Trojan-Dropper.Vb.KY
Trojan-Dropper.Vb.KY
I have suddenly been invaded with virusses and malware and i have not really been anywhere unsafe, as far as i know.
my virus checker picked this up :Local Settings\Application Data\Mozilla\Firefox\Profiles\qmi4lbh3.default\Cache\86F6D0ADd01: Trojan.Downloader-2388 FOUND
and on my other drive - Lite_Binder.exe (MD5: 744ac5940d7fca41dfd2e469ffc0cd4f, size: 135168 bytes), detected by:
which clamwin calls Trojan.Dropper-2630 and Fsecure calls Trojan-Dropper.Win32.VB.ky
I found the last one to be dangerous malware, but the software to clean it up with is taking YEARS to download.
my head is paining... someone help me clear out the rubbish, please?
by the way, anyone knows this site?
http://virusscan.jotti.org/
oh, it also found this in my System restore???
D:\System Volume Information\_restore{F6CFF493-2791-413F-A9F1-1DBD34710392}\RP74\A0055414.exe: Virtool.Brutus FOUND
my virus checker picked this up :Local Settings\Application Data\Mozilla\Firefox\Profiles\qmi4lbh3.default\Cache\86F6D0ADd01: Trojan.Downloader-2388 FOUND
and on my other drive - Lite_Binder.exe (MD5: 744ac5940d7fca41dfd2e469ffc0cd4f, size: 135168 bytes), detected by:
which clamwin calls Trojan.Dropper-2630 and Fsecure calls Trojan-Dropper.Win32.VB.ky
I found the last one to be dangerous malware, but the software to clean it up with is taking YEARS to download.
my head is paining... someone help me clear out the rubbish, please?
by the way, anyone knows this site?
http://virusscan.jotti.org/
oh, it also found this in my System restore???
D:\System Volume Information\_restore{F6CFF493-2791-413F-A9F1-1DBD34710392}\RP74\A0055414.exe: Virtool.Brutus FOUND
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
Any USB drives perhaps?
Strange emails? Even strange emails from friends?
Can your Virus checker not clean them up?
Strange emails? Even strange emails from friends?
Can your Virus checker not clean them up?
My BF2142 Stats:
Slasher : Former member of www.PCFormat.co.za
I have reached the end of my near 5 year forum life. Farewell good days...
slasher (at) webmail (dot) co (dot) za
Slasher : Former member of www.PCFormat.co.za
I have reached the end of my near 5 year forum life. Farewell good days...
slasher (at) webmail (dot) co (dot) za
Each anti virus has it's own naming scheme...
Just disable system restore (Right click my computer)
restart
Run full system scam
Download spybot search and destroy. Adware SE and Xsoftspy(Trial but will be able to tell if any nasties are left.)
Can also run spywaredoctor for good measure.
After you've found and deleted everything restart -> turn on system restore -> Then create a restore point.
If you still have trouble run MCafee's online scanner. Slow but worth it....
Just disable system restore (Right click my computer)
restart
Run full system scam
Download spybot search and destroy. Adware SE and Xsoftspy(Trial but will be able to tell if any nasties are left.)
Can also run spywaredoctor for good measure.
After you've found and deleted everything restart -> turn on system restore -> Then create a restore point.
If you still have trouble run MCafee's online scanner. Slow but worth it....
Thanks ike, still downloading a trojan cleaner.
Nope Slash - i picked it up in the last 24 hours - and i did not visit places where i could pick something like that up - was surfing mainly science and my usual haunts. No USB or other hardware used, one suspicious e-mail that i deleted imediately after download, not opend.
From what i can gleam the file in my system restore is a password cracker? 8O 8O can't ever remember downloading something like that, and was not previously picked up....
From the two online scanners, in running the infected file for Trojan.Downloader-2388 it seems that its only ClamWin (my virus checker) that finds it - the others normally give you the relative names for the virus/spyware as used by the other checkers.
