[Solved] Trojan c-05 . please help me..

emanmorga · Dec 8, 2010

Sorry Broni.

dont let me to plug-in.
internet explorer just dont run it....and firefox let me to go till the plug-in and
reject me.
@Firefox could not install the file

http://releases.mozilla.org/pub/mozilla.org/addons/161837/bitdefender_quickscan-0.9.9.52-fx-win.xpi

because: Download error
-228@

what to do?

Broni · Dec 8, 2010

Please click HERE to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.

It will install to your desktop.

After that leave what is selected and put a check next to My Computer.

Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.

Then click on Start Scan.

Before it is done it may prompt for action regardless of the setting so choose delete if prompted.

When the scan is done no log will be produced.

Click on the bottom where it says Report to open the report.

Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.

This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.

You can save this on the desktop.

Post the contents of the document in your next reply.

emanmorga · Dec 8, 2010

thanks ... hope to work good this one.

i post again in a while with the contents

emanmorga · Dec 8, 2010

i must disable my antivirus first?
or is not necessary?

emanmorga · Dec 8, 2010

Autoscan: completed 1 hour ago (events: 29, objects: 987105, time: 04:09:14)
08/12/2010 7:54:08 Task started
08/12/2010 8:29:57 Detected: Trojan-Downloader.Java.Agent.au C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\117c8e3-7f6c83ee/Inicio.class
08/12/2010 8:29:58 Deleted: Trojan-Downloader.Java.Agent.au C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\117c8e3-7f6c83ee/Inicio.class
08/12/2010 8:29:59 Detected: Trojan-Downloader.Java.Agent.t C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7b4afdea
08/12/2010 8:30:00 Deleted: Trojan-Downloader.Java.Agent.t C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7b4afdea
08/12/2010 8:33:34 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE
08/12/2010 8:33:34 Untreated: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE Write not supported
08/12/2010 8:33:44 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel\AER\AER.EXE
08/12/2010 8:33:58 Deleted: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel\AER\AER.EXE
08/12/2010 8:44:26 Detected: Trojan.Win32.Inject.evc C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/AUTOCR~1.EXE
08/12/2010 8:44:26 Untreated: Trojan.Win32.Inject.evc C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/AUTOCR~1.EXE Write not supported
08/12/2010 8:44:28 Detected: Trojan.Win32.Agent.fkvr C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-2010-5.1.exe/data0004
08/12/2010 8:44:28 Detected: Trojan.Win32.Agent.tvy C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/SERIAL~1.EXE/UPX
08/12/2010 8:44:28 Untreated: Trojan.Win32.Agent.tvy C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/SERIAL~1.EXE/UPX Write not supported
08/12/2010 8:44:31 Deleted: Trojan.Win32.Agent.fkvr C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-2010-5.1.exe
08/12/2010 8:44:31 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-5.2.exe/data0004
08/12/2010 9:02:46 Detected: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 9:02:46 Untreated: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 9:02:47 Detected: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 9:02:47 Untreated: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 9:34:04 Detected: Packed.Win32.Hrup.a C:\Qoobox\Quarantine\C\Users\JAHMEKA\AppData\Local\ggoahih.exe.vir
08/12/2010 9:34:08 Deleted: Packed.Win32.Hrup.a C:\Qoobox\Quarantine\C\Users\JAHMEKA\AppData\Local\ggoahih.exe.vir
08/12/2010 10:15:11 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Users\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE
08/12/2010 10:15:11 Untreated: Trojan-Dropper.Win32.Agent.crgy C:\Users\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE Write not supported
08/12/2010 10:37:05 Detected: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 10:37:05 Untreated: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 10:37:06 Detected: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 10:37:06 Untreated: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 12:03:22 Task completed

emanmorga · Dec 8, 2010

This is all that came after the san with the Kaspersky Virus Removal Tool.

When you are online again we can proceed ....
i will be here...say me something here please.

