42 replies to this topic

[stuart4000]

Picked up a couple of trojan viruses - in the process of running a full scan to check for anything else.

Just a couple of things i'm not sure about - is it common for there to be a "Found registry key with to reference to infected file..."on a scan - when it mentions registry i'm thinking there could be bigger problems ahead, any ideas?

Also, when I try to double click an icon of an .exe on the desktop, for example my antivirus, it asks me which program I want to open it with? Is this a common occurence with a neewly infected machine?

Any help much appreciated.

[Matty.N]

answered your own question really

the trojan would have edited a registry key to make the exes/shortcuts act like that, it is best to do a system restore to before you got the virus as the registry might well & truely be f***ed to someone who isnt sure what to change to make it so windows behaves how it should

[mattyballs]

also..depends how long youve had em too...if theyve been floating around for quite a time..and you only just got at em...then they deffo ripped yer reg apart..and probs other things

system restore will work...if you CAN GET system restore to work..if you know what i mean..most viruses disable that first...

[stuart4000]

I usually do a full scan once a week - never had any issues before, but now the occasional pop-up (every 10 mins or so).

On startup it says that the following files are missing:

C:WINDOWSsystem32msfcb.exe
C:WINDOWSsystem32msggc.exe

When I try to open an .exe icon on my desktop, it asks which program to use to open it with - which doesn't seem good.

Have to admit my computer know-how isn't upto much - with a system restore will I need to make a backup of anything recently important - will it wipe the Hard Disk clean?

I got the computer from PC World (yes, I know, could've got it cheaper custom built etc.), and it created 6 Master Disks when first used - will these be of any use?

Cheers.

[stuart4000]

it is best to do a system restore to before you got the virus as the registry might well & truely be f***ed to someone who isnt sure what to change to make it so windows behaves how it should

How do I go about that?

[mattyballs]

xp or vista..and which type...(and system restore by windows wont wipe yer files)....factory restore will tho(ie through your computers own make panel/program)


start/programs/accesories/systemtools/system restore....thats on xp

[stuart4000]

xp or vista..and which type...(and system restore by windows wont wipe yer files)....factory restore will tho(ie through your computers own make panel/program)


start/programs/accesories/systemtools/system restore....thats on xp

XP Media Centre 2005

Also, when trying to access items through Control Panel i.e. Security Centre, the following is displayed@

C:WINDOWSsystem32rundll32.exe

[stuart4000]

Here's the full list of the scan, for what it's worth:

C:Documents and SettingsStuartLocal SettingsTemptfhs3xrjdr6djkrserz46.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:System Volume Information_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}RP363A0384104.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontslogcde.dll;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontsservices.exe;"Trojan horse Clicker.AAKG";"Moved to Virus Vault"
C:WINDOWSFontswindef.dll;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontswinpaged.ocx;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msfcb.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msggc.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msirkt.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msklj.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32mspemlj.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32net.net;"Trojan horse Clicker.AAJC";"Moved to Virus Vault"
C:WINDOWSsystem32pcmstub.sys;"Trojan horse PSW.OnlineGames_r.AE";"Moved to Virus Vault"
C:WINDOWSsystem32UACdttortonoedyhmnqg.dll;"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
C:WINDOWSsystem32UACgsplpygpdiaxoppta.dll;"Trojan horse Generic13.BQVV";"Moved to Virus Vault"
C:WINDOWSsystem32UACyfkkwidfibnlebnma.dll;"Virus found Win32/Cryptor";"Moved to Virus Vault"

[mattyballs]

Here's the full list of the scan, for what it's worth:

C:Documents and SettingsStuartLocal SettingsTemptfhs3xrjdr6djkrserz46.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:System Volume Information_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}RP363A0384104.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontslogcde.dll;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontsservices.exe;"Trojan horse Clicker.AAKG";"Moved to Virus Vault"
C:WINDOWSFontswindef.dll;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSFontswinpaged.ocx;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msfcb.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msggc.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msirkt.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32msklj.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32mspemlj.exe;"Trojan horse Downloader.VB.CBF";"Moved to Virus Vault"
C:WINDOWSsystem32net.net;"Trojan horse Clicker.AAJC";"Moved to Virus Vault"
C:WINDOWSsystem32pcmstub.sys;"Trojan horse PSW.OnlineGames_r.AE";"Moved to Virus Vault"
C:WINDOWSsystem32UACdttortonoedyhmnqg.dll;"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
C:WINDOWSsystem32UACgsplpygpdiaxoppta.dll;"Trojan horse Generic13.BQVV";"Moved to Virus Vault"
C:WINDOWSsystem32UACyfkkwidfibnlebnma.dll;"Virus found Win32/Cryptor";"Moved to Virus Vault"

yh..you pretty much got the lergy there m8....quite a few bits in quite a few places....what antivirus have you got..and have you got an "independant spyware/malware killer program"(like spybot search and destroy)..also are you CAPABLE of d/loading and executing these softwares...your virus etc

