Xoftspy pikes up trojans

Status
Not open for further replies.

Bsmither

Posts: 14   +0
Hi
i have a problem with two trojan the xoftspy picks up they are

Murlo trojan
virus.Win32.Delf.ak

how do i remove them they keep coming back after reboot. all the computer on my network have been infected by the murlo trojan

if you want the hijack this report ask
 
Hi

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
Do follow all the instructions exactly.

Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
The logs will enable us to understand more about the problems on your system.


Regards,
Your friendly Momok =)
 
Hello and welcome to Techspot.

For your trojan virus.Win32.Delf.ak, please do the following.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type regedit into the runbox and press the enter key.

Navigate to HKEY_LOCAL_MACHINE/SYSTEM/SVKP and delete it.

Close regedit, reboot your system and rehide your protected OS files.

Then, follow all the instructions as given by momok and post the requested logfiles.

Regards Howard :wave: :wave:

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here are the log you wanted before the hkey is removed.

And do u know how to remove the other trojan Murlo????

Avg anti-spyware found only tracking cookies and a dialer.BT.f removed and qurantiend.

The combfix repot will come in a bit

Cheers lads

Win32.delf is gone.. ill post the new reports now ok

combofix report is the same
and the avgcomes up with only cookies kk

can u help on theis to please
XoftSPY FINDS Murlo trojan here

system\currentcontroleset\ip6fw\enum\0
system\currentcontroleset\ip6fw\enum\count
system\currentcontroleset\ip6fw\enum\nextinstance

Help please it on all my PCs Arrrrr same place
 

Attachments

  • ComboFix.txt
    6.6 KB · Views: 5
Your HJT log is clean.

It appears you`re not running any firewall software. Install one of the free firewall programms below.

Zonealarm or Kerio.

Download the free Superantispyware programme. Install the programme and run the Updates.

Run SUPERAntiSpyware and click on Preferences, click on the tab: Scanning Control, click to check-mark everything under: Scanner Options. Click "Close". Now, click on Scan your Computer.... Check-mark hard drive(s). Enable Perform Complete Scan. Click "Next." It may take a while to scan your entire computer.

Post the Superantispyware log

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here u go

Here's the report you wanted sorry it took so long it came up clean......

This trojan being stuben how do i get rid of it it on all my computer i have 3 arrr....

i now it wont be as simple as doing the same as last and just remove ip6fw registry. i know it danagrous and i wont do it unless i have to arrr.
 
Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path". Do not fix anything yet.

Download and run the Blacklight programme. Follow all the instructions carefully.

Let me know the results of both scans.

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
No luck

Both AVG anti rootkit and backlight programme found no traces of hidden files ...

Question: could it be possible that one of my other computers has the original infections on it?

This may be why nothing is begin picked up?? on this computer??
 
Hi,

If you are having problems with the murlo trojan, may I suggest this site.

Let us know the results.


Regards,
Your friendly Momok =)
 
No luck

Spyware doctor cam up with only cookies low risk it didnot detect the murlo trojan only xoftspy..

thanks any way.. please keep trying
 
Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Attach the Autoruns log here.

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I can`t see anything nasty in your Autoruns log.

The ip6fw file is the Windows firewall driver. Windows firewall isn`t very good or secure. I suggest you download and install one of the free firewall programmes below.

Zonealarm or Kerio free firewall programmes.

Once you`ve done that, see if you still have the same problem.

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
No dice

Unfortantly xoftspy still picking up that dame alfull trojan every time i remove it.. after i reboot it returns as it in the registry...

is there some way i could remove the ip6fw registry and put it back on when it clean...

can u please suggest somting i can do im at my wits end what a pain... i been reading and some other people are having the same problem but they have had no luck.. Do you know What this Murlo Trojan is...
 
Download the attached zip file and save it to your desktop. Unzip it and place the resulting file in C:|windows\system32\drivers You will recieve a message that says the file already exists, do you want to replace the file. Click yes.

See if that helps.

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 

Attachments

  • ip6fw.zip
    16.9 KB · Views: 8
Sorry my laptop died on me so i had to use my gaming PC NO!!!

Sorry guys i havent got back to u as my laptop decided to die at a inopropriate time..

as u regested i put on a diffrent firewall... zonearlam and the whole laptop went haywire...

I imidetly removed it and now it keeps saying i have no firewall but it says windows firewall is on?????

Also when i plug in my wirless intenent connecter to reply to u I get the windows blue screen of death and restarts it self and says windows has recoverd from a serous error......