ClamWin did not quarantine the file. Spybot, Xsoftspy, and Adaware did not find anything and my hijack this file looks clean.
Nope Slash - i picked it up in the last 24 hours - and i did not visit places where i could pick something like that up - was surfing mainly science and my usual haunts. No USB or other hardware used, one suspicious e-mail that i deleted imediately after download, not opend.
From what i can gleam the file in my system restore is a password cracker? 8O 8O can't ever remember downloading something like that, and was not previously picked up....
From the two online scanners, in running the infected file for Trojan.Downloader-2388 it seems that its only ClamWin (my virus checker) that finds it - the others normally give you the relative names for the virus/spyware as used by the other checkers.
ClamWin did not quarantine the file. Spybot, Xsoftspy, and Adaware did not find anything and my hijack this file looks clean.
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
And have you updated your AdAware and Spybot to the newest available versions?
Just a thought, not saying you are stupid, just making sure... One tends to forget once in a while...
Just a thought, not saying you are stupid, just making sure... One tends to forget once in a while...
My BF2142 Stats:
Slasher : Former member of www.PCFormat.co.za
I have reached the end of my near 5 year forum life. Farewell good days...
slasher (at) webmail (dot) co (dot) za
Slasher : Former member of www.PCFormat.co.za
I have reached the end of my near 5 year forum life. Farewell good days...
slasher (at) webmail (dot) co (dot) za
I have done that - and suddenly Spybot has a problem accessing the \Trojans.sbi file?
urghhh!
urghhh!
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
-
- Moderator Emeritus
- Posts: 2338
- Joined: 30 May 2002, 02:00
- Location: Out there somewhere
-
- Moderator Emeritus
- Posts: 5547
- Joined: 21 Dec 2002, 02:00
- Processor: i7 3770k
- Motherboard: ASUS P8P67-Pro
- Graphics card: 2xNvidia GTX670
- Memory: 16 GB Gskill Sniper
- Location: In SQL Space inserting 'null' on purpose
- Contact:
jee the only thing is just that you cannot "delete" the file out of system restore.
check this page for removal aswell:
http://www.spywareremove.com/removeTrojanDropper.html
check this page for removal aswell:
http://www.spywareremove.com/removeTrojanDropper.html
Temporary Absence
nope Cameron, for some reason Clamwin does not want to quarantine - i will run the whole process again in safe mode as soon as i have downloaded this darn programme that is suppose to eat it up. Its called counterspy and its about 80% d/loaded.
thanks Anthro will look - it somehow did not come up with my searches
thanks Anthro will look - it somehow did not come up with my searches
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
-
- Registered User
- Posts: 2663
- Joined: 29 Jul 2004, 02:00
- Location: hidden deep in the depths of the underworld is my home.
- Contact:
Funni thing, Deathstrike - it blocked Spybot.
Anthro, i have a problem with the Spyhunter tool - it keeps on hijacking my page and wants to open explorer!!!! - and then process guard was not happy and neither Spybot...
I have however found CounterspyV2 - a rather big file (and this is just trial ) that cleared up one trojan, the RAT, it did not like spywareStormer and found a backdoor in my MIRC 8O
Other thing - For that TrojanDropper - none of the processes run in my task manager ...
*sigh*
Anthro, i have a problem with the Spyhunter tool - it keeps on hijacking my page and wants to open explorer!!!! - and then process guard was not happy and neither Spybot...
I have however found CounterspyV2 - a rather big file (and this is just trial ) that cleared up one trojan, the RAT, it did not like spywareStormer and found a backdoor in my MIRC 8O
Other thing - For that TrojanDropper - none of the processes run in my task manager ...
*sigh*
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
http://www.bitdefender.com/VIRUS-170347 ... VB.AE.html
Might want to give it a try. Its small so it shouldnt take long to download
I would run it in safe mode. after that disable system restore if you never use it.
\Trojans.sbi is a defenition file not a trojan.
Restart ant try again maybe its in use.
Might want to give it a try. Its small so it shouldnt take long to download
I would run it in safe mode. after that disable system restore if you never use it.
