Author Topic: Trojan?  (Read 4908 times)

0 Members and 1 Guest are viewing this topic.

Ro!

  • Guest
Trojan?
« on: July 05, 2006, 02:32:15 PM »
Hello!

i use P4 (3gig), 1G Ram, ATi X600 - XPpro SP2, protected with Zonealarm & Avast4home. I browse with opera, mail client is thunderbird. Worked fine till yesterday


Yesterday stops my Thunderbird to work, after many :
"Win32:Small-EK [Trj]" has been found in "http://85.255.117.124/users/rainy/web/images/logo.jpg"
 It will not start, hoewer, it runs in background and uses 95% of CPU. There ware allso some stupid bookmarks in IE viagra, rolex.....
Allso my e-banking application has same simptoms, as Thunderbird.
i tried some Progs:
Avast4home stops on zonelabs folder
Panda activescan stops on desktop.ini
Spyboot S&D stops on sober
panda quickremover stops on zpy.dll
I can not install Adware - instalation hangs.
 :'(
Sorry for my poor english & HELP! PLEASE!

Regards from Slovenija,
Robert
« Last Edit: July 05, 2006, 02:33:59 PM by Ro! »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89238
  • No support PMs thanks
Re: Trojan?
« Reply #1 on: July 05, 2006, 03:17:11 PM »
The location of the virus is shown as an internet URL, this means that the Web Shield intercepted it before it was saved to your browser cache. The only option given would have been to 'abort the connection,' effectively stopping it being saved to your hard disk.

So that particular virus shouldn't be on your system, however I have no idea if there is anything else.

You can also schedule a boot-time scan from within avast, right click the avast icon, select Start avast! Antivirus, Menu, 'Schedule boot-time scan...'

Panda's on-line active scan creates a folder 'activescan' and installs virus signature files in your windows\system32 folder these aren't encrypted, these files will be detected in future avast scans. Something to remember. Perhaps best to remove Panda's active scan completely and use another on-line scanner as a back-up. On-line Virus Scanners and other useful Links Security-Ops.eu.tt

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode Ewido anti-spyware, hopefully at some point you will be able to install AdAware.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Trojan?
« Reply #2 on: July 05, 2006, 03:59:20 PM »
Hi Ro!

You could check the following:
Manual TrojanDownloader.Win32.Small.ek removal:
Kill process manage.exe
Delete file manage.exe

And this info:
http://www.sophos.com/virusinfo/analyses/trojsmallek.html


That is all,


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Ro!

  • Guest
Re: Trojan?
« Reply #3 on: July 05, 2006, 04:45:12 PM »
HI!

@polonus:
i have no process manage.exe running

@DavidR:
Ewido hangs allso, at file system.ini.

One more thig:
my explorer.exe (proces) uses some 98% of CPU!!

Anny ideas?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89238
  • No support PMs thanks
Re: Trojan?
« Reply #4 on: July 05, 2006, 05:08:55 PM »
I'm at a loss as to what else to suggest as your system seems very compromised.

Have you run a boot time scan with avast ?
Did you run Ewido from safe mode ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Spiritsongs

  • Guest
Re: Trojan?
« Reply #5 on: July 05, 2006, 06:19:40 PM »
 :)  Hi Robert :

     That "85.255.117.124" I believe is from a major spyware
     company and most likely you should be asking for help on
     the forums of your antiSPYWARE Provider.
     However, a Google "search" revealed a similar post as
     yours by a "crestasoul" who said they had Kaspersky
     which they are unsure if it was COMPLETELY removed from
     their computer !?
     And if you have the latest version ( 6.5 ) of Zone Alarm, it
     has been causing problems for many Users, causing some
     to go back to an earlier version, such as 6.1 or 5.5 .

Ro!

  • Guest
Re: Trojan?
« Reply #6 on: July 05, 2006, 08:18:59 PM »
Hi!

After some undo actions, made with Hijack this, i am under bothering from:
Adan-094, 078
Small-EK
Found allso Trojano-1269 on my HD


Ewido found this:
Trojan.DNSChanger.ek
Downloader.Agent.uj

Somewehere on net i found som wareout fix toll. Since than i can open my Windows folder.
Before this fix was this not possible.

Hijack finds allso some exe files in Windows/system32. they change  name after each reboot ( at the moment: yydsz.exe)


@DavidR
Have you run a boot time scan with avast ? - yes
Did you run Ewido from safe mode ? - yes

Ro!

  • Guest
Re: Trojan?
« Reply #7 on: July 05, 2006, 08:35:16 PM »
HEY!
Thunderbird and e-bank application are running! Could this wareout fix repair it?
However, stil got problems, posted above