Trojan-Dropper.Vb.KY

[jee]

I have suddenly been invaded with virusses and malware and i have not really been anywhere unsafe, as far as i know.

my virus checker picked this up :Local Settings\Application Data\Mozilla\Firefox\Profiles\qmi4lbh3.default\Cache\86F6D0ADd01: Trojan.Downloader-2388 FOUND

and on my other drive - Lite_Binder.exe (MD5: 744ac5940d7fca41dfd2e469ffc0cd4f, size: 135168 bytes), detected by:

which clamwin calls Trojan.Dropper-2630 and Fsecure calls Trojan-Dropper.Win32.VB.ky

I found the last one to be dangerous malware, but the software to clean it up with is taking YEARS to download.

my head is paining... someone help me clear out the rubbish, please?

by the way, anyone knows this site?
http://virusscan.jotti.org/

oh, it also found this in my System restore???
D:\System Volume Information\_restore{F6CFF493-2791-413F-A9F1-1DBD34710392}\RP74\A0055414.exe: Virtool.Brutus FOUND

[Slasher]

Any USB drives perhaps?

Strange emails? Even strange emails from friends?

Can your Virus checker not clean them up?

[Ike]

Each anti virus has it's own naming scheme...

Just disable system restore (Right click my computer)
restart
Run full system scam
Download spybot search and destroy. Adware SE and Xsoftspy(Trial but will be able to tell if any nasties are left.)

Can also run spywaredoctor for good measure.

After you've found and deleted everything restart -> turn on system restore -> Then create a restore point.

If you still have trouble run MCafee's online scanner. Slow but worth it....

[jee]

Thanks ike, still downloading a trojan cleaner.

Nope Slash - i picked it up in the last 24 hours - and i did not visit places where i could pick something like that up - was surfing mainly science and my usual haunts. No USB or other hardware used, one suspicious e-mail that i deleted imediately after download, not opend.

From what i can gleam the file in my system restore is a password cracker? 8O 8O can't ever remember downloading something like that, and was not previously picked up....

From the two online scanners, in running the infected file for Trojan.Downloader-2388 it seems that its only ClamWin (my virus checker) that finds it - the others normally give you the relative names for the virus/spyware as used by the other checkers.


ClamWin did not quarantine the file. Spybot, Xsoftspy, and Adaware did not find anything and my hijack this file looks clean.

[Slasher]

And have you updated your AdAware and Spybot to the newest available versions?

Just a thought, not saying you are stupid, just making sure... One tends to forget once in a while...

[jee]

I have done that - and suddenly Spybot has a problem accessing the \Trojans.sbi file?

urghhh!

[Cameron_Losco]

Why didn't clamwin quarantine? I take it that you ran the scan under safe mode, if you didn't then this could be the reason.

[Anthro]

jee the only thing is just that you cannot "delete" the file out of system restore.
check this page for removal aswell:
http://www.spywareremove.com/removeTrojanDropper.html

[jee]

nope Cameron, for some reason Clamwin does not want to quarantine - i will run the whole process again in safe mode as soon as i have downloaded this darn programme that is suppose to eat it up. Its called counterspy and its about 80% d/loaded.

thanks Anthro will look - it somehow did not come up with my searches

[DeathStrike]

sound very nasty. reminds me to check my pc..

*starts spybot and ad-aware 2007.*

[jee]

Funni thing, Deathstrike - it blocked Spybot.


Anthro, i have a problem with the Spyhunter tool - it keeps on hijacking my page and wants to open explorer!!!! - and then process guard was not happy and neither Spybot...

I have however found CounterspyV2 - a rather big file (and this is just trial ) that cleared up one trojan, the RAT, it did not like spywareStormer and found a backdoor in my MIRC 8O

Other thing - For that TrojanDropper - none of the processes run in my task manager ...
*sigh*

[SBSP]

http://www.bitdefender.com/VIRUS-170347 ... VB.AE.html

Might want to give it a try. Its small so it shouldnt take long to download
I would run it in safe mode. after that disable system restore if you never use it.

\Trojans.sbi is a defenition file not a trojan.
Restart ant try again maybe its in use.

[jee]

Thanks SBSP - i did, but Spybot still finds a problem with that definition file.
I used CounterSpy, and am currently running every test again - but it seems it has found the porblem.

Cameron, can you look at the programme for possible inclusion on the disk?

Unfortunately you can only use it for a trial period, but i would like someone to look at it and tell me if they think its worth while buying?

BTW, if a programme like that has deleted/quarantined files, once you remove it from your hddrive, what happens to the quarantined files?

[DarkRanger]

AVG anti Spyware in safemode is a winner.

Try it jee, I had a few errors, and that fixed all of them.

Also, when you are done with AVG Anti Spyware, download rootcheck from http://www.uploads.ejvindh.net/rootchk.exe as well as Combofix from http://www.techsupportforum.com/sectool ... mboFix.exe.

Run rootcheck first (after you've run AVG). Don't have any other windows open, as it might interupt the program. When rootcheck is done, run Combofix. also, don't let any windows be open. You will get the best results if you do all these in safe mode.

[JustIce91]

If you used BitDfender I would have told you to speak to them. I once had a stuborn virus that BD couldnt get rid of so they ended up making me my own removal tool.

[jee]

actually i used both bitdefender and AVG before - we have been finding that sometimes the one picks up noenoes that the other does not.. and vv

i have actually been looking for a good anti-virus. I don't mind paying.

[rustypup]

i have actually been looking for a good anti-virus.

NOD32 - +-R350(incl), although they've got some sort of special running now, (-30%), so you could pick it up for R250..

0860-373 872 - ask for wayne(?).

i use this with comodo on the one machine and with outpost on my gateway. i have not had a single nasty since installing this one, the updates are tiny and have not once produced a corrupted image database - it's so light i'm hardly aware it's even there...

even better, scans which ordinarily took 4+ hours now take between 1 and 2hrs...

[SBSP]

I downloaded counter spy.

and just finished scanning my PC

It found only 2 items

But the weird thing it found in these files.

The key logger is just source code? and it still picked it up ?

Jesus Touch RAT
also from VB source code files Elite spy, A tool i found on planet-source-code many moons ago, It manipulates Windows handles
like button text , Window sizes, minimized maximized in realtime ect.

Code: Select all

Global Hook Key Logger  more information...
Status: Ignored

Files detected
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\GlobalHook.dof
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\GlobalHook.res
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\HkLib.dpr
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\ufGlobHook.dfm
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\KeyLoggers\KeyLog4\KeyLog\ufGlobHook.pas


Jesus Touch RAT  more information...
Status: Ignored

Files detected
C:\G\keeper\Source\Programming\VBSource\VBSource-Code\Mixed\EliteSpy\frmMemInfo.frx