A trojan got me - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

May 16^th, 2008, 2:46am

   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   A trojan got me

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: A trojan got me (Read 176 times)

I_am_stupid
Newbie

Posts: 7

A trojan got me
« on: Apr 1^st, 2008, 1:23pm »

Quote

Modify

Yesterday I found a trojan - or more accurate - TrojanHunter found it.

It's name is TrojanDownloader [dot] Zlob [dot] 630.

That name only gives 2 hits in a Google search and none in here. I was wondering if anyone would know what it is and what it does?

I deleted of cause it but it messed up my pc...

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: A trojan got me
« Reply #1 on: Apr 1^st, 2008, 2:16pm »

Quote

Modify

Welcome to the forum I_am_stupid Wink

Would you please look in the Quarantine folder of TH and tell me what the name of the file is that TH quarantined.

- Open TH GUI
- Click on the Quarantine icon on the left menu bar
- The name of the file will be displayed.

Also, please download/install Hijackthis and post a scan log back here. The link below is for Hijackthis download.

http://www.misec.net/forum/board/FAQ/1163329424

When you say it messed up your computer, please state the symptons of what is happening.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

I_am_stupid
Newbie

Posts: 7

Re: A trojan got me
« Reply #2 on: Apr 1^st, 2008, 2:42pm »

Quote

Modify

Well, that is a problem - I deleted the trojan as well as the Quarantine log in panic - thinking that is should be as gone as possible. Today TrojanHunter left this log but this is something else, I believe?

C:\Documents and Settings\Username\Local Settings\Temp\MSFT\NAV\Support\SymLnch\SymLnch.exe

pcyxdOm8.dat

Copy made manually - errors probably my fault.

Update I deleted it anyway.

« Last Edit: Apr 1^st, 2008, 2:59pm by I_am_stupid »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: A trojan got me
« Reply #3 on: Apr 1^st, 2008, 2:54pm »

Quote

Modify

Please do a search on your computer to see if file SymLnch.exe is present on your computer. It should be in a Norton Antivirus folder.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

I_am_stupid
Newbie

Posts: 7

Re: A trojan got me
« Reply #4 on: Apr 1^st, 2008, 3:08pm »

Quote

Modify

It isn't, it seems. I believe I deleted it. Norton has not been renewed, but I run the old scan from time to time. Since all functions no longer work it can't conflict with active anti-malware functions.

Norton can't do anything any more. It just scans passively. You can't delete what it finds.

I have other programmes now.

« Last Edit: Apr 1^st, 2008, 5:20pm by I_am_stupid »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: A trojan got me
« Reply #5 on: Apr 1^st, 2008, 3:21pm »

Quote

Modify

Okay...on Norton.

Quote:

I deleted of cause it but it messed up my pc...

Can you please explain what is happening when you state "messed up my pc"? �Error messages? BSODs? �or what.

« Last Edit: Apr 1^st, 2008, 3:21pm by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: A trojan got me
« Reply #6 on: Apr 1^st, 2008, 3:27pm »

Quote

Modify

By the way,

It is not advisable to keep Norton AV on your system if you have another AV or Internet Security Suite installed. Norton integrates deep into Windows and runs some of its components even if it is "inactive". This can cause conflicts and issues with your other AV and can result in Windows acting up.

You really should remove Norton with the Symantec Removal Tool which you can download from here:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/200503310816203 9

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

I_am_stupid
Newbie

Posts: 7

Re: A trojan got me
« Reply #7 on: Apr 1^st, 2008, 4:15pm »

Quote

Modify

Well, I should inform you, that I already have troubled one fine forum with my log files, - I guess it's not a good idea confuse oneself with more advisers. But here are my logs:

http://www.mediafire.com/?xijgnswjixm

And I know I need to uninstall quite a few of all these safety programmes. Only I was trying to hunt down the errors in my pc.

I'll write a description of all the pc mess I have here. Will post again in a little while.

« Last Edit: Apr 1^st, 2008, 4:31pm by I_am_stupid »

IP Logged

I_am_stupid
Newbie

Posts: 7

Re: A trojan got me
« Reply #8 on: Apr 1^st, 2008, 4:29pm »

Quote

Modify

on Apr 1^st, 2008, 3:27pm, siliconman01 wrote:

remove Norton with the Symantec Removal Tool which you can download from here:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/200503310816203 9

Will do. I will start a final Norton run right away and then delete all. Will also download new Firewall.

« Last Edit: Apr 1^st, 2008, 4:32pm by I_am_stupid »

IP Logged

I_am_stupid
Newbie

Posts: 7

Re: A trojan got me
« Reply #9 on: Apr 1^st, 2008, 7:51pm »

Quote

Modify

The trojan is still here. It just added bookmarks. It was all the bookmarks I already have once. It is doubling all my files. I now have all my documents twice. It also disabled protection in my SpywareBlaster for hundreds of sites I never visited or even heard of. One of them was esafetylist. I heard of that one!

It moved my "Start" folder and my "%SystemDrive%" folder, changes my start page, puts a shadow under the arrow/cursor. And more probably.

Update: It also keeps shutting of Windows firewall.

« Last Edit: Apr 1^st, 2008, 10:06pm by I_am_stupid »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: A trojan got me
« Reply #10 on: Apr 2^nd, 2008, 12:05am »

Quote

Modify

Please do the following:

1. �Download/install program Hijackthis per the instructions in the link below.

http://www.misec.net/forum/board/FAQ/1163329424

2. �Go to the link below and download program Combofix.exe and save it on your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

3. �Temporarily de-Activate all your security programs EXCEPT your software firewall.

4. �Close down as many programs as you can (programs in the Notification Tray- �next to the clock).

5. �Close your browser.

6. �Double click on Combofix.exe to execute it and follow the instructions.

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

- �When Combofix.exe is finished, it will save a log on your system. �

7. Then run LiveUpdate in TrojanHunter to obtain the latest rulesets.

8. Reboot your computer into SAFE MODE.

9. Run a FULL scan of your system using TrojanHunter. Let it quarantine what it finds as malicious.

10. Reboot your computer back into Normal Mode

11. �Post the Combofix log back here �

12. Post the TrojanHunter scan log back here. It can be found in the Scan Report folder at C:\Program Files\TrojanHunter 5.0\Scan Reports

13. �Run Hijackthis and post a HiJackthis scan log back here. �DO NOT fix anything with HJT...just post the scan log. �

« Last Edit: Apr 2^nd, 2008, 12:55am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!