weeks problems with troj_checkin.b. TrendMicro virus scanner detects thes troj and deletes it. Also I try to delete it manualy in the register. But it comes back again. I saw also that is makes ttps.exe and owmngr.exe active and try to contact serveral sites: popunder.info.... and fastfind.org Does anyone know to get them out of my register en system for good!!
Hi rodo, Welcome at Wilders. See if you can get rid of it with these instructions: http://www.f-secure.com/v-descs/checkin.shtml If that doesn't work, please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log as a .txt file, and copy and paste its contents into your next post. Most of what it lists will be harmless, so do not fix anything yet. Regards, Pieter
Hello rodo . Have you checked out Trend's website and the info for manual removal? Troj_checkin.b also downloads the spyware detected as TROJ_ADWAREAPS.A. by Trend. Check it out here: http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=troj%5Fcheckin%2Eb%2E&alt=checkin%2Eb%2E Click on TROJ_CHECKIN.B, and it will take you to the page with instructions for manual removal. Regards, Jade. BTW, use Hijack This! like Pieter said after trying this and/or the f-secure link and post as stated previously.
thanks Pieter, http://www.f-secure.com/v-descs/checkin.shtml makes it clear to me. This TTPS.EXE file is re-created every time it is deleted by a user.After an investigation we found out that the file is being hiddenly downloaded and activated by the SBSRCH_V22.DLL file which is customized search plugin for Internet Explorer. Jade, sure I checked for checkin.b at trendmicro - and did what they told me to do, but it didn´t fix the re-creating problem. I hope its gone know. gr, Rodo
Good job, rodo. Don't hesitate to post your log in case it has the nerve to show up again. Regards, Pieter
Hi, TDS detects both variants of this, but we weren't sent a copy of the DLL, SBSRCH_V22.DLL If you have a copy of that, please do send it in to support@diamondcs.com.au , thanks