Author Topic: Win32:atraps Trojan Infection - Essexboy remedy  (Read 4090 times)

0 Members and 1 Guest are viewing this topic.

Zombie Evolved

  • Guest
Win32:atraps Trojan Infection - Essexboy remedy
« on: July 09, 2012, 06:26:27 PM »
Hi there this is a new type so the first run will not kill it all the the main driver is not showing in OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Download the attached fix.txt to your desktop

Run OTL
  • Press Run Fix button at the top


  • A dialogue will open
  • Navigate to and select the fix.txt that you downloaded
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


I have ran the fix in OTL and rebooted.  I am at this step:

"Open OTL again and click the Quick Scan button. Post the log it produces in your next reply."

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #1 on: July 09, 2012, 06:58:53 PM »
dont copy and paste logs.....attach.....or it will take 10 posts with copy an paste

Zombie Evolved

  • Guest
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #2 on: July 09, 2012, 07:01:13 PM »
dont copy and paste logs.....attach.....or it will take 10 posts with copy an paste


OK I have attached the log.
(it also created a second text file called "Extras" which I havn't been instructed to post.)
« Last Edit: July 09, 2012, 07:04:54 PM by Zombie Evolved »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #3 on: July 09, 2012, 07:06:47 PM »
attach that also.....also attach aswMBR and malwarebytes

see here.  http://forum.avast.com/index.php?topic=53253.0

Zombie Evolved

  • Guest
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #4 on: July 09, 2012, 08:21:29 PM »
posted is the attached "extras" text from OTL.

I disabled Avast and I ran combofix.
It ran  then did a system reboot.
However when my system rebooted it did not open a log for me.
Combofix began running a scan and after 20 mins it froze.
...I'm thinking it may have been because I did not have Avast disabled that time though.

So I may still need help.



Avast however  is no longer displaying any detections  of the infection.
So far that gives me the impression that ComboFix was successful although it did not display a log.
I will run malwarebytes now and post a log next.
« Last Edit: July 09, 2012, 08:56:28 PM by Zombie Evolved »

Zombie Evolved

  • Guest
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #5 on: July 09, 2012, 08:54:46 PM »
attached is newest log.

no malicious threats detected.

that is good however i received one alert from Avast during the scan that was about another Trojan infection threat detected but
different from the 2 that I just got rid of.  A new one.   This one was called rootkit.

now it appears to be gone.

Strange that after reviewing several other posts in this forum about these infections it seems that the 3 all mostly happen together in a cluster like this.   The 3 being Win32:atraps and Win64:sirefef  followed by the rootkit.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #6 on: July 09, 2012, 09:07:36 PM »
Did I post a fix for this one ... Or am I going doolaly

Zombie Evolved

  • Guest
Re: Win32:atraps Trojan Infection - Essexboy remedy
« Reply #7 on: July 11, 2012, 03:28:59 AM »
Did I post a fix for this one ... Or am I going doolaly

Essexboy, I have used the FIX that you had posted.



No problems detected now.  Thanks!  :)


The only weird thing that happened was I ran some scans just to be sure.
First Malwarebytes' Anti-Malware and the result was no items detected.
Second I ran OTL and same.  Received good outcome.
Then I moved on to run a scan with aswMBR.exe and as soon as I clicked SCAN my computer crashed.  (blue screen)
Upon reloading I was alerted by the Windows Security Alert with a box reading "No Firewall is Turned On".
I have never seen that happen before.  Strange wording too.  ... is turned on?  ... IS turned on?

No apparent problems though so perhaps just a strange coincidence as a result of having ran so many scans back to back without reloading.