In Need of Assistance Please - Trojan

Status
Not open for further replies.
S

supernewb

AVG keeps popping up stating malware trojan.obfuscated.bl has infected my dell desktop. However after selecting clean and quarantine it keeps popping up every half hour or so!

Any help would be appreciated! Thank You!
 
Hello and welcome to Techspot.

I have read your pm and would like you to do the following.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of supernewb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here is the latest

report and HJT

I rightclicked and renamed the HJT to analyze1991 and added shortcut to desktop.

thank you for your help with this matter.
 

Attachments

  • Report-Scan-20070128-121559.txt
    722 bytes · Views: 5
  • hijackthis.log
    10.9 KB · Views: 6
I can`t find any info for this file moveheart.exe, therefore, I`d like you to do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\DOCUME~1\ARIKAD~1\APPLIC~1\COPYCD~1\moveheart.exe
* Click Open
* Please let me know the results.

Regards Howard :)

This thread is for the use of supernewb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
thank you for

your patience!

I just got home from work and followed your instructions. here's a copy paste

Scan taken on 30 Jan 2007 00:06:04 (GMT)
AntiVir Found TR/FatObfus.Gen.24
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Generic3.LGV
BitDefender Found Trojan.FatObfus.Gen
ClamAV Found nothing
Dr.Web Found Adware.Kaffid
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Obfuscated.1 (paranoid heuristics) (probable variant)


doesn't look good does it!
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Warez

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Warez.exe
moveheart.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Seektray] C:\DOCUME~1\ARIKAD~1\APPLIC~1\COPYCD~1\moveheart.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\ARIKAD~1\APPLIC~1\COPYCD~1\moveheart.exe
C:\Program Files\Warez<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of supernewb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
an error when i clicked "fix checked" that came back reading:
error #52 in GetLongPath?.exe ?????

anyway, my computer is working faster than i can remember in the last few weeks not to mention time to load auto starting programs.

I thank you very very much. i am glad there are capable people out there willing to help others. You have been a great help to me! Thank You!

not that i've taken up enough of your time, but.......one last question, Is it ok that i have 57 running processes. My computer is running very fast now and it is down from before i had the viruses/malware. is there a way to turn off programs permanently unless i select to open them?

thank you once again,

Arik

swizzor is showing up in Search and Destroy still....does this automatically download while i'm on the web?

thanks
 
Your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on.

Run a full scan with SS&D and see if it still finds swizzor.

Let me know the results.

Regards Howard :)

This thread is for the use of supernewb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
Cal Jeffrey
Researchers find backdoor in thousands of generic Android set-top boxes
Replies
23
Views
702
wizardB
wizardB

Latest posts

Back