[stuart4000]

yh..you pretty much got the lergy there m8....quite a few bits in quite a few places....what antivirus have you got..and have you got an "independant spyware/malware killer program"(like spybot search and destroy)..also are you CAPABLE of d/loading and executing these softwares...your virus etc

Here's the "I told you so" part - i'm running AVG 8.5 - the free download version...

I'll try d/l Spybot just now and find out, although my concern is that i'm too late.

[mattyballs]

Here's the "I told you so" part - i'm running AVG 8.5 - the free download version...

I'll try d/l Spybot just now and find out, although my concern is that i'm too late.

(i told u so)....nah..it aint that bad..but its weeeeak..lol


see wot spybot picks up......make sure ya update/immunise and all that before ya scan....and IF it lets ya install it...(dont switch tea timer on)...its annoying thats all...let us know what ya find..

[stuart4000]

It won't let me run Spybot - this is a bastard!!

[mattyballs]

It won't let me run Spybot - this is a bastard!!

oops...right....2 questions..did u try system restore..the way i said a few posts up...start/programs/etc etc

and second question..how many hds in yer comp

[stuart4000]

oops...right....2 questions..did u try system restore..the way i said a few posts up...start/programs/etc etc

and second question..how many hds in yer comp

System Restore - I click the icon and it pops up the box asking which program i'd like to run the file with, i'm assuming as it's an .exe file it won't let me run it.

1 Hard Drive in the computer.

[mattyballs]

System Restore - I click the icon and it pops up the box asking which program i'd like to run the file with, i'm assuming as it's an .exe file it won't let me run it.

1 Hard Drive in the computer.

oooooooooo..nooooooooooooooo......


YOU KNOW WHATS COMING NOW:cry:


get a second drive...or a tasty flash pen..(a few gigs..dunno what ya got files/size wise..and save as much as poss..ive got a FULL REGISTRY CLEANER/TOP BRAND you can have for free)

but i doubt it will let u install....in fact have you tried to copy shite over to usb pens or cards yet..that might not even work..you are quite a ways down the line here:oh:

[stuart4000]

Step back a bit to Spybot again please mate - i've managed to get it installed by asking to open the installer exe file by browsing for the same file again in the box that it throws up and selecting that - for whatever reason it's let me install it.

Given that i've never used it before - you mentioned a couple of things to do before scanning - care to spell them out?

[mattyballs]

Step back a bit to Spybot again please mate - i've managed to get it installed by asking to open the installer exe file by browsing for the same file again in the box that it throws up and selecting that - for whatever reason it's let me install it.

Given that i've never used it before - you mentioned a couple of things to do before scanning - care to spell them out?

cool....1.update..so u get the newest definitions
2..immunize...twice..(will protect your browsers in future)

3 turn off tea timer on the options panel....also when u first use it it will run through "steps" on your left....DO NOT BACKUP REGISTRY...or youll back up yer shit registry...see how you get on

[stuart4000]

Ok I've followed that, running the scan now and will post results in due course.

[mattyballs]

Ok I've followed that, running the scan now and will post results in due course.

that,ll get rid of the crap....we,,l see how many eh....(bear in mind youll still have to fix yer registry with a reg fix/cleaner....)

if ya got msn or email will give yer the exes..if ya want

[stuart4000]

I've sent a PM with email address...

Here's just a couple that's came up so far, i'm sure it'll reveal many online addictions...

Zlob.VideoActiveXObject
Zlob.VideoActiveXAccess
Zlob.Downloader.ned
Win32.FraudLoad.edt
Win32.Delf.rtk
Win32.BHO.sx

Do you reckon that once the scan is complete (what's after that - i take it it'll give me the option to fix/delete the files?), the next step is to repair the registry - what's the chances i'll get that done?