Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91636 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Serious problem with computer!


  • This topic is locked This topic is locked
20 replies to this topic

#16 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 20 May 2008 - 12:43 PM

One thing I noticed is every now and then the AVG antivirus pops up saying it found a trojan.zlob or something like that.

Can you tell me exactly where and what AVG is finding - file name(s) and file path(s) are very helpful.
Death to the salad eaters!

    Advertisements

Register to Remove


#17 tabasco

tabasco

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 20 May 2008 - 11:03 PM

Well I ran another scan with AVG and it didnt' find the trojans I was talking about so I guess maybe they're gone. It did find this: Trojan horse Vundo.j C:\QooBox\Quarantine\catchme2008-05-16_152206.20.zip But everything else seems normal. You are my hero for getting rid of that slime. :notworthy: :notworthy: :notworthy: Edit: This just popped up from AVG as well: Trojan horse agent.VHF C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP12\A0002484.dll

Edited by tabasco, 21 May 2008 - 01:31 AM.


#18 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 21 May 2008 - 01:42 PM

It did find this: Trojan horse Vundo.j C:\QooBox\Quarantine\catchme2008-05-16_152206.20.zip

Cheack out the file path - this is one of the files that Combofix has removed from your system and has stored it in Quarantine for examination, should that be necessary.

This just popped up from AVG as well:

Trojan horse agent.VHF
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP12\A0002484.dll

System Volume Information is where Windows stores it's Restore Points. This detection is a potential risk in that if you restore the PC to this time, you also restore the infected file. That's not something to be overly concerned with as you aren't likely to do that anyway, and the last of the ionstructions that i'll post will flush these Restore Points and all will be well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You need to deal with the multiple anti-virus issue sooner rather than later, and also ensure that you have afirewall up and running too.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ad-Aware SE Personal is out of date and can be uninstalled. The latest version is available here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running an old version of Sun Java which needs updating:
  • Go here and click on the Download button to the right of Java Runtime Environment (JRE) 6u6.
  • Accept the license agreement by clicking the appropriate radio button and then continue.
  • Under Windows Platform - Java™ SE Runtime Environment 6 Update 6, click the Windows Offline Installation, Multi-language link.
  • Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Environment and then reboot your PC.
  • Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
  • Finally double click the installation file that you downloaded earlier.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: combofix /u
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point - this will give a clean one should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.
Death to the salad eaters!

#19 tabasco

tabasco

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 21 May 2008 - 04:09 PM

I did everything you instructed me to do but when I try to delete the Java folder from the C drive it won't let me. A box pops up and says it can't delete jusched.exe, access is denied. Make sure the file is not write protected or in use blah blah blah. Any suggestions?

#20 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 21 May 2008 - 04:37 PM

Try it in Safe Mode - that usually gets the job done.
Death to the salad eaters!

#21 tabasco

tabasco

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 21 May 2008 - 11:33 PM

Try it in Safe Mode - that usually gets the job done.



Yep, that did the trick. Ok well now I guess I'll follow your instructions and wait a couple of days and hopefully everything will be fine. Thanks again for all your help. What you guys are doing here is selfless and admirable and you have my respect.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users