Virus/Trojan Help. Please Help Me Out.

These trojans are making me insane. 100% CPU usage even if no program is open. They use my computer to host whatever it is they do(probably porn). They have 4 processes (misspelled) running and if I end them they make my computer shut down. A counter pops up saying 1 min to shutdown. SCVhost.exe is what it is. If there is anyway you could help me I would be undyingly greatful.

The viruses are below.

JAVA_BYTEVER A-1 -Troj/Femad-B uses the byte verifier vulnerability in unpatched versions of Internet Explorer to drop and execute the file C:\web.exe.

BKDR_LT -Troj/Litmus-AS is a backdoor Trojan that runs in the background as a system process and allows unauthorised remote access to the computer via an IRC network connection.

The Trojan copies itself to C:\Windows\Server as svchost.EXE and adds an entry to the registry at:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LTM2
run itself on system restart.
The Trojan may also attempt to steal passwords.

Heres is a pic on the processes. Check it. Might help.

http://www.fatalinfliction.com/upload_files/virusproblempic.jpg

I have the following programs...
Spotbot
Ad-Aware SE
Nortan Antivirus
Nortan Internet Security
HJT

None of which have helped the problem. Went to Tran and tried to do a scan but it won't let me.

Thanks for any help you can give me.
~Jinn

 

Hi Jinn

Try this: Click start > run > type "shutdown -a" > click ok, and see if this takes care of the shutdown's when you try end the processes you describe.

If it works, you can then try a couple of online scanners like:

http://www.pandasoftware.com/activescan/

http://housecall.trendmicro.com/

http://support.f-secure.com/enu/home/ols.shtml

You might have to shutdown your anti-virus when using the online scanners, but you should of course turn them on again right after using these.

After this you might want to take a look at a post about General cleaning

Hope this helps.

 

Thanks a bunch Don. The shutdown -a works well but the exe just pops back up after I end them.
I used all 3 sites and ran a full scan and found these. They say they are small but still havn't been removed.
The other 2 main viruses have not been removed and continue to piss me off. Makes my sexy computer run slow....

All help is greatly appreciated!
Thanks again Don.
~Jinn

 

Hi Jinn, welcome to Wilders.

Can you please follow the comprehensive steps found in General Cleaning.

If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

Hope this helps...

Let us know how you go.

Cheers

 

Your welcome Jinn. Use the steps in the post about General Cleaning , this very week i helped a friend who lives a couple of hours from me over the telefone doing these very comprehensive steps.

The result was over 1000 (we stopped counting after 1000) viruses, trojans, worms adware/spyware found, and a friend who was shocked (who is now protected by a dedicated anti-virus, anti-trojan and a spyware-monitor ) the computer is back to it's "sexy normal state", which is almost a miracle.

The steps might seem overwhelming, but are usually well worth the time spent on it.

BTW. Many of viruses could only be deleted in safemode (described in the General Cleaning thread). I wish you luck.

 

You could try TDS-3 evaluation version, it works for 30 days only and has some limitations, but I'm pretty confident it can eliminate all the trojans from your system.

http://www.diamondcs.com.au/tds/downloads/tds3setup.exe

 

I'll do the General Cleaning, and your right, it is a bit overwhelming, but I'd like to get rid of this virus so I'll take the time.
I'll also try the TDS-3.
Thanks for the help ya'll.
Hope this works!
~Jinn

 

Jinn,

I'm curious. On the screenshot you indicate a few processes as culprits, but none of them are responsible for the 100% CPU utilization shown (at least at the time of the screenshot).

Have you taken a peek with ProcessExplorer in which the image path and command line (selectable under View>Select columns) are shown? I've found that a useful exercise, particularly in identifying whether multiple instances or processes are protecting each other.

Blue

 

Zanetti- Thanks but the virus, which was listed on Sophos.com hides its self as a java, but is actually hosting stuff throguht my computer. So it takes the biggest program open and says that it is the one causing 100% CPU usage.

Kerbos- Why the helk did you post this on my thread? (this post has been split-off to it's own thread here- BlueZannetti)

 

sorry, blimey, already gotten up someones nose within half an hour of joining the forum . great.

 

Kerberos,

No worries. Problem fixed. Welcome to Wilders!

Jinn,

Not quite sure what you're saying here - does this exploit replace TaskManager with it's own app? Suggest you run ProcessExplorer. It's a standalone app. See what it says.

Blue

 

Blue, I don't exactly know how to run the Proccess thing that you posted. Could you explain to me how its done?

Also I just did the General Cleaning 2 times! Waste of 2 and a half hours of my life. Lol. Anyways....3rd times the charm I guess...I hope anyways.

~Jinn

 

Sorry to double post, but 3 times and it hasn't stopped this virus. I can't beleive how irritating this virus is. I think this is when I spot a HJT log?
~Jinn

 

General Cleaning fixes 95% of what’s out there through simple steps that anyone can follow, unfortunately you have struck the 5% which requires a HijackThis Log. Often if you first ran HJT you would have to wait a few days for someone to look at your log at one of the A-SAP forums for a simple Trojan/Virus removal, thus running through General Clean even a single time begins to resolve 95% of what’s out there.

In addition to this General Cleaning has the person heading in the right direction as to the use of security software and at the end has links to further discussions on securing their computer so that they will not find themselves in the same situation again.

Correct.

Would appreciate you keeping us in the loop as to your progress as we all learn this way…

Cheers

 

Thanks for clearing that up Blackspear. Heres the log. I'll post it in the HJT thread soon.

~Jinn

Mod Note - HijackThis log (attachment) removed. Jinn, I believe you may have misunderstood Blackspear's reply above (Post #14) regarding the posting of a HJT log. He did not request you post/attach a hijackthis log. Please see his following reply (Post #17) for links to the forums that do offer HijackThis log review services. - snap

 

I post the HJT but the HJT thread is gone.
https://www.wilderssecurity.com/showthread.php?t=42148

Before doing the General Cleaning I posted a HJT thread and was deleted.
I recieved his PM.
"Sorry Jinn but we no longer process HJT logs except when requested by a moderator or Admin, This usually only occurrs because we feel their are special circumstances that we can all learn from."

So Blackspear are you an admin or moderator? Because I'd rather not have my thread deleted. Lol.

 

As I said here, unfortunately you are 1 of the 5% and as such you will need to continue with what General Cleaning advises and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

Cheers.

Blackspear.

 

Will do Blackspear.
Thanks again!
~Jinn