Trojan horse downloader Revop.A

Discussion in 'malware problems & news' started by jimbo76, Mar 17, 2004.

Thread Status:
Not open for further replies.
  1. jimbo76

    jimbo76 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    9
    Location:
    UK
    Hey Guys
    I tried the stuff you gave me last time, i used the hijackthis program and sent in my log, deleted the stuff i had to, but alas no luck, is there anyway to get rid of this sucker, AVG7 has detected it but wont heal ito_O?? any ideas much apreciated
    Keep up the great work on this forum, what would we do without you Jimbo76
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jimbo76,

    Can you tell us where AVG found which file to be this trojan downloader?

    Regards,

    Pieter
     
  3. jimbo76

    jimbo76 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    9
    Location:
    UK
    Hi Pieter
    AVG found it in C:\WINDOWS\system32\notepad.exe
    If thats of any help mate, I hope so.
    Jim
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Could you do a Find Files for notepad.exe
    That way we can see if we can replace the infected copy with an original.

    And let us know your Windows version.

    Regards,

    Pieter
     
  5. jimbo76

    jimbo76 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    9
    Location:
    UK
    Hi Pieter
    Im running XP, did a file search and it couldn't find it, looking more closely at AVG it says backup copy infected if that means anything mate. Jim
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Jim,

    Have a look at this analasys plus instructions ;)

    regards.

    paul
     
  7. jimbo76

    jimbo76 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    9
    Location:
    UK
    hey again guys
    Still dont seem to be able to get rid of it, AVG has also found it in C:\SYSTEM~1\_RESTO~1\RP163\A0035603.exe backup copy, i have both of these in the AVG virus vault but it says "action failed" when i try to heal it, im stumped on this oneo_O
    Thanks guys
    Jim
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Ah, that is in your Restore Points.

    Disable System Restore, reboot, scan and re-enable SystemRestore which should make a new System Restore Point.

    Instructions for System Restore (Windows XP): http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

    Regards,

    Pieter
     
  9. jimbo76

    jimbo76 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    9
    Location:
    UK
    Thanx guys got rid of it, cant thank you enough :D
    Jimbo76
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Good job. Glad we could help. :)

    Pieter
     
  11. DarleneBeavertd

    DarleneBeavertd Registered Member

    Joined:
    Mar 27, 2004
    Posts:
    2
    Location:
    Oklahoma
    I have Win. 98 ver. 4.10.2222A

    I use AVG for my virus protection. It found yesterday 2 hits for a virus. AVG says they healed them. ?? They are shown as: Trojan horse downloader.REVOP.A and Trojan horse downloader.RAMEH.A

    I also wound up with a new icon yesterday on my desktop. It was for Lycos.SideSearch This I did not download. Only thing I downloaded was an updated version of AVG and Spybot. So I used the uninstall in ADD/REMOVE software of control panel.

    However, I'm getting socked by misc. ad windowns popping up, 3 and 4 at a time.

    I also am getting a message on startup that I'm 'Missing shortcut MORZZ5.exe and 1JZR3WPO.exe and would I like to use a like file in their place. I clicked NO and the system came up.

    I tried to use scan disk and defrag. and neither will work. Scan says it can't scan because another program is running. There shouldn't be any running as nothing is open. Defrag just sits there in a loop. Doesn't do anything.

    Any and all help would be appreciated...

    HELP...

    PS: Other than game pages the only site I went to was the IRS page and the weather page. Also the downloads shown above.



    o_O
     
  12. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Hello, DarleneBeavertd, and welcome to Wilders!

    I think it's safe to say that you've been hijacked. Go here https://www.wilderssecurity.com/showthread.php?t=15913 and follow the directions given. Once your log is posted, someone should be with you shortly.

    Good luck!
     
  13. Cosmic Cat

    Cosmic Cat Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    22
    Location:
    England
    Hi all,
    I have a problem with downloader revop too. Have tried getting rid of it by disabling System Restore yesterday but it's back again today. WHAT a headache! Could it possibly be connected to games sites?
    I use Ad-aware and AVG anti-virus to no avail. Not really sure where to go next.
    HELP!!

    :'(


    This is the name of a file that I can't get rid of:
    RESTORE\TEMP\A0000369.CPY
     
  14. Necrophorus

    Necrophorus Guest

    Hello dudes. :) I also have the Downloader.revop.A. my personal feelings about it is that it sucks. I got AVG free edidition. And ive done serch when system restore was turned of. of course i rebooted my pc. Still my AVG wont get it. Ive also tried: The cleaner ( need to try it one more time thougt ), Norton antivirus 2003, TDS, Worm guard and trojan remover. None worked so far :S and when system restore is not working i still cant reach the folder. The folder is: System volume information / restore / A0018701.exe. to answer me ( im a tricky bastard :p use my email: removed)


    I would be very grateful of getting a FULL description of what to do. Thanks // Necrophorus
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Necrophorus,

    I removed your email address. That is not the way a board works. Questions and answers go here, so others can learn from them.

    Now, to your problem. Something is very strange since you stated System Restore was disabled and yet the file is found in a Restore Point.

    Disable System Restore and reboot. Then re-enebale System Restore.
    That should effectively flush the Restore folder.

    Regards,

    Pieter
     
  16. Desparately seekin

    Desparately seekin Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    1
    Hi
    I am new to the game of viruses, but I cleverly have managed to attract Revop.A to my PC, please can I have any help going. I have Window Me and I do not know have to turn off my restore let alone clean up this little darlin - Any help would be gratefully received.
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Desperately seekin,

    Follow the instructions here and start a new topic in that forum:
    http://www.wilderssecurity.com/showthread.php?t=15913

    Besides postiong the log tell us where the file was found (full path and filename)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.