PDA

View Full Version : Spyware/Malware/Virus/Trojan


boltAge
05-16-2004, 02:10 PM
Okay, it's official, I have some crap Trojan on my damned com.

My Norton Antivirus Auto Protect recently detected a couple of viruses, one being Unix.Penguin (http://www.sarc.com/avcenter/venc/data/unix.penguin.html). And some other crap called Roings, which Adaware identified as Malware, and NortonAntiVirus identifed as Virus.

I have Adaware, Spybot: Search & Destroy, Norton Antivirus, aČ(A malware detecting program) installed, and Adaware always detect some crap when I run it, while the rest does nothing, except Norton which occasionally detect Viruses. I believe my com hasn't been badly damaged, since the viruses/trojans are just lagging up my com and installing some stupid spyware, and not shutting down my com for no reason. Roings ALWAYS appear in the Adaware list as Malware, and no matter how many times I clear it, it still is there when I check it the next time. Stupid Norton isn't capable of repairing my com from that Unix.Penguin trojan horse, so I'm running the McAfee free scan now. It hasn't detected anything...yet.

I practically don't know what to do, since Dad's overseas and Mum's not very good with computers. Suggestions pls, and I don't want pity posts like, "I feel very sorry that your computer has Trojan, but sadly, I don't know what to do either.". Kay thanks.

Kenny_C.002
05-16-2004, 04:11 PM
You could always try runnign avast antivirus also.

If the virus is just doing slowdowns and such, it might not be too much of a problem right now and you can wait fr your dad to return if needed be. IF not, you can format the computer (it being the most extreme thing to do and not recommended).

boltAge
05-16-2004, 04:29 PM
I had that avast thingey, but I didn't know how to run that damned thing, and the lag was hell frustrating, so I destroyed that damned program. I don't think it was of much use, neways.

And the lag appears only during certain times of the day, thank goodness it doesnt appear at night or else I would have fallen asleep.

Ironshell Blastoise
05-16-2004, 05:25 PM
I guess I'll post my problem here, since its the right kind of thread. Sorry if I intrude, Raik =[

Anyway, I thought I had rid myself of my damn mysearchnow problem when I deleted the Prefs.js file off my comp last week. Well, I don't know what site it is, but its loaded again, only this time, I'll delete it, and when I restart my comp, it will reappear. And then when I open up the internet, the homepage will be something like "mysearchnow/gothrough/yahoo" or whatnot. And there is also some mysearchnow toolbar at the bottom. Spybot doesn't find it (if it does, the name it finds it under doesn't say mysearchnow) because it keeps loading after I use Spybot. I used RAV online scan, and it found 86 infected files on my comp. Can anyone tell me what files I can delete to rid myself of these problems, and what FREE programs are out there that will erase the problems I can't manually delete?

Here is my log from my comp scan:

