wont delete win32/trojandownloader.purityscan

Discussion in 'NOD32 version 2 Forum' started by stefdapimp, Sep 24, 2007.

Thread Status:
Not open for further replies.
  1. stefdapimp

    stefdapimp Registered Member

    Joined:
    Sep 24, 2007
    Posts:
    4
    nod32 found "a varient of win32/trojandownloader.purityscan" in operating memory and it wont let me do anything with it but "leave" it. i thought i could just delete it in safe mode but nod32 wont scan operating memory in safe mode i get an error. is there way to make it work in safe mode? what do i do?
     
  2. ASpace

    ASpace Guest

    Just boot in Safe Mode and make NOD32 perform full scan (Scan&Clean)

    When the threat is found , delete it :thumb:
     
  3. stefdapimp

    stefdapimp Registered Member

    Joined:
    Sep 24, 2007
    Posts:
    4
    hey its me again and its apparent that it wont let me do anything with do anyting but "leave" anything if finds wich is alot and it wont say anyting about why. heres all the malware it found:

    a variant of Win32/TrojanDownloader.PurityScan trojan found in operating memory. System memory infection originated from file C:\PROGRA~1\COMMON~1\MCROSO~1.NET\dexplore.exe.

    C:\Documents and Settings\stefon\Local Settings\Temp\k11u72.exe »NSIS »f10WtR1099.exe - a variant of Win32/TrojanDownloader.VB.AW trojan

    C:\Documents and Settings\stefon\Local Settings\Temp\k11u72.exe - a variant of Win32/TrojanDownloader.VB.AW trojan

    C:\Documents and Settings\stefon\Local Settings\Temp\wr-1-77.exe - probably a variant of Win32/TrojanDownloader.Small.EQN trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\81IZG1UB\83122[1].exe »NSIS »func.exe - Win32/TrojanClicker.Small.JF trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\81IZG1UB\83122[1].exe - Win32/TrojanClicker.Small.JF trojan - quarantined

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\81IZG1UB\installer[1].exe - Win32/Adware.CommAd application - quarantined - deleted

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\85YVCD2J\k11u72[1].exe »NSIS »f10WtR1099.exe - a variant of Win32/TrojanDownloader.VB.AW trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\85YVCD2J\k11u72[1].exe - a variant of Win32/TrojanDownloader.VB.AW trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\89EBCDIZ\tk58[1].exe - Win32/Adware.ZQuest application - quarantined - deleted

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\89EBCDIZ\YazzleBundle-1549[1].exe »NSIS »Yazzle1549OinAdmin.exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\89EBCDIZ\YazzleBundle-1549[1].exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\ARU76NM5\wr-1-77[1].exe - probably a variant of Win32/TrojanDownloader.Small.EQN trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\OHYRS5M3\is68267[1].exe - Win32/Adware.Virtumonde application - quarantined - deleted

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\OHYRS5M3\retadpu[1].exe - a variant of Win32/TrojanDownloader.Agent.BLS trojan

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\OHYRS5M3\WinAntiSpyware2007FreeInstall[1].exe - probably a variant of Win32/Adware.WinFixer application

    C:\Documents and Settings\stefon\Local Settings\Temporary Internet Files\Content.IE5\QRGZC78F\retadpu[1].exe - a variant of Win32/TrojanDownloader.Agent.BLS trojan

    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\Program Files\Common Files\Mіcrosoft.NET\dexplore.exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002024.dll - Win32/Adware.Virtumonde application - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002025.exe - a variant of Win32/TrojanDownloader.Agent.BLS trojan

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002027.exe - Win32/Adware.CommAd application - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002028.exe - Win32/Monitor.Netmon.A application - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002030.exe - Win32/TrojanDownloader.Small.BUY trojan - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002031.dll - Win32/Adware.CommAd application - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP5\A0002037.exe - Win32/Adware.ZQuest application - quarantined - deleted

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP6\A0002114.exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\System Volume Information\_restore{E5AB45CF-0E0E-4AA4-AAB6-DD54D8E9A729}\RP6\A0002115.exe - a variant of Win32/TrojanDownloader.PurityScan trojan

    C:\WINDOWS\retadpu77.exe - a variant of Win32/TrojanDownloader.Agent.BLS trojan

    C:\WINDOWS\system32\vkyf.dll - probably a variant of Win32/Adware.PurityScan application

    C:\WINDOWS\system32\f10WtR\f10WtR1099.exe - a variant of Win32/TrojanDownloader.VB.AW trojan

    C:\WINDOWS\system32\GB9\wrdrvrdl23.exe - probably a variant of Win32/TrojanDownloader.Small.EQN trojan

    C:\WINDOWS\ѕуstem\ѕpool32.exe - probably a variant of Win32/Adware.PurityScan application in the log the word "sy" in system and the "p" in spools are replace with a vertical black bars?

    i was wrong it did delete some of the malware but alot wasnt.
    oh and i figured i should just say for future reference to whoever reads this post that i am almost positive that all of this malware was from lovemyflash.com bc i just reinstalled my windows and that was the first site i visited that i didnt trust completely

    thx in advance for the help
     
  4. stefdapimp

    stefdapimp Registered Member

    Joined:
    Sep 24, 2007
    Posts:
    4
    but on nod32 wont scan my operating memory and theres a thats where the purityscan trojen is, is there way make it where nod32 will scan my o.m. in safe mode?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The trojan is on the disk so if you delete it from there and restart the computer, it won't be loaded in memory either.
     
  6. stefdapimp

    stefdapimp Registered Member

    Joined:
    Sep 24, 2007
    Posts:
    4
    oh alright where should i post a hijackthis log if there is one
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can send it to support[at]eset.com. However, it's better to use Autoruns as it produces more comprehensive logs.
     
Thread Status:
Not open for further replies.