So to the other reply i will do the scan on this computer has the same murlo trojan and hopfuly we can sort this out if you need logs for this one please ask and ill post them ok.....
 
Do a system restore to before you installed Zonealarm and see if that helps. Then run the online scan and do a complete system scan. Post the Kaspersky logfile.

Regards Howard :)

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here the kaspersky log not done on my laptop though....

i have already done a system restore and its not helped...

thank you for the suggestion though

i still may try it again if i cant figure out a solution..

i have start systematically removing anything i have installed to see if somthing has become corrupt.. it only sems to blue screen crash when i insert the usb internet pen i may have inervetantly shut down a task that it need to run it ill have a look..

heres the post...
 
I just got finished with a laptop with the same problem. In my research, it seems there are some odd consistencies. It seems that only people using XoftSpy are having this problem, and no one seems to be displaying the side effects of Murlo. None of my other spyware programs are detecting Murlo (which is over 2 years old) and there is an overwhelming outcry about XoftSpy picking up false positives. Murlo is supposed to change a few registry keys and create a temporary file, which in my case, has not happened. I find it hard to believe that a spyware program that is notorious for false positives would find a notorious trojan that no other spyware program is able to see. And this "Severe Risk" program is not showing the signs of an infection? I call it a false positive and I place the full blame on XoftSpy. My diagnosis, False Positive. But don't take my word for it, do the research and see how many people are posting that xoftspy is detecting murlo recently.
 
Cheers

Thank u for ur help

i agree that as no other spyware programme has found it only xoftspy it may not be real.. i have been doin some research and a lot of people have had the same porblem.. however all spyware programmes pick up things other dont so that does not nesseraly mean that it not a problem..

im just rely anoyed that it just keeps picking it up... Any way keep helping and if you find anthing else out please reply. i need to get rid of this it so anoying

bye for now
:wave:
 
There`s nothing nasty in your Kaspersky log.

I must say, I agree with iregretjumping. It`s looking more and more like a false positive. I can find no evidence in any of the scans and logfiles of the murlo infection. I suggest you contact the makers of Xoftspy and see what they say.

I`d appreciate it, if you`d get back to us with the results.

Regards Howard :)

Update: It has now been confirmed that it is indeed a false positive. Taken from this post HERE.
duracell said:
Hello Lorna,

Thank you for your email and the information you have provided.

We have identified this item as a false positive and this item will be removed from out definitions database in the near future.

In the meantime, please add it to your XoftSpy ignore list to prevent further detection. Should we make the decision to leave it in our database, it is your choice to leave it on your XoftSpy ignore list to prevent further detection or to have it detected.

**Please note that XoftSpy is now discontinued. We recommend copying the product to CD should you wish to continue using as the below link will only be available for a small period of time.

http://support.paretologic.com/xoftspy_setup.exe

However, updates and support for our legacy package will continue until May 1, 2007.

ParetoLogic is pleased to announce the next generation of XoftSpy, XoftSpySE. Built on the platform of our popular legacy product, XoftSpy, XoftSpySE features the effectiveness and ease of use that characterizes ParetoLogic products, while employing the latest advances in technology and innovation.
Powered by our groundbreaking Zheng Research Technology, XoftSpySE provides you with unparalleled anti-spyware protection at the fastest scan and remove speeds available.

XoftSpySE is an advanced anti-spyware program designed to scan the user's complete computer system including running processes, registry entries, files and folders. Fast, powerful and easy to use, XoftSpySE detects and removes adware, spyware, trojans, browser hijackers, spyware pop-ups, malware, and keyloggers. Subscribers receive automatic spyware definition updates, program feature updates and comprehensive customer support.

As our valued XoftSpy customer, we wish to offer a complementary one-year subscription to our new XoftSpySE anti-spyware application. After your first year has expired, you may renew your subscription for the low price of $14.95 USD.

In order to take advantage of this time-limited offer, please respond to this email, ensuring that you include:
First name:
Last name:
Valid email address:
State/Province:
Country of Residence:

We look forward to serving you as a new XoftSpySE subscriber!

We appreciate your business and the opportunity to be of assistance to you. Should you require further assistance or information, please don't hesitate to contact us.

Thanks to duracell for the information.

This thread is for the use of Bsmither only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks

Thank u all for your help

And now that i know that it not a trojan i feel relived ill will continue to post any problems that i find ok

Cheers:wave:
 
Status
Not open for further replies.
Back