Trojan-spy.win32@mx Virus

[budisuharto]

Hey guys
I would appreciate if you could help me out here. There have been pop ups and yellow triangular button at the taskbar. Apparently, my computer is infested with trojan-spy.win32@mx Virus. I hope you guys can help me out here. Here is my hijackthis log. Thank you!!!

 

[kimsland]

File conime.exe is a part of BFGhost backdoor. It can steal your personal documents, account information and allow unauthorized remote access.

Yuk that one on your system I don't like.

Please follow the following proceedure:

Viruses/Spyware/Malware, preliminary removal instructions

 

[budisuharto]

wow
will do that right now
thanks

 

[budisuharto]

help pls!!

 

[kimsland]

Yes ?

 

[budisuharto]

Yes ?

hi respected guru
my computer is infested with trojan-spy.win32@mx Virus. I hope you can help me out here. Here is my hijackthis log. Thanks in advance!

 

[kimsland]

Actually Guru Yes, Spyware removal expert No
I have looked through your one log (?) though

Zlob Trojan detected

Please remove the following:
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Helper\1203055357.dll
C:\Program Files\NetProject\sbmdl.dll

Remove in Registry:
HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

Recommend removal:
BitLord - The Ultimate Torrent Downloader
----------

If you REALLY want to be sure, you SHOULD do all the requirements of:
Viruses/Spyware/Malware, preliminary removal instructions
Of which have NOT been completed

 

[budisuharto]

Actually Guru Yes, Spyware removal expert No
I have looked through your one log (?) though

Zlob Trojan detected

Please remove the following:
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Helper\1203055357.dll
C:\Program Files\NetProject\sbmdl.dll

Remove in Registry:
HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

Recommend removal:
BitLord - The Ultimate Torrent Downloader
----------

If you REALLY want to be sure, you SHOULD do all the requirements of:
Viruses/Spyware/Malware, preliminary removal instructions
Of which have NOT been completed

thanks so much
and one question
how do i remove them? juz delete them manually?

 

[kimsland]

Hmm one question Big Answer!

Yes - you may need to show Hidden and System files too
Just search for the file(s) requiring removal

Too show Hidden and System files

• Go to control Panel
• Open Folder Options
• Click on View tab
• Click on Show Hidden Files and Folders
• Untick - Hide protected Operating System Files
• Click Apply
• Click OK

To run Registry Editor

• Start--> Run--> Regedit OK
• Right click on the key to back it up first (just in case you want to go back)

To Remove (unwanted) Programs

• Start--> Control Panel
• Open Add/Remove Programs
• Wait for the list to populate
• Scroll through the list, finding unwanted program
• Click on it, then Click on Uninstall
• Repeat the steps removing other unwanted Programs
• You may need to restart once complete

As a good measure you may want to turn off System Restore temporarily

How to turn off/on System Restore

• Start--> Control Panel
• Open System
• Select System Restore tab
• Tick to turn off System Restore
• Tick Apply (And Yes if prompted)
• Wait until all Restore points are gone
• UnTick turn off System Restore (actually do these steps, when all is clean again)
• Click Apply
• You have now cleaned out System Restore

Don't forget to Turn off Hidden and System files again (most forget this part)
------------------

 

[budisuharto]

Hmm one question Big Answer!

Yes - you may need to show Hidden and System files too
Just search for the file(s) requiring removal

Too show Hidden and System files

• Go to control Panel
• Open Folder Options
• Click on View tab
• Click on Show Hidden Files and Folders
• Untick - Hide protected Operating System Files
• Click Apply
• Click OK

To run Registry Editor

• Start--> Run--> Regedit OK
• Right click on the key to back it up first (just in case you want to go back)

To Remove (unwanted) Programs

• Start--> Control Panel
• Open Add/Remove Programs
• Wait for the list to populate
• Scroll through the list, finding unwanted program
• Click on it, then Click on Uninstall
• Repeat the steps removing other unwanted Programs
• You may need to restart once complete

As a good measure you may want to turn off System Restore temporarily

How to turn off/on System Restore

• Start--> Control Panel
• Open System
• Select System Restore tab
• Tick to turn off System Restore
• Tick Apply (And Yes if prompted)
• Wait until all Restore points are gone
• UnTick turn off System Restore (actually do these steps, when all is clean again)
• Click Apply
• You have now cleaned out System Restore

Don't forget to Turn off Hidden and System files again (most forget this part)
------------------

thank you guru, thank you thank you thank you!!

 

[centaurette]

From personal experience, it doesn't work that easy. When you try to use Add/Remove Programs, it makes you reboot before you can delete each program and it doesn't stop the icons in the taskbar or popups. And you can't get one of them to uninstall at all with Add/Remove. I have found that the scit.exe in almost always inserted into C:\ProgramFiles in a folder called NetProject. The easiest way (after trial and error) to get rid of it is to turn off System Restore (using kimsland instructions), restart your computer and go into Safe Mode, then go to C:\ProgramFiles and delete the whole folder NetProject. THEN use CCleaner to get rid of the junk in the registry.

 

[gringoloco87]

The Auto-Protect for my Symantec Anti-Virus keeps finding two backdoor trojans on my computer. One is fdfdfdf.exe and the other is redem[1].jpg. A message continually pops up telling me that the action taken was "cleaned by deletion" but it keeps coming up over and over again. When I go to the location where it's supposed to be, it's not there.

For example, one location is C:\Documents and Settings\ryan.musser\Local Settings\Temporary Internet Files\Content.IE5\AR6MVYYT\redem[1].jpg. But when I got to Content.IE5, there isn't any folder called AR6MVYYT, so I can't manually delete the file. I have it set so that I can see hidden files and folders too. I don't understand why I can't see the folder or find the location. If I search my computer for a file named "redem[1]" nothing comes up.

Also, when I run a full scan, Symantec doesn't find it at all. It's only the auto-protect that finds it.

I have attached my hijackthis log. Please help!

I have also run numerous other scans, including:

Spybot
Advanced SystemCare
Ad-Aware
CCleaner

 

[silverbullet411]

I have the same problems on my computer. I just joined. I was wondering how or where if not here, where I need to attach my file logs so i can get rid of these trojans? Thanks

 

[kimsland]

No not here

You need to create a New Thread just for you in the Virus & Malware removal forum.

And then Attach the logs after going through: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions