Author Topic: Win32:Trojano-2502 [Trj] Alert help  (Read 41719 times)

0 Members and 1 Guest are viewing this topic.

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #30 on: September 26, 2005, 02:06:13 AM »
What are you confused about? my crystal ball is on the blink ;D

I was confused because the alert box did go away when I moved it to the chest. But now it seems that apparently I only thought my problem was gone! (That's what I get for thinking)!!

Ok--I'm going to try what you said, although it probably won't be until tomorrow cuz I've got to eat dinner now. It's just a little late--8:00 here on the east coast!

Thank you AGAIN.....Gina

Spiritsongs

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #31 on: September 26, 2005, 06:59:23 PM »
 :) Hi GinaPA :

    Having read through this thread & coming from an anti-
    spyware "orientation", it seems you should ask for help
    from experts on the forum of your anti-spyware app !?
    If you have Ad-Aware, go to www.landzdown.com and if
    you have Spybot,
    http://forums.net-integration.net/index.php? . Both forums
    have experts in the use of the HijackThis program, which
    may be needed to remove whatever you have, which may
    be more that what is showing up on your scans !?

KimG

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #32 on: September 27, 2005, 01:31:34 PM »
Hi everyone, I'm a newbie here.  I came here as a last resort, and I have the exact same problem as Gina!  I have a little different twist, though.  When I schedule a boot-time scan, the scan completes correctly, but when the results appear and I'm given choices about whether to delete, delete all, etc., my computer locks up and my only option is to reboot, at which time I cannot get Avast to move or delete the Trojan because the file is in use when Windows starts.  Running in safe mode will not allow its removal, either.  I've tried everything that was suggested here on the forum, but nothing has worked.  This has been going on for days, and I'm perplexed as to what I should do next.  I even downloaded AVG to see if I had better luck with the removal, but still no success.  I did Symantec's online scan, which gave me the same results, and suggested that it came from someone clicking on a link in Instant Messenger, which my daughter uses for hours every day, although she swears she has never clicked on any links nor downloaded files via IM.  I followed Symantec's instructions for removal using the registry, but the files they told me to look for aren't even IN my registry---or at least, they don't say they are associated with this particular Trojan.  I have my doubts as to whether it's possible to remove it that way, anyhow, since it always seems to be in use when Windows is running.  Any further advice, before I go stark raving mad?  Thanks!!
Kim G

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #33 on: September 27, 2005, 01:42:21 PM »
KimG, can you post the name of the infected file and full path?
Which action did you take that freeze the computer at boot time?

Please, uninstall avast! to use AVG otherwise they will conflict.
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #34 on: September 27, 2005, 02:13:34 PM »
Kim,

The computer may freeze during a boot time scan if you are using a cordless mouse. (The mouse driver isn't loaded during the scan.) Try plugging in an old corded mouse if you have one.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #35 on: September 27, 2005, 05:17:06 PM »
Quote
suggested that it came from someone clicking on a link in Instant Messenger

Your daughter may indeed be innocent (at least this time!!!  ;) ) --I haven't used an instant messenger in ages so I couldn't have gotten infected that way. I'm suspecting I picked up the worm from a website I visited because I also never open e-mail attachments.

BTW....My computer still seems to be acting OK [A big thanks and applause]--no warnings yesterday or today--(But I still cringe out of fear that it will happen for the first hour or so after I boot up)!! That was the first infection I've ever had in 8 years of owning a computer and I don't EVER want another one!.......Gina

ASB

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #36 on: September 28, 2005, 12:09:01 AM »
I seem to be having a similar problem.
Last night, I clicked on delete at startup. From the log, it appears it's still there.
The problem today is that when I booted my laptop, I didn't see anything but the background on my screen - no icons, etc. - and had to use task manager to get into things.
Does anyone have any idea what I did do, if I still have the trojan, and what might work to fix this?

This is what part of my log says:


9/26/2005   9:06:11 PM   1127786771   SYSTEM   1836   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/26/2005   9:38:11 PM   1127788691   SYSTEM   1836   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/26/2005   9:43:07 PM   1127788987   SYSTEM   1836   AAVM - scanning warning: x_AavmCheckFileDirectEx: http://update-spui.nscpcdn.com/update/safetynet.2005.09.26.xpi (C:\WINDOWS\TEMP\_avast4_\PxB539.tmp) returning error, 0000A474. 
9/26/2005   10:10:11 PM   1127790611   SYSTEM   1836   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/26/2005   10:42:10 PM   1127792530   SYSTEM   1836   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/27/2005   3:52:57 PM   1127854377   SYSTEM   1536   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/27/2005   3:53:59 PM   1127854439   SYSTEM   1536   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 
9/27/2005   4:26:43 PM   1127856403   SYSTEM   1536   Sign of "Win32:Trojano-2502 [Trj]" has been found in "C:\WINDOWS\Downloaded Installations\dbimg.dll" file. 

