Win32:Small-HTC [Trj] & Win32:Dialer-gen. [Trj]

[mauserme]

Open the Folder Oprions in the Control Panel.  On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files is not checked.  Click OK.

Now see if you can find these files

c:\windows\system32\wupdmgr.exe
c:\windows\system32\dllcache\wupdmgr.exe

If found upload them to Virus Total for analysis and post the results.

Note:  There should be files of this name in both locations.  I want to make sure they're not missing and, if present, they haven't been patched.

Is there any change in the way your computer is running?

[cupladays]

c:\windows\system32\wupdmgr.exe

I found it:

Virus total scan:

File wupdmgr.exe received on 10.21.2007 14:31:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 48 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.20 -
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.21 -
AVG 7.5.0.488 2007.10.20 -
BitDefender 7.2 2007.10.21 -
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.20 -
DrWeb 4.44.0.09170 2007.10.21 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.21 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.21 -
Ikarus T3.1.1.12 2007.10.21 -
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.21 -
Prevx1 V2 2007.10.21 -
Rising 19.45.62.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.21 -
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.20 -
Webwasher-Gateway 6.6.1 2007.10.20 -
Additional information
File size: 32256 bytes
MD5: 5c382832cc8da8d940bb902c5c656dfb
SHA1: cd4311561187ea699d9a9cc375b2b5b3fed4300f

[cupladays]

c:\windows\system32\dllcache\wupdmgr.exe

I cant find this one at all??

Regards,

[mauserme]

And what is the status of things at the moment?  Still with malware alerts?

[DavidR]

c:\windows\system32\dllcache\wupdmgr.exe

I cant find this one at all??

Have you elected to have, system files, hidden files and folders displayed

[cupladays]

Hi again,

Things have been quiet on the alert front. Here is the last events from the log viewer:

16/10/2007 10:33:39 PM   P & J Harmen   804   Sign of "Win32:Ircbot-CDT [trj]" has been found in "C:\Documents and Settings\P & J Harmen\My Documents\My Received Files\album59.scr" file. 
11/10/2007 11:54:12 PM   P & J Harmen   528   Sign of "Win32:Ircbot-CDT [trj]" has been found in "C:\DOCUME~1\P&JHAR~1\LOCALS~1\Temp\Temporary Directory 1 for album59.zip\album59.scr" file.

So nothing since the 16/10/2007

Yes I had elected to have the system files, hidden files and folders displayed

I still have to change over to Comodo from Zonelalarm free - I will do that tonight

Regards

[cupladays]

Hi again,

Changeover from Zonealarm to Comodo complete.

In regards to Comodo as Im a new user are there any specific fine tuning/adjustment of settings you would recommend straight away I should do? At the moment apart from the usual pop up checks and confirmations - It is set to the default. But all seems OK so far.

As far as the trojans (etc) are there any other instructions to follow? Do you reckon I'm clean?

Regards

[Lisandro]

Im a new user are there any specific fine tuning/adjustment of settings you would recommend straight away I should do?

The ammount of popups could be configurated into Comodo settings.
Also, do you use a P2P program?

[mauserme]

As far as the trojans (etc) are there any other instructions to follow? Do you reckon I'm clean?

Yes, I think you are clean.  There are just a few more steps to tidy things up.

Open OTMovIt one last time, then click the Clean Up button to remove some of the tools (and backups) we've used.


Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to log off at the end.  Click Yes, then log back in.


Now we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean.

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the old ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done


Finally, you should have a copy of wupdmgr.exe in your dll cache.  Since we've established the one in system32 is clean, copy the file from

c:\windows\system32\wupdmgr.exe

to

c:\windows\system32\dllcache\wupdmgr.exe


Then if the main file ever gets corrupted Windows will have the copy it needs to replace it.


Good luck and safe surfing

[cupladays]

Hi again,

Tech - You asked about P2P - Yes, limewire is on this P.C. As for the Comodo settings - I am operating on default at the moment. Can you guide me with any known recommended setting adjustments that I should be aware of that is different from the default.

mauserme - Well , all is done. I have completed all of the last steps as per your last instruction. Still no new Avast logs still since 16/10/07. Amazing. Cant believe we were chasing these bastards around for so long. Lets hope thats the end of it.

I guess that means we are at an end for this thread eh? Thanks for all the guidance, special thanks to all you guys that helped me out!

If I have any more issues Ill be in touch. Lets hope not!

Regards - Cupladays.

[Lisandro]

Tech - You asked about P2P - Yes, limewire is on this P.C. As for the Comodo settings - I am operating on default at the moment. Can you guide me with any known recommended setting adjustments that I should be aware of that is different from the default.

Limewire is not as safe as eMule in my opinion.
eMule can run in a virtual account with non-admin privileges.
To connect into eMule network with a high ID (faster downloads), you must configure your firewall opening eMule ports.

[cupladays]

emule or emuleplus?

[Lisandro]

emule or emuleplus?

eMule, the original one.

[cupladays]

Ta!