TechSpot

darksma downloader and 2 trojan.agent on my other pc

By jessa_jr
Jun 28, 2007
  1. I scan virus using yahoo anti-spy and found out I have a darksma downloader that download 2 trojan and pop-up to my computer, I scan it using norton 2007 but not found any virus.

    I scan it by ad-aware se and found 5 critical object but i does not save the log file.

    I scan it using panda online scan but no virus found.

    I scan it using avg anti-spyware and found 2 trojan.agent virus but I already configure the setting to automatic have a report in every scan but I cannot find the report made by the scan the folder of my avg anti-spyware is "grisoft" on the program file folder. Hope you can help me to remove the darksma downloader thanks.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi jessa_jr and welcome to techspot. =)

    The AVG reports are located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Report. Try search there and see if you can find them.

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    these are my logs

    The avg anti-spyware dont have a report in the report folder, I configure the settings to have a report in every scan.

    There are no rootkit found in the avg rootkit scan

    Hope you can erase this darksma downloader and 2 trojan thanks
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    winehq.org

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\tmp4C.tmp.dll
    O2 - BHO: (no name) - {cb09e7c7-c573-40bc-a951-1f84b47c5841} - C:\WINDOWS\system32\gpkcat.dll
    O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\awtsqp.dll",realset
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\gpkcat.dll
    O20 - AppInit_DLLs: c:\windows\system32\vturomk.dll
    O20 - Winlogon Notify: dplodc - C:\WINDOWS\SYSTEM32\dplodc.dll
    O20 - Winlogon Notify: gpkcat - C:\WINDOWS\SYSTEM32\gpkcat.dll

    Close HJT.

    Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    I can find this file winehq.org in the services running and are you pertaining to this file for the instructions of === Set the startup type to disabled. Click apply/ok for each service you disable because theres many running processes there.

    I've already scan hjt and comfix and fix you want to check and attached is my logs.

    I ran also the yahoo-anti spyware and thanks because i don't found the darksma downloader. Are my logs are clean now?
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Yes, your logs look clean now. =)

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    You may also delete the C:\VundoFix Backups folder and its contents.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    thank you very much for a job well done

    Thank you very much for a job well done, and hope I can contact you again if I have pc security problem
     
  8. momok

    momok TS Rookie Posts: 2,265

    Sure thing, feel free to do so. See my reply in your other thread.

    Regards,
    Your friendly momok =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...