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #37 on: September 28, 2005, 06:03:20 PM »
Quote
This file is under a system folder (windows) and the system, for precaution, ask a second time.
Deleting a necessary file could avoid the system to boot.

Now my neighbor is infected with trojano 2365 so here I am asking for your help once again!

She ran into the same problem that I did where Avast asked if she is sure she wants to delete an infected file. This came up after she initially chose "repair all" and got a message stating "repair error 42060." Selecting "move all" did nothing either. Can she select "delete all" in this case? And if you select delete, does this mean it will only delete the worm or could it delete an important file and disable your computer??  Please help-- Although my computer is running fine now, my mind was so boggled that I forget how I finally did end up getting rid of trojano 2502!! Thanks.......Gina

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #38 on: September 28, 2005, 07:17:31 PM »
Can she select "delete all" in this case? And if you select delete, does this mean it will only delete the worm or could it delete an important file and disable your computer??
The better will be running avast! at normal Windows section and send the files to Chest for further analysis and to check if the system will be harmed.
It will be better than running a boot time scanning with a lot of infected files. At that time, boot time, the Chest is not available.
Can you boot, login Windows and run avast?
The best things in life are free.

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #39 on: September 28, 2005, 09:56:55 PM »
I just came back from her house and hopefully got her straightened out--thanks to all the help you all gave me in getting rid of my worm! Once I saw her Avast boot-time scan window I recalled what you told me to do. Afterwards, I stayed to make sure her computer was running fine for quite awhile before I figured it was OK to leave.

Thanks (AGAIN) for your help! As for me, I've gone back to using Foxfire and Thunderbird--I can't use the emoticons here now (guess they're only designed to work with IE), but that's OK. I'll gladly sacrifice some minor perks on a few websites here and there for security (I'm not kidding myself, I know FF and Thunderbird has had a few breaches reported, but considering that no browser is 100% safe, I got to go with one that I feel is MUCH more secure)........Gina

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #40 on: September 29, 2005, 12:40:13 AM »
The emoticons work just fine with firefox if you have the latest version or any one from about 1.0.4 on I think latest version is 1.0.7  :)

I still use the firefox BBCode extension quicker to use and stay in the Quick Reply window as it has the editing tools.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #41 on: September 29, 2005, 01:33:00 AM »
Quote
I still use the firefox BBCode extension

Thanks! I'm going to have to look into that.......Gina  :)

bABy`ziE

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #42 on: September 29, 2005, 01:08:22 PM »
hye, I also have the same problem... my laptop is infected by the same virus name but its not trojano-2502... its win32:trojano-2365[trj]... I'm using windows XP pro service pack 1. I did the boot-time scan.. it ask me weather I'm sure or not to delete the infected file. I choose delete.. then my laptop booted just fine... I thought it was ok but just to be safe, I did the scan again in windows... Avast! detect the same file again at the same directory !!! Please, I dont know what else to do... the name and the directory of the file infected is C:\WINDOWS\System32\Remon.sys when ask to move to chest, it cannot move the file because it is being used by another program but I already did the boot-time scan !!!!

I AM SO HELPLESS RIGHT NOW !!!!
PLEASE HELP !!!
 :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(
« Last Edit: September 29, 2005, 01:55:26 PM by bABy`ziE »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #43 on: September 29, 2005, 01:54:09 PM »
hye, I also have the same problem... my laptop is infected by the same virus name but its not trojano-2502... its win32:trojano-2365[trj]... can i do the same step as the others?? I mean run a boot-time scan for this virus...
Do you have Windows XP in your laptop? If so, go ahead.
I'd like to suggest you to run, first, a full scan of avast! into Windows, sendind infected files to Chest, then the boot time scanning for residual infections.
The best things in life are free.

bABy`ziE

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #44 on: September 29, 2005, 01:56:25 PM »
hye, I also have the same problem... my laptop is infected by the same virus name but its not trojano-2502... its win32:trojano-2365[trj]... I'm using windows XP pro service pack 1. I did the boot-time scan.. it ask me weather I'm sure or not to delete the infected file. I choose delete.. then my laptop booted just fine... I thought it was ok but just to be safe, I did the scan again in windows... Avast! detect the same file again at the same directory !!! Please, I dont know what else to do... the name and the directory of the file infected is C:\WINDOWS\System32\Remon.sys when ask to move to chest, it cannot move the file because it is being used by another program but I already did the boot-time scan !!!!

I AM SO HELPLESS RIGHT NOW !!!!
PLEASE HELP !!!
 :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(  :'(