TechSpot

Xoftspy pikes up trojans

By Bsmither
Apr 15, 2007
  1. Hi
    i have a problem with two trojan the xoftspy picks up they are

    Murlo trojan
    virus.Win32.Delf.ak

    how do i remove them they keep coming back after reboot. all the computer on my network have been infected by the murlo trojan

    if you want the hijack this report ask
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
    The logs will enable us to understand more about the problems on your system.


    Regards,
    Your friendly Momok =)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    For your trojan virus.Win32.Delf.ak, please do the following.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type regedit into the runbox and press the enter key.

    Navigate to HKEY_LOCAL_MACHINE/SYSTEM/SVKP and delete it.

    Close regedit, reboot your system and rehide your protected OS files.

    Then, follow all the instructions as given by momok and post the requested logfiles.

    Regards Howard :wave: :wave:

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. Bsmither

    Bsmither TS Rookie Topic Starter

    Here are the log you wanted before the hkey is removed.

    And do u know how to remove the other trojan Murlo????

    Avg anti-spyware found only tracking cookies and a dialer.BT.f removed and qurantiend.

    The combfix repot will come in a bit

    Cheers lads

    Win32.delf is gone.. ill post the new reports now ok

    combofix report is the same
    and the avgcomes up with only cookies kk

    can u help on theis to please
    XoftSPY FINDS Murlo trojan here

    system\currentcontroleset\ip6fw\enum\0
    system\currentcontroleset\ip6fw\enum\count
    system\currentcontroleset\ip6fw\enum\nextinstance

    Help please it on all my PCs Arrrrr same place
     

    Attached Files:

  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    It appears you`re not running any firewall software. Install one of the free firewall programms below.

    Zonealarm or Kerio.

    Download the free Superantispyware programme. Install the programme and run the Updates.

    Run SUPERAntiSpyware and click on Preferences, click on the tab: Scanning Control, click to check-mark everything under: Scanner Options. Click "Close". Now, click on Scan your Computer.... Check-mark hard drive(s). Enable Perform Complete Scan. Click "Next." It may take a while to scan your entire computer.

    Post the Superantispyware log

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Bsmither

    Bsmither TS Rookie Topic Starter

    Here u go

    Here's the report you wanted sorry it took so long it came up clean......

    This trojan being stuben how do i get rid of it it on all my computer i have 3 arrr....

    i now it wont be as simple as doing the same as last and just remove ip6fw registry. i know it danagrous and i wont do it unless i have to arrr.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

    Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path". Do not fix anything yet.

    Download and run the Blacklight programme. Follow all the instructions carefully.

    Let me know the results of both scans.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Bsmither

    Bsmither TS Rookie Topic Starter

    No luck

    Both AVG anti rootkit and backlight programme found no traces of hidden files ...

    Question: could it be possible that one of my other computers has the original infections on it?

    This may be why nothing is begin picked up?? on this computer??
     
  9. momok

    momok TS Rookie Posts: 2,265

    Hi,

    If you are having problems with the murlo trojan, may I suggest this site.

    Let us know the results.


    Regards,
    Your friendly Momok =)
     
  10. Bsmither

    Bsmither TS Rookie Topic Starter

    No luck

    Spyware doctor cam up with only cookies low risk it didnot detect the murlo trojan only xoftspy..

    thanks any way.. please keep trying
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Bsmither

    Bsmither TS Rookie Topic Starter

    autoruns log

    Here is the log u wanted
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything nasty in your Autoruns log.

    The ip6fw file is the Windows firewall driver. Windows firewall isn`t very good or secure. I suggest you download and install one of the free firewall programmes below.

    Zonealarm or Kerio free firewall programmes.

