Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 20th, 2008, 1:15am
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   help! My computer has a trojan.		 « Previous topic | Next topic »
Pages: 1 2 3  ...  5 Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: help! My computer has a trojan.  (Read 5608 times)
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
help! My computer has a trojan.
« on: Jun 12th, 2006, 4:38am »		 Quote Quote  Modify Modify
Hi all,
Let me start by saying that I am a complete novice. I have only the user-end knowledge of my laptop (Windows XP), but am not very well-versed with the technical stuff.
Today, all of a sudden I got a pop-up message from Avast! (the anti-virus I use) that it had detected a trojan horse on my system called Win32:Ircbot-ZK
It was initially located in the Documents and Settings/All Users/Shared Documents/Shared Music folder. I opted to delete the file permanently. But it soon reappeared in other folders within Shared Documents (and stuck to this folder, thankfully!).
I keep deleting this, but it keeps reappearing. Frustrated, I deleted all the shared sub-folders in the Shared Documents folder, and "un"shared it. But I still got this pop-up!
I am downloading the trial version of Trojan Hunter, but I still want to know where I went wrong.
I had downloaded the evaluation version of WinRAR from www.download.com today. I have already uninstalled this.
Please tell me what I should do, and what other details I can provide you with.
Please help!
D.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5516
Re: help! My computer has a trojan.
« Reply #1 on: Jun 12th, 2006, 5:22am »		 Quote Quote  Modify Modify
Welcome to the forum dchndrsk  Cheesy
 
Do you have TrojanHunter V4.5 on your system?  If not, please download/install the trial version.  Once you get it installed and set up, reboot into SAFE MODE and do a full scan with TrojanHunter scanner.  Let it remove what it finds.  
 
Then reboot into normal mode.  Disable Avast and do a full scan with TrojanHunter scanner.  Does it detect anything?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #2 on: Jun 12th, 2006, 5:38am »		 Quote Quote  Modify Modify
Thanks Siliconman!  
I have downloaded and installed the 4.5 version, but am unsure about how to log on in the Safe Mode (like I said, I'm a *total* newbie at this type of stuff!)!
Smiley
D.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5516
Re: help! My computer has a trojan.
« Reply #3 on: Jun 12th, 2006, 6:20am »		 Quote Quote  Modify Modify
The link below will explain how to log in SAFE MODE based on the Windows OS you have.   Wink
 
http://forum.misec.net/board/FAQ/1144043085
« Last Edit: Jun 12th, 2006, 6:21am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #4 on: Jun 12th, 2006, 6:34am »		 Quote Quote  Modify Modify
Hi Siliconman,
I managed to figure out how to log onto the Safe Mode (thanks to Windows Help!).
Well, I tried both the things you suggested, and nothing turned up in either case. But then, Avast! hasn't complained about the trojan for almost two hours now (a new record today)!
At the moment, should I consider Avast!'s silence as a sign that the Trojan is gone (though I don't know how or where?). Especially since Trojan Hunter didn't turn up anything?
What advice for the novice?
D.
 
 
 
IP Logged
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #5 on: Jun 12th, 2006, 6:40am »		 Quote Quote  Modify Modify
Oh, and I forgot to say: thank you!
Smiley
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5516
Re: help! My computer has a trojan.
« Reply #6 on: Jun 12th, 2006, 8:17am »		 Quote Quote  Modify Modify
Well, the signs are encouraging...that's for sure.
 
What I recommend is that you go to the link below and do a remote scan by Kaspersky just to make an additional check.
Be sure to disable Avast when doing the remote scan.
 
http://forum.misec.net/board/FAQ/1141894786
 
If Kaspersky scans clear, then I would say that you are clean at least for the time being.  However, you may be inadvertently going to a malicious website that could bless you with the same trojan again.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #7 on: Jun 12th, 2006, 8:41pm »		 Quote Quote  Modify Modify
Hi Siliconman,
I suspect that the malicious site I have been accessing is www.download.com
I tried to get Winrar yesterday from there to open some data files for my work. I guess that's one place I am never trusting again!
I will try out the remote scan and let you know the results.
thanks again!
-
D.
 
IP Logged
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #8 on: Jun 12th, 2006, 10:51pm »		 Quote Quote  Modify Modify
Well, a Kapersky scan turned out clean.
Smiley
I guess I can rest easy for now.
Thanks for all the help!
Di.
IP Logged
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #9 on: Jun 12th, 2006, 10:55pm »		 Quote Quote  Modify Modify
oops! I meant "Kaspersky".
Thanks again.
D.
 
p.s. I feel quite the tech-savvy person now after all the scans! Wink
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5516
Re: help! My computer has a trojan.
« Reply #10 on: Jun 13th, 2006, 1:19am »		 Quote Quote  Modify Modify
U B Most Welcome, "geek" D.  Grin
 
A good practice to use on files that you download from sites on the Internet for installation on your computer is to "right click" scan the file with your AV and TrojanHunter before you install it.  
 