Salute and many thanks

Broni · Dec 8, 2010

I assume, that after seeing AVP log you understand better how dangerous illegal/cracked downloads are.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

emanmorga · Dec 9, 2010

1.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: JAHMEKA
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1439566 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: JAHMEKA

User: Public

Total Flash Files Cleaned = 0,00 mb

emanmorga · Dec 9, 2010

2. Done

3. Done

4. Done

5. Dont let me to install

6. Malwarebytes' Anti-Malware 1:50
www.malwarebytes.org

Database Version: 5264

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

09/12/2010 10:41:28
mbam-log-2010-12-09 (10-41-28). txt

Search Type: Quick
Objects scanned: 173266
Time elapsed: 4 minute (s), 19 second (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Infected files: 0

Memory processes infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Infected files:
(No malicious items detected)

7. Done

8. Done

9. Done

10. Done

11. i' ll read all

12. First, i want to thank u very very much!!!! you are the best mate....Many thanks!!!
The pc is running very good....and i know that i see that is nothing infected i feel much better!!!!
I run the Malwarebytes and for what i see was general information>No malicious items detected.....So i think is all ok now!!!!

One thing that ocurred in my pc was that my keyboard changed from my original set... interogation,exclamation, dots...this kind of things chaged position....How i put it correct again?

Many thanks for all!!!!

emanmorga · Dec 9, 2010

Hey Broni...all ok?

Is posible after all this.......to be some of the functions of the windows like the (photo galery of windows)?
i cant open any image......say all time @Photo Gallery can not open this file because it has no access permissions to the location of this file@

Broni · Dec 9, 2010

You're very welcome

say all time @Photo Gallery can not open this file because it has no access permissions to the location of this file@

Please, post EXACT message.

One thing that ocurred in my pc was that my keyboard changed from my original set... interogation,exclamation, dots...this kind of things chaged position....How i put it correct again?

What kind of keyboard layout do you normally use? US, UK, etc.......

emanmorga · Dec 9, 2010

When i try to open some image, tiff or jpg, etc give me the message>
Photo Gallery can not open this file because it has no access permissions to the location of this file

i bought my pc in spain....so was spanish keyboard layout

emanmorga · Dec 9, 2010

When u can...please help me with this problems....
I really need to work good.

The pc is running preety good....but I think that the windows
was litle affected by all the restore of the system...

anyway...when u can post a solution for this problems....i apreciate!

Many thanks

Broni · Dec 9, 2010

Regarding keyboard....

Go Start>Control Panel>Regional and Language Options>Keyboard and Languages tab, click on "Change keyboard" button and make sure is set to Spanish layout.

Regarding Photo Gallery...
Take ownership of a folder, when those images are located: http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/

emanmorga · Dec 10, 2010

Keyboard....

I change in languages tab, the keyboard.
All set....

Thanks

Photo Gallery

Dont let me the same to see and work any image...
i made in each image inside 1file: Take Ownership.... and i try to open it and nothing...

P.S. Any suggestion???

Many Thanks

Broni · Dec 10, 2010

and i try to open it and nothing

Any error message, or simply nothing happens?
See, if Irfanview will work: http://www.irfanview.com/

emanmorga · Dec 11, 2010

Nothing Happens....And just in Photo Gallery of windows...

In infaview i open the image and works....In Corel too...photoshop too...

What i really need is to manage to open a image in Photo Gallery of windows...
after i can manage to transpport any image to autocad too....(with photo gallery of windows not working, comes a immage black in autocad).

emanmorga · Dec 11, 2010

Sorry... After all i see why i couldnt open a image in autocad...i needed to run the program like admnistraator .

1.Anyway, this not exclude the fact that i cannot open images with Photo Gallery of windows.
If you have other suggestion....

2.In PSI says me that the adobe flash player is a threat...but dont give to make a fixdownload of it..... Is serious this???

Broni · Dec 11, 2010

It's not always easy to make Secunia 100% happy, so as far, as you did what you could, you're fine.

i cannot open images with Photo Gallery of windows

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

I'll mark this thread as resolved.

TechSpot

[Solved] Trojan c-05 . please help me..

emanmorga Newcomer, in training

Broni Malware Annihilator

emanmorga Newcomer, in training

emanmorga Newcomer, in training

emanmorga Newcomer, in training

emanmorga Newcomer, in training

Broni Malware Annihilator

emanmorga Newcomer, in training

emanmorga Newcomer, in training

emanmorga Newcomer, in training

Broni Malware Annihilator

emanmorga Newcomer, in training

emanmorga Newcomer, in training

Broni Malware Annihilator

emanmorga Newcomer, in training

Broni Malware Annihilator

emanmorga Newcomer, in training

emanmorga Newcomer, in training

Broni Malware Annihilator