TechSpot

Trojan-spy.win32@mx Virus

By budisuharto
Feb 15, 2008
  1. Hey guys
    I would appreciate if you could help me out here. There have been pop ups and yellow triangular button at the taskbar. Apparently, my computer is infested with trojan-spy.win32@mx Virus. I hope you guys can help me out here. Here is my hijackthis log. Thank you!!!
     

    Attached Files:

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yuk that one on your system I don't like.

    Please follow the following proceedure:

    Viruses/Spyware/Malware, preliminary removal instructions
     
  3. budisuharto

    budisuharto TS Rookie Topic Starter

    wow
    will do that right now
    thanks
     
  4. budisuharto

    budisuharto TS Rookie Topic Starter

    help pls!!
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes ?
     
  6. budisuharto

    budisuharto TS Rookie Topic Starter

    hi respected guru
    my computer is infested with trojan-spy.win32@mx Virus. I hope you can help me out here. Here is my hijackthis log. Thanks in advance!
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Actually Guru Yes, Spyware removal expert No
    I have looked through your one log (?) though

    Zlob Trojan detected

    Please remove the following:
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Helper\1203055357.dll
    C:\Program Files\NetProject\sbmdl.dll

    Remove in Registry:
    HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

    Recommend removal:
    BitLord - The Ultimate Torrent Downloader
    ----------

    If you REALLY want to be sure, you SHOULD do all the requirements of:
    Viruses/Spyware/Malware, preliminary removal instructions
    Of which have NOT been completed
     
  8. budisuharto

    budisuharto TS Rookie Topic Starter

    thanks so much
    and one question
    how do i remove them? juz delete them manually?
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hmm one question Big Answer!

    Yes - you may need to show Hidden and System files too
    Just search for the file(s) requiring removal

    Too show Hidden and System files
    • Go to control Panel
    • Open Folder Options
    • Click on View tab
    • Click on Show Hidden Files and Folders
    • Untick - Hide protected Operating System Files
    • Click Apply
    • Click OK
    To run Registry Editor
    • Start--> Run--> Regedit OK
    • Right click on the key to back it up first (just in case you want to go back)

    To Remove (unwanted) Programs
    • Start--> Control Panel
    • Open Add/Remove Programs
    • Wait for the list to populate
    • Scroll through the list, finding unwanted program
    • Click on it, then Click on Uninstall
    • Repeat the steps removing other unwanted Programs
    • You may need to restart once complete

    As a good measure you may want to turn off System Restore temporarily

    How to turn off/on System Restore
    • Start--> Control Panel
    • Open System
    • Select System Restore tab
    • Tick to turn off System Restore
    • Tick Apply (And Yes if prompted)
    • Wait until all Restore points are gone
    • UnTick turn off System Restore (actually do these steps, when all is clean again)
    • Click Apply
    • You have now cleaned out System Restore

    Don't forget to Turn off Hidden and System files again (most forget this part)
    ------------------
     
  10. budisuharto

    budisuharto TS Rookie Topic Starter

    thank you guru, thank you thank you thank you!!
     
  11. centaurette

    centaurette TS Rookie

    From personal experience, it doesn't work that easy. When you try to use Add/Remove Programs, it makes you reboot before you can delete each program and it doesn't stop the icons in the taskbar or popups. And you can't get one of them to uninstall at all with Add/Remove. I have found that the scit.exe in almost always inserted into C:\ProgramFiles in a folder called NetProject. The easiest way (after trial and error) to get rid of it is to turn off System Restore (using kimsland instructions), restart your computer and go into Safe Mode, then go to C:\ProgramFiles and delete the whole folder NetProject. THEN use CCleaner to get rid of the junk in the registry.
     
  12. gringoloco87

    gringoloco87 TS Rookie

    The Auto-Protect for my Symantec Anti-Virus keeps finding two backdoor trojans on my computer. One is fdfdfdf.exe and the other is redem[1].jpg. A message continually pops up telling me that the action taken was "cleaned by deletion" but it keeps coming up over and over again. When I go to the location where it's supposed to be, it's not there.

    For example, one location is C:\Documents and Settings\ryan.musser\Local Settings\Temporary Internet Files\Content.IE5\AR6MVYYT\redem[1].jpg. But when I got to Content.IE5, there isn't any folder called AR6MVYYT, so I can't manually delete the file. I have it set so that I can see hidden files and folders too. I don't understand why I can't see the folder or find the location. If I search my computer for a file named "redem[1]" nothing comes up.

    Also, when I run a full scan, Symantec doesn't find it at all. It's only the auto-protect that finds it.

    I have attached my hijackthis log. Please help!

    I have also run numerous other scans, including:

    Spybot
    Advanced SystemCare
    Ad-Aware
    CCleaner
     
  13. silverbullet411

    silverbullet411 TS Rookie

    I have the same problems on my computer. I just joined. I was wondering how or where if not here, where I need to attach my file logs so i can get rid of these trojans? Thanks
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...