|
|
| Discuss PC Infected with Virus! at the General Chit Chat within the Traderji.com - Discussion forum for Stocks Commodities & Forex; A infection called Trojan horse Downloader.Zlob.CP is raving my pc. Antivirus say it cannot be ... |
|
|||||||
| Notices |
| General Chit Chat Discuss anything and everyting not related to trading or investing here. |
 |
|
|
Thread Tools |
| Sponsored Links |
|
#1
30th October 2006, 09:01 AM
|
|||
|
|||
PC Infected with Virus!
A infection called Trojan horse Downloader.Zlob.CP is raving my pc. Antivirus say it cannot be healed or deleted since its inside a archive with a name E:\System Volume Information\_restore{D714CDB1-95D7-4C71-99A8-4E992AFF902E}\RP33\A0004082.exe:\run.exe
Is there any way to get rid of it other than formatting hard disc? pls help. thanks Saurabh 
|
|
#2
30th October 2006, 11:34 AM
|
|||
|
|||
|
Re: PC Infected with Virus!
Quote:
My sympathies are with you. You can visit http://www.newbie.org/help/index.php?showtopic=2572 and use instructions available there to remove this trojan. Incase you are still having trouble,please post with details. As a caution never install codec files from unknown sites especially showing x-rated pictures. use regcleaner and zonealarm.(google it) use firefox 2.0(just released) pankaj
|
|
#3
30th October 2006, 01:00 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
Among those zillion instructions in the weblink i could not find any relevant to fix the trojan. Pls be specific. Can the utilities suggested there be trusted?
I visit very few sites like nseindia, traderji, ***** and *****. I dunno if they provide x rated content  I have 'jv_16 power tools', a very powerful registry remover. I had zone alrm sm mnths back when i used to surf a lot. Do i need to install it again?( i already hv too many s/w, games etc. installed) I am already using firefox 2.0. I hv xp sp2(pro) and 2000. Can it cause bad sectors in my hard disk or any other h/w damage? Thanks for the prompt reply. Saurabh.
|
|
#4
30th October 2006, 02:18 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
Hello,
Try Ewido. Now it is known as AVG Antispyware. Another method is go to any of antivirus websites like Mcafee, AVG, etc and download a standalone cleaner for the trojan. If not try microsoft issues a virus cleaner every month or lavasofts adware.
|
|
#5
30th October 2006, 04:50 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
Quote:
Also try to remember when this happened first and which site you had visited or what software you had downloaded.Delete all such softwares and also remove entries from registry.Also run ewido or AVG as suggested by saji and also in the link. zone alarm is only preventive. This trojan has low threat rating but high annoyance value. It will infect many files. Yes it can affect mbr, partition table after sometime because of its activities. Ultimate solution is to reformat the disc twice and then reinstall.
|
|
#7
30th October 2006, 08:25 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
I run avg scan daily in the morning. As far as i can rmbr, yesterday i visited 2-3 blogs@blogspot. I run avgas once in a week. 2day morning it gave the following result:
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:22:12 AM 10/30/2006 + Scan result: :mozilla.16:d:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\55fal6fd.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.20:d:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\55fal6fd.default\coo kies.txt -> TrackingCookie.Com : Cleaned. ::Report end jv16 had shown 4 registry entries with high threat. I removed all of them. hijackthis gives the following log: Logfile of HijackThis v1.99.1 Scan saved at 7:59:05 PM, on 10/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\tp4mon.exe D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Sify Broadband\BBImpSec.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe D:\WINDOWS\system32\NOTEPAD.EXE E:\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [SifyBB] D:\Program Files\Sify Broadband\BBImpSec.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3BC55E40-2955-4768-9694-75658218902D}: NameServer = 202.144.50.4,202.144.13.50 O17 - HKLM\System\CS1\Services\Tcpip\..\{3BC55E40-2955-4768-9694-75658218902D}: NameServer = 202.144.50.4,202.144.13.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{3BC55E40-2955-4768-9694-75658218902D}: NameServer = 202.144.50.4,202.144.13.50 O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) avg and mc cafee scan now shows no virus found. I havent tried anything else. Wether the infection is removed or not u have provided very useful information. Guess it will help many since such threats from the internet are not uncommon. regards
|
|
#8
30th October 2006, 09:41 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
Next time you can run hijackthis without doing anything so that it will report all processes running during infected state.. From the above log file I think it is clear.
However there are couple of things you should do. Run msconfig and see what are the processes started during boot up. You can use startup inspector also. Disable/delete unknown processes. Clear all your restore points in sys volume manually and then reboot and enable it again. You will not be able to go back to a previous state but then they might still contain trojan. From now on use zone alarm and block all ports except 80, 8080, 21 and examine any request for opening ports to see if it is genuine.Port for msn, ymssn, Mysql(if you are running) can be enabled later. Close all ICMP ports. Disable WINS,microsoft network file and printer service(you may not be needing that). Run portscan(use some online utility) to check for open ports. Hope these additional precautions help in addition to avoiding anything that has X attached to it.  These
|
|
#9
30th October 2006, 10:00 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
download free virus cleaner(for home and non commercial use) http://avast.com/ and try that.
thanks Srinivas
|
|
#10
30th October 2006, 10:03 PM
|
|||
|
|||
|
Re: PC Infected with Virus!
Quote:
It will take me some time to learn all those things Sir. An' for the x or y or z things I think its better to trust frnds rather than weblinks Happy Trading.
|
| Sponsored Links |
|
|
|
| Bookmarks |
| Thread Tools | |
|
|
Similar Threads for: PC Infected with Virus!
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Security - Virus/Trojan | cemcompusoft | Software | 5 | 11th October 2006 08:35 AM |
| Is your PC infected with Spyware | arun | General Chit Chat | 4 | 4th August 2005 10:49 PM |
Indemnity, Disclaimer & Disclosure
Notice:
• By visiting Traderji.com you indicate your acceptance of our Forum
Rules Disclaimer & Disclosure and indemnify Traderji.com, its
associates and related parties of all claims howsoever resulting from
the usage of the forum.
• Disclaimer: Trading or investing in stocks & commodities
is a high risk activity. Any action you choose to take in the markets
is totally your own responsibility. Traderji.com will not be liable for
any, direct or indirect, consequential or incidental damages or loss arising out of the use of this information.
• Disclosure: The information in this forum is neither an offer to sell nor solicitation to buy any of the securities mentioned herein.
The writers may or may not be trading in the securities mentioned.
• All names or products mentioned are trademarks or registered trademarks of their respective owners.
General Content Disclaimer Notice:
In light of our policy of encouraging candid, open exchanges of views and the rapid distribution of information originating from many sources, Traderji.com cannot determine the accuracy of information that may be uploaded to the forum. Opinions, advice and all other information expressed by participants in discussions are those of the author. You rely on such information at your own risk. You are urged to seek professional advice for specific, individual situations and not rely solely on advice or opinions given in the discussions. Since Traderji.com is an open and free discussion forum, any comments made by members of this forum in their posts reflect their own views and not of the owner or administrator of Traderji.com. Thus the owner/administrator indemnify themselves of all claims whatsoever and will not be liable or responsible for any members comments/views in this forum Traderji.com. If you find any objectionable or offensive posts made by members of this forum which you would like to bring to our notice for removal then please Contact Us.
