Author Topic: Please Help Me  (Read 5254 times)

0 Members and 1 Guest are viewing this topic.

kp314

  • Guest
Please Help Me
« on: March 19, 2009, 09:10:40 AM »
I ran my Avast tonight and it said that I had 3 win32 Trojan.gen 

It asked me what to do and I picked to quarantine it.  I also noticed that whenever I tried to search something in yahoo it wouldn't allow me to search but instead would always take me to this other website.

After I quarantined it with avast, I restarted the computer and ran the scan again and it came up with nothing.  However the search engine problem still existed. 

I downloaded Spybot and ran that but it came up with no problems.

I looked on here and saw some people recommended SuperAntiSpyware so I downloaded it.

This is where it gets even worse.  I ran the scan and it came up with a Trojan Virus.  Again I quarantined it and restarted my computer as prompted.

When I ran the scan again this time it gave me 5 Trojan Viruses but 3 of them had different names and were Trojan.unknown  Avast still has not turned anything up after the first time.  Once I quarantined these 5 and restarted my problem then I got an even bigger problem.

Now my internet will not load up at all.  When I run the scan it says I have no viruses for any of the 3 scans.  I am able to get on here on my other computer.  I don't know if the computer is still running in safe mode even though I picked to start in normally or what is going on.

Please help me, I have no idea what to do.

Here are the actual names of the viruses I've found.

Avast Search : jopaxx_1237410615.exe Virus Type is win32:Trojan-gen Location:C:\Users\ddkay27\AppData\Local\Temp

trz3C1E.tmp  Virus Type: same as above  Location: C:\Program Files\websrvx

websrvx.exe Virus Type: same as above  Location: c:\program files/websrvx


SuperAntiSpyware Quarantined Items  Trojan.Dropper/Win-NV  Location : HKLM\Software\Microsoft\Windows\CurrentVersion\Run(sysldtray - c:\windows\d02.exe)

2nd search for superantispyware

Trojan.Dropper/Win-NV Location:  C:\WINDOWS\LD02.EXE
Same Name       Location :  C:\Windows\Prefetch\LD02.EXE-719BAB84.pf

Trojan.Unknown Origin   Location:  C:\WINDOWS\SYSTEM32\DLL32.DLL
same name                    Same Location
Number 3:  Same Name     Location:  HKUS\S-1-5-21-1235594767-156515733-2245494932-1000\Software\Microsoft\Windows\CurrentVersion\Run (dll-rundll32 dll32,sm)




Please help me thanks.


Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Please Help Me
« Reply #1 on: March 19, 2009, 11:09:07 AM »
Welcome to the forum.

Try downloading MBAM with your other computer to a flash drive. http://www.malwarebytes.org/mbam.php
Transfer the file to the sick computer, and run it to install the program.
(If unable to install or run it, post back.)
Once installed, try to update it.
(If unable, install it also to the good computer, update it on that computer, and post back for how to transfer the updated database.)
Run a full scan. Quarantine anything found. If prompted for a restart to remove some files, do so promptly.

MBAM is another very good antimalware scanner also recommended by many.
From what I read, this malware is fairly new. If MBAM doesn't fully get rid of it, there will be some more involved steps to perform, that the more skilled malware fighters here can guide you through.
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Please Help Me
« Reply #2 on: March 19, 2009, 01:34:00 PM »
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Clean your temporary files. You can use CleanUp or CCleaner for that.

2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! instead.

3. It will be good if you download, install, update and run SUPERantispyware, MBAM or SpywareTerminator.
If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
About legit antispyware applications or the bad ones see here.

4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.

5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.

6. After you're clean, disable System Restore on Windows ME, XP or Vista. System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.

7. Use the immunization of SpywareBlaster.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.

kp314

  • Guest
Re: Please Help Me
« Reply #3 on: March 19, 2009, 01:52:13 PM »
Thank you guys for the help.  Its seems that the problem is fixed now.  Not getting any virus on any of the scans and the internet is back to working.  I have Vista and I'm not sure about the system restore.  Do I need to clear this off?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Please Help Me
« Reply #4 on: March 19, 2009, 01:59:53 PM »
Thank you guys for the help.  Its seems that the problem is fixed now.  Not getting any virus on any of the scans and the internet is back to working.  I have Vista and I'm not sure about the system restore.  Do I need to clear this off?
If you're clean, let it running.
But, if you disable, enable again, and then create a clean restore point, you will delete all old restore points and infected ones (if any).
The best things in life are free.