Many users send it through "jotti" for a complete scan just to make sure.  (jotti found on the same link I gave you for a remote scan by Kaspersky)
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #11 on: Jun 21st, 2006, 11:37pm »		 Quote Quote  Modify Modify
Hi Siliconman,
I am back (sadly) and worse, so is this trojan horse!
I am beginning to doubt the effectiveness of TrojanHunter Guard now. I scanned for the trojanhorse in the folders that Avast indicated it was in, *even as Avast was warning me of it*. And TrojanHunter did not detect it!!!  
I have had to simply depend upon Avast to take care of the trojan (which obviously hasn't gone yet).
 
What am I missing?
(don't feel quite the tech-savvy person anymore).
Sad
D.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5516
Re: help! My computer has a trojan.
« Reply #12 on: Jun 22nd, 2006, 4:33am »		 Quote Quote  Modify Modify
It is not uncommon for one security program (Avast in your case) to grab a malicious file first and lock it out so another security program does not or cannot "see" it (TH).  It's the old "who gets there first" issue.  
 
Would you please submit the malicious file that Avast is detecting to Mischel for analysis.  It sounds like something may not be fully removed which may be causing it to return.
 
http://forum.misec.net/board/FAQ/1139308293
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dchndrsk
Newbie
*





   


Gender: female
 Posts: 9
Re: help! My computer has a trojan.
« Reply #13 on: Jun 22nd, 2006, 10:43pm »		 Quote Quote  Modify Modify
I would, except that it has stopped reappearing since yesterday's "spate". Plus, it is not any one file.
First, I get a notice saying that some *.exe file in one folder has the trojan. When I "permanently delete" it, it almost immediately reappears in another folder with another name! I keep "permanently delete-ing" these files until I stop getting any more notices (which is a total of about six to eight times of "permanently deleting" the files.
I can't locate these files right now, maybe because I deleted them. But I am sure they will be back sometime when I least expect it. Maybe then I can send it to Mischel..
D.
IP Logged
grampa_simpson
Newbie
*






   


Gender: male
 Posts: 49
Re: help! My computer has a trojan.
« Reply #14 on: Feb 6th, 2007, 3:37pm »		 Quote Quote  Modify Modify
on Jun 12th, 2006, 5:22am, siliconman01 wrote:
Welcome to the forum dchndrsk  :D
 
Do you have TrojanHunter V4.5 on your system?  If not, please download/install the trial version.  Once you get it installed and set up, reboot into SAFE MODE and do a full scan with TrojanHunter scanner.  Let it remove what it finds.  
 
Then reboot into normal mode.  Disable Avast and do a full scan with TrojanHunter scanner.  Does it detect anything?  

 
Hi i have problem with a trojan ... i tried to scan in safemode, and after this everything was clean .... but when i tried in usual mode following was detected
 
Registry scan
 
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (matches Agent.100) (Regedit Jump)
 
Inifile scan
 
No suspicious entries found
 
Port scan
 
No suspicious open ports found
 
Memory scan
 
No trojans found in memory
 
File scan
 
Found trojan file: C:\Documents and Settings\Johnny\Lokale innstillinger\Temporary Internet Files\Content.IE5\RGS5HOCB\xc23[1].exe (TrojanDownloader.Tiny.191)
 
Found trojan file: C:\Documents and Settings\Johnny\Lokale innstillinger\Temporary Internet Files\Content.IE5\WL1TWGZQ\mulbin32[1].exe (TrojanDownloader.PurityScan.143)
 
Found trojan file: C:\Documents and Settings\Johnny\Lokale innstillinger\Temporary Internet Files\Content.IE5\WL1TWGZQ\wlzip32[1].exe (TrojanDownloader.Agent.1028)
 
Found trojan file: C:\WINDOWS\system32\v6.exe (TrojanDownloader.Tiny.191)
 
Found trojan file: C:\WINDOWS\Temp\win3D9.tmp.exe (TrojanDownloader.Agent.1028)
 
Found trojan file: C:\WINDOWS\Temp\win3DD.tmp.exe (TrojanDownloader.PurityScan.143)
 
Found trojan file: C:\WINDOWS\Temp\win3DF.tmp.exe (TrojanDownloader.Tiny.191)
 
the agent.100 in registry comes back almost imidiately after its deleted.... the others appears one after one at intervals  
in temp internet files and temp folder (in windows folder)
 
can Anyone on basis of above tell me what trojan it is that makes the others .. and if possible to get rid of it.
 
each time  a winxxx.tmp.exe file is created it tries to connect to internet.
 
At intervals i'm told to buy div spyware programs ... is that all this specific trojan is designed for, or is it also build for  ... or is it also for getting acess to my personal data on my pc, and can it do that ... when i have my firewall running?
 
I know this was a lot, but any help to a newbie is very much apreciated.
thanks
« Last Edit: Feb 6th, 2007, 3:38pm by grampa_simpson » IP Logged
Pages: 1 2 3  ...  5 Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register