    Once you`ve done that, see if you still have the same problem.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Bsmither

    Bsmither TS Rookie Topic Starter

    No dice

    Unfortantly xoftspy still picking up that dame alfull trojan every time i remove it.. after i reboot it returns as it in the registry...

    is there some way i could remove the ip6fw registry and put it back on when it clean...

    can u please suggest somting i can do im at my wits end what a pain... i been reading and some other people are having the same problem but they have had no luck.. Do you know What this Murlo Trojan is...
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the attached zip file and save it to your desktop. Unzip it and place the resulting file in C:|windows\system32\drivers You will recieve a message that says the file already exists, do you want to replace the file. Click yes.

    See if that helps.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     

    Attached Files:

  16. Bsmither

    Bsmither TS Rookie Topic Starter

    No luck it still picks up the trojan..

    please if you have any more ideas please post them
     
  17. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Could you post a fresh combofix and HijackThis log?
    Thanks.

    Regards,
    Momok =)
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please run the Kaspersky online scanner and post the logfile.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. Bsmither

    Bsmither TS Rookie Topic Starter

    Sorry my laptop died on me so i had to use my gaming PC NO!!!

    Sorry guys i havent got back to u as my laptop decided to die at a inopropriate time..

    as u regested i put on a diffrent firewall... zonearlam and the whole laptop went haywire...

    I imidetly removed it and now it keeps saying i have no firewall but it says windows firewall is on?????

    Also when i plug in my wirless intenent connecter to reply to u I get the windows blue screen of death and restarts it self and says windows has recoverd from a serous error......

    So to the other reply i will do the scan on this computer has the same murlo trojan and hopfuly we can sort this out if you need logs for this one please ask and ill post them ok.....
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Do a system restore to before you installed Zonealarm and see if that helps. Then run the online scan and do a complete system scan. Post the Kaspersky logfile.

    Regards Howard :)

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. Bsmither

    Bsmither TS Rookie Topic Starter

    Here the kaspersky log not done on my laptop though....

    i have already done a system restore and its not helped...

    thank you for the suggestion though

    i still may try it again if i cant figure out a solution..

    i have start systematically removing anything i have installed to see if somthing has become corrupt.. it only sems to blue screen crash when i insert the usb internet pen i may have inervetantly shut down a task that it need to run it ill have a look..

    heres the post...
     
  22. iregretjumping

    iregretjumping TS Rookie

    I just got finished with a laptop with the same problem. In my research, it seems there are some odd consistencies. It seems that only people using XoftSpy are having this problem, and no one seems to be displaying the side effects of Murlo. None of my other spyware programs are detecting Murlo (which is over 2 years old) and there is an overwhelming outcry about XoftSpy picking up false positives. Murlo is supposed to change a few registry keys and create a temporary file, which in my case, has not happened. I find it hard to believe that a spyware program that is notorious for false positives would find a notorious trojan that no other spyware program is able to see. And this "Severe Risk" program is not showing the signs of an infection? I call it a false positive and I place the full blame on XoftSpy. My diagnosis, False Positive. But don't take my word for it, do the research and see how many people are posting that xoftspy is detecting murlo recently.
     
  23. Bsmither

    Bsmither TS Rookie Topic Starter

    Cheers

    Thank u for ur help

    i agree that as no other spyware programme has found it only xoftspy it may not be real.. i have been doin some research and a lot of people have had the same porblem.. however all spyware programmes pick up things other dont so that does not nesseraly mean that it not a problem..

    im just rely anoyed that it just keeps picking it up... Any way keep helping and if you find anthing else out please reply. i need to get rid of this it so anoying

    bye for now
    :wave:
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s nothing nasty in your Kaspersky log.

    I must say, I agree with iregretjumping. It`s looking more and more like a false positive. I can find no evidence in any of the scans and logfiles of the murlo infection. I suggest you contact the makers of Xoftspy and see what they say.

    I`d appreciate it, if you`d get back to us with the results.

    Regards Howard :)

    Update: It has now been confirmed that it is indeed a false positive. Taken from this post HERE.
    Thanks to duracell for the information.

    This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. Bsmither

    Bsmither TS Rookie Topic Starter

    Thanks

    Thank u all for your help

    And now that i know that it not a trojan i feel relived ill will continue to post any problems that i find ok

    Cheers:wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...