Trojandropper.yyyy

Discussion in 'Trojan Defence Suite' started by jaredite, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. jaredite

    jaredite Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    7
    I have TDS-3 installed in my system and updating daily except Saturday and Sunday but why did this trojan "Trojandropper.yyyy" able to infect files in my system it say positive identification imbedded in file. Now my question is do I :oops: reformat my hard drive and lost all my data and programs that's been infected or I can clean my system.

    Thanks for your help in advance
     
  2. Mr. Hrmm

    Mr. Hrmm Guest

  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, please update to the latest radius, and scan again.
    Now you should not have any alerts anymore caused by that one.
    You might like after the updagte and full system scan to rightclick on one of the alerts and choose "save to text"; copy and paste this scandump.txt into you rnext posting and we'll tell you what could be suspicious and could need any action.
    I would really not like you to reformat, and most certainly not because of an update error!
     
  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi jaredite...

    PLEASE Follow Jooske's advice. ;)

    DO NOT REFORMAT......

    If you have not done an update, do one now, rescan, then

    1] ANY alerts, right click on 'ANYone' of them and Select "Save as Text"
    2] Get alert saying "..saved.. scandump.txt, etc.. like to view" Click YES
    3] Notepad opens copy/paste results back in here.

    TAS
     

    Attached Files:

  5. jaredite

    jaredite Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    7
    Thank you all guys for your help my worries are now over after I did update from the download site specified and when I scan again the alarms are no longer there.

    Just in case you are interested to know what got me really worried I have pasted the content of the scandump that I did before I did the update.

    Thanks to all again for your help.


    Here is the content of the scandump

    Scan Control Dumped @ 16:32:57 16-07-04
    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\symantec shared\ccsetmgr.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\symantec shared\ccevtmgr.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\eset\nod32krn.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\symantec antivirus\rtvscan.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\symantec antivirus\rtvscan.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\myie2\myie.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\symantec shared\ccapp.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\progra~1\symant~2\vptray.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\winnt\system32\wuauclt.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\moroni\update.exe

    Live trojan found (in process memory):
    File: C:\WINNT\System32\smss.exe

    Live trojan found:
    File: C:\WINNT\system32\winlogon.exe

    Live trojan found:
    File: C:\WINNT\system32\services.exe

    Live trojan found:
    File: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    Live trojan found:
    File: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    Live trojan found:
    File: C:\Program Files\Eset\nod32krn.exe

    Live trojan found:
    File: C:\WINNT\system32\regsvc.exe

    Live trojan found:
    File: C:\WINNT\system32\MSTask.exe

    Live trojan found:
    File: C:\WINNT\System32\WBEM\WinMgmt.exe

    Live trojan found:
    File: C:\WINNT\Explorer.EXE

    Live trojan found:
    File: C:\WINNT\system32\Smtray.exe

    Live trojan found:
    File: C:\Program Files\MYIE2\MyIE.exe

    Live trojan found:
    File: C:\Program Files\Eset\nod32kui.exe

    Live trojan found:
    File: C:\PROGRA~1\SYMANT~2\VPTray.exe

    Live trojan found:
    File: C:\Program Files\SoftKey\Calendar Creator 4.0\CCSCHED.EXE

    Live trojan found:
    File: C:\WINNT\system32\wuauclt.exe

    Live trojan found:
    File: C:\WINNT\msagent\AgentSvr.exe

    Live trojan found:
    File: C:\Program Files\MORONI\update.exe

    File Trace: Default trojan filename: Keylog.GOD
    File:

    File Trace: Default trojan filename: RAT.Cabronator
    File:
     
Thread Status:
Not open for further replies.