\Trojans.sbi is a defenition file not a trojan.
Restart ant try again maybe its in use.
Thanks SBSP - i did, but Spybot still finds a problem with that definition file.
I used CounterSpy, and am currently running every test again - but it seems it has found the porblem.
Cameron, can you look at the programme for possible inclusion on the disk?
Unfortunately you can only use it for a trial period, but i would like someone to look at it and tell me if they think its worth while buying?
BTW, if a programme like that has deleted/quarantined files, once you remove it from your hddrive, what happens to the quarantined files?
I used CounterSpy, and am currently running every test again - but it seems it has found the porblem.
Cameron, can you look at the programme for possible inclusion on the disk?
Unfortunately you can only use it for a trial period, but i would like someone to look at it and tell me if they think its worth while buying?
BTW, if a programme like that has deleted/quarantined files, once you remove it from your hddrive, what happens to the quarantined files?
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
-
- Registered User
- Posts: 8346
- Joined: 10 May 2006, 02:00
- Processor: Intel i5-3750
- Motherboard: Gigabyte
- Graphics card: nVidia GTX 550Ti
- Memory: 8GB Jetram
- Contact:
AVG anti Spyware in safemode is a winner.
Try it jee, I had a few errors, and that fixed all of them.
Also, when you are done with AVG Anti Spyware, download rootcheck from http://www.uploads.ejvindh.net/rootchk.exe as well as Combofix from http://www.techsupportforum.com/sectool ... mboFix.exe.
Run rootcheck first (after you've run AVG). Don't have any other windows open, as it might interupt the program. When rootcheck is done, run Combofix. also, don't let any windows be open. You will get the best results if you do all these in safe mode.
Try it jee, I had a few errors, and that fixed all of them.
Also, when you are done with AVG Anti Spyware, download rootcheck from http://www.uploads.ejvindh.net/rootchk.exe as well as Combofix from http://www.techsupportforum.com/sectool ... mboFix.exe.
Run rootcheck first (after you've run AVG). Don't have any other windows open, as it might interupt the program. When rootcheck is done, run Combofix. also, don't let any windows be open. You will get the best results if you do all these in safe mode.
actually i used both bitdefender and AVG before - we have been finding that sometimes the one picks up noenoes that the other does not.. and vv
i have actually been looking for a good anti-virus. I don't mind paying.
i have actually been looking for a good anti-virus. I don't mind paying.
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
NOD32 - +-R350(incl), although they've got some sort of special running now, (-30%), so you could pick it up for R250..jee wrote:i have actually been looking for a good anti-virus.
0860-373 872 - ask for wayne(?).
i use this with comodo on the one machine and with outpost on my gateway. i have not had a single nasty since installing this one, the updates are tiny and have not once produced a corrupted image database - it's so light i'm hardly aware it's even there...
even better, scans which ordinarily took 4+ hours now take between 1 and 2hrs...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
I downloaded counter spy.
and just finished scanning my PC
It found only 2 items
But the weird thing it found in these files.
The key logger is just source code? and it still picked it up ?
Jesus Touch RAT
also from VB source code files Elite spy, A tool i found on planet-source-code many moons ago, It manipulates Windows handles
like button text , Window sizes, minimized maximized in realtime ect.
and just finished scanning my PC
It found only 2 items
But the weird thing it found in these files.
The key logger is just source code? and it still picked it up ?
Jesus Touch RAT
also from VB source code files Elite spy, A tool i found on planet-source-code many moons ago, It manipulates Windows handles
like button text , Window sizes, minimized maximized in realtime ect.
Code: Select all
Global Hook Key Logger more information...
Status: Ignored
Files detected
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\GlobalHook.dof
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\GlobalHook.res
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\HkLib.dpr
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\ufGlobHook.dfm
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\ufGlobHook.pas
Jesus Touch RAT more information...
Status: Ignored
Files detected
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\Mixed\EliteSpy\frmMemInfo.frx