Scan started at 5/16/04 11:28:18 AM

Scanning memory...
c:\NULL - TrojanDownloader:Win32/Qdown -> Infected
c:\WINDOWS\infamous.exe - PWS:Win32/Briss -> Infected
c:\WINDOWS\TWAINTEC.DLL - Trojan:Win32/Spy.BiSpy.C -> Infected
c:\WINDOWS\2_0_1browserhelper2.dll - Clicker:Win32/Delf -> Infected
c:\WINDOWS\nem214.dll - TrojanDownloader:Win32/Dyfuca.O -> Infected
c:\WINDOWS\SYSTEM\Fr03tp.dll - TrojanDownloader:Win32/Rameh -> Infected
c:\WINDOWS\SYSTEM\w3th3rb.dll - TrojanDownloader:Win32/Rameh.A -> Infected
c:\WINDOWS\SYSTEM\Gt1nc.dll - TrojanDownloader:Win32/Rameh.A -> Infected
c:\WINDOWS\SYSTEM\GrlNt0i.dll - TrojanDownloader:Win32/Rameh.A -> Infected
c:\WINDOWS\SYSTEM\Iaicm.dll - TrojanDownloader:Win32/Rameh.A -> Infected
c:\WINDOWS\SYSTEM\bridge.dll - SpyTool:Win32/Briss.H -> Infected
c:\WINDOWS\TEMP\Belt.cab->Belt.exe - TrojanDownloader:Win32/Stubby.A -> Infected
c:\WINDOWS\TEMP\Belt.exe - TrojanDownloader:Win32/Stubby.A -> Infected
c:\WINDOWS\TEMP\down.cab->btiein.dll - TrojanDownloader:Win32/Qdown -> Infected
c:\WINDOWS\TEMP\optimize.exe - TrojanDownloader:Win32/Dyfica.AK -> Infected
c:\WINDOWS\TEMP\THI237C.TMP\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
c:\WINDOWS\TEMP\THI237C.TMP\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
c:\WINDOWS\Application Data\wa_inst.exe - TrojanDropper:Win32/Small.FL -> Infected
c:\WINDOWS\Application Data\qsoasoiv.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\zcurukwt.exe - TrojanDownloader:Win32/Swizzor.F -> Infected
c:\WINDOWS\Application Data\fltoulkv.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ntrajcix.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\twkvlypx.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ubhsfnhh.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ehcgbpug.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\agdihxrg.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\fjlobkvg.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\jhgzmbli.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\tvlgxonb.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\xhjmhecg.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\dgukdglp.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ypnxtnjk.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\fltyyieb.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\vdlnuzlp.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\bssgjmha.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\lsxylqzo.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\cbfzwmnv.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\salmcmuj.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\dujkqzcx.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\svdudfdc.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ignojdiq.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\agyybpho.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\kpglanez.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\wnhtjskj.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\tzfetbhz.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\zoficmgb.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\yqijhmye.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\hpbgaxxk.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\qwwxxxyw.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\hroxkvpq.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\akbkxgpo.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\pkleptko.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\hmpqapdt.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\jakorpnx.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ptraaxwv.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\pxjmkdqa.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\eooilmbk.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ebhaabbq.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ptjxtaet.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\eplyzeps.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\koaejvdh.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\nnipalwx.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\arkqggma.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\uklzziqj.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\gmntukfh.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\omqkcmes.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\bhyquwuq.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\acfmunxl.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\ccrnkoum.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\fycixwqi.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\fsexetqd.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\wakabebp.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\jqeukodw.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\irggnrxo.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\mdgjnwqc.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\dflmpsqv.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\rmfwravh.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\iabgcnlu.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\sgxefdew.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\iumogfqi.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\mdoutzmz.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Application Data\btbjiabt.exe - Backdoor:Win32/Small.EG -> Infected
c:\WINDOWS\Downloaded Program Files\UCSearch.ocx - TrojanDownloader:Win32/VB.BN -> Infected
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\UCSearch.ocx - TrojanDownloader:Win32/VB.BN -> Infected
c:\WINDOWS\Downloaded Program Files\CONFLICT.2\UCSearch.ocx - TrojanDownloader:Win32/VB.BN -> Infected
c:\Program Files\Common Files\Slmss\slmss.exe - Trojan:Win32/SecondThought.A -> Infected
c:\Program Files\STC\ClrSchP038.exe - Backdoor:Win32/Ruledor.B -> Infected
c:\Program Files\STC\slmss.exe - Trojan:Win32/SecondThought.A -> Infected
c:\Program Files\That Clock\acid.exe - TrojanDropper:Win32/Small.FL -> Infected

Scanned
============================
Objects: 15953
Directories: 1786
Archives: 2044
Size(Kb): 1957253
Infected files: 89

Found
============================
Viruses found: 16
Suspicious files: 0
Disinfected files: 0
Mail files: 285


I was thinking on deleting all of them, but I don't want to delete something I might need and then get in a shitload of trouble for trying to fix my comp without talking to anyone again. We have had to totally reformat my comp about 5 times because I thought I could fix my comp on my own. One time, it took us 3 days straight because we had to figure out how to load .ini files on my comp because I had deleted them on accident, and then the comp wouldn' allow us into DOS. I don't remember how we fixed it, but that doesn't matter now anyways. I just need help cleaning off my comp =[

PokemonElite2000
05-16-2004, 10:19 PM
boltAge: Try Bazooka Adware and Spyware Scanner: http://download.com.com/3000-8022-10247783.html?tag=list

kholdstaire: If you haven't already, read my guide: http://www.pokemonelite2000.com/antivirusspyware.html . I think the program Ad-aware will help you out. As well as the program I mentioned to boltAge.

Nefarious
05-17-2004, 05:36 PM
boltAge: Try Bazooka Adware and Spyware Scanner: http://download.com.com/3000-8022-10247783.html?tag=list

kholdstaire: If you haven't already, read my guide: http://www.pokemonelite2000.com/antivirusspyware.html . I think the program Ad-aware will help you out. As well as the program I mentioned to boltAge.

About a year ago, I saw your link to adware 6.0. I am really fortunate to have it. I would have never found out about it if I weren't a pokemon fan. When I first used it, I had like 600 spyware things on my computer. If it weren't for you, I would have the slowest computer in the world.

PokemonElite2000
05-17-2004, 09:47 PM
About a year ago, I saw your link to adware 6.0. I am really fortunate to have it. I would have never found out about it if I weren't a pokemon fan. When I first used it, I had like 600 spyware things on my computer. If it weren't for you, I would have the slowest computer in the world.
Your welcome, glad I can help :wink: .

Ironshell Blastoise
05-17-2004, 10:11 PM
AGH, the link you gave us about the antivirusspysoftware isn't working. =[

BTW, I was there yesterday, so iono why its not working.

boltAge
05-19-2004, 02:43 PM
boltAge: Try Bazooka Adware and Spyware Scanner: http://download.com.com/3000-8022-10247783.html?tag=list

kholdstaire: If you haven't already, read my guide: http://www.pokemonelite2000.com/antivirusspyware.html . I think the program Ad-aware will help you out. As well as the program I mentioned to boltAge.
wow, that works :o It found like 4 spyware/adware and stuff, although it doesnt auto delete them for you. *goes to load it again to check for more -wares*