TrojanDownloader:Win32/VB.Q

Discussion in 'malware problems & news' started by jb123, Dec 31, 2003.

Thread Status:
Not open for further replies.
  1. jb123

    jb123 Guest

    newbie here.....any suggestions on removing this....this.... sob o_Oo_O

    tech
    jb123 (Senior Member) (IP)

    (12-31-2003 03:54 PM) report / quote / edit (#10)

    well.....here are the rav results....any easy removal suggestions......or should i do the above mentioned scan??


    Scan started at 12/31/2003 10:46:48 AM

    Scanning memory...
    Scanning boot sectors...
    Scanning files...
    C:\WINDOWS\SYSTEM32\Zjkr5h.exe - TrojanDownloader:Win32/VB.Q -> Infected
    C:\WINDOWS\SYSTEM32\Urm2.exe - TrojanDownloader:Win32/VB.Q -> Infected
    C:\WINDOWS\SYSTEM32\Ehz5v20W.exe - TrojanDownloader:Win32/VB.Q -> Infected
    C:\WINDOWS\SYSTEM32\WofE5.exe - TrojanDownloader:Win32/VB.Q -> Infected
    C:\WINDOWS\SYSTEM32\JtaALqr.exe - TrojanDownloader:Win32/VB.Q -> Infected
    C:\WINDOWS\SYSTEM32\Ere6Z.exe - TrojanDownloader:Win32/VB.Q -> Infected

    Scanned
    ============================
    Objects: 6838
    Directories: 194
    Archives: 11
    Size(Kb): 1054046
    Infected files: 6

    Found
    ============================
    Viruses found: 1
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 1
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi jb123,

    Download and run this file to fix Peper Trojan:
    http://home01.wxs.nl/~kleyn080/uninst.exe
    double click on 'uninst.exe', let it run and terminate.
    To delete all the associated files download the following tool:
    http://www.mjc1.com/files/mo/drpeper.html
    It will self extract to C:.
    Find :
    C:\drpeper\Find backup and Delete Peper files.vbs file and double click.
    On the first prompt copy and paste:
    Select one of the filenames in the running processes.
    And hit ok.
    You will get a confirmation and proceed:
    On the second, paste:
    Type in the filename where the startup entry points to.
    And hit ok

    It will find all the files, delete them and will make backups in the same folder.
    It'll open a text file (Peper.txt) with the list of all files deleted.
    Check that .txt file to see if no legitimate files were removed.

    If you are unsure which filenames to use, please follow instructions here: http://www.wilderssecurity.com/showthread.php?t=15913

    With the help of the HijackThis log I can help you find the filenames you need.

    Regards,

    Pieter
     
  3. FredvanS

    FredvanS Guest

    I have difficulty removing TrojanDownloader.Win32.Dyfuca.o
    Any suggestions? Help! o_O
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Follow the instructions in this post:
    http://www.wilderssecurity.com/showthread.php?t=15913
    and start your own thread in that section.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.