Author Topic: win32:trojano-25...  (Read 5120 times)

0 Members and 1 Guest are viewing this topic.

diligentdave

  • Guest
win32:trojano-25...
« on: February 27, 2004, 01:10:13 AM »
having trouble deleting this virus even with avast....help!!

whocares

  • Guest
Re:win32:trojano-25...
« Reply #1 on: February 27, 2004, 09:15:30 AM »
Hi,

what WIN do you have ?
please post the complexte and EXACT name of the virus
Where exactly was the infected File found  (full pathname and filename) ?

test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)


-remove the Virus/Malware and it's system modifications according to VirusInfos from Avast, VGREP, TrendMicro, Kaspersky; you might also try searching for the virus name or filename with google

general removal procedure:
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean ;)
 ;)

diligentdave

  • Guest
Re:win32:trojano-25...
« Reply #2 on: February 28, 2004, 12:41:35 AM »
Running WinME
Keep finding the file in the_RESTORE/TEMP files...usually a .CPY file that wont let you delete.
Ran AVG virus scanner as well and that came up with the same thing,although it said that it was a "trojan horse downloader.vb.bs"
Changed size of system restore file,disabled system restore and rebooted.
_RESTORE/TEMP file now empty,presume that has delted trojan,but...keep finding it popping up in temporary internet files folder for internet explorer IE5 in the contents folder under some obscure folder called 0H2BOLAJ

Milton

  • Guest
Re:win32:trojano-25...
« Reply #3 on: February 28, 2004, 05:21:56 AM »
Wow, same problem exactly. I'm surprised you haven't had more responses.

Still looking for a solution.

Using Win XP Pro.

I can't find any information on Google, Symantec, etc. Only the Avast! website referenced it but no details about it.

Virus is "Win32:Trojano-025 [Trj]" as listed by alwil at:http://www.avast.com/i_idt_1404.html, discovered on Feb 25th ("VPS 0402-2, 25.02.2004").

The virus isn't "found" in one place, it seems to have quite a few of it's own files or files it infected.

I ran a scan on the entire system prior to boot-up. Avast! found the virus - I "moved" some references, "deleted" others. Most were found in the restore* directory as stated above.

See attached... (hmmm, can't seem to attach a 100KB jpg).
« Last Edit: February 28, 2004, 05:25:56 AM by Milton »

whocares

  • Guest
Re:win32:trojano-25...
« Reply #4 on: February 28, 2004, 01:46:17 PM »
Hi,

- disable system restore as stated above
- do all windowsupdates  and secure/change your Browser, otherwise it will reappear again
 ;)

SwedishGuyOne

  • Guest
Re:win32:trojano-25...
« Reply #5 on: February 29, 2004, 04:49:57 PM »
I´m facing the sam kind of problem. I disabled the System Restore, but how do I update Windows ME if there are no new updates?

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:win32:trojano-25...
« Reply #6 on: February 29, 2004, 06:28:20 PM »
It also spread via P2P IRC and so on. Just end the Malwareprocess and delete the file reportet as Trojano or let Avast delete the file in windows safe mode.
MfG Ralf