a downloader troj

  • Thread starter Thread starter RB
  • Start date Start date
R

RB

Ran AVG last nite and it says I have some kind of virus it doesn't handle.

Ran current Spybot and AdAware, and neither of those found anything.

Ran Bitdefender and it says I have a Downloader.HF trojan.

Did a Google search on Downloader.HF and went and read all the references.

Still not quite sure how to get rid of the pest.

Would appreciate any advice/help on it.
 
RB said:
Ran AVG last nite and it says I have some kind of virus it doesn't handle.

Ran current Spybot and AdAware, and neither of those found anything.

Ran Bitdefender and it says I have a Downloader.HF trojan.

Did a Google search on Downloader.HF and went and read all the references.

Still not quite sure how to get rid of the pest.

Would appreciate any advice/help on it.
Click to expand...

http://vil.nai.com/vil/content/v_101018.htm
Stinger might assist http://vil.nai.com/vil/stinger/
Or http://us.mcafee.com/root/mfs/default.asp?cid=9059
 
RB said:
Ran AVG last nite and it says I have some kind of virus it doesn't handle.

Ran current Spybot and AdAware, and neither of those found anything.

Ran Bitdefender and it says I have a Downloader.HF trojan.

Did a Google search on Downloader.HF and went and read all the references.

Still not quite sure how to get rid of the pest.

Would appreciate any advice/help on it.
Click to expand...

Spybot and ad-aware up to date?
HijackThis http://download.com.com/3000-2144-10227352.html
 
That Stinger is a nice little program. I downloaded and ran it, but it
didn't come up with anything.

I used the other nai ref, but can't find anything in my computer under this
registry line:

HKEY_LOCAL_MACHINE\SOFTWARE\usrprcbda

So, I'm not sure what I really have.
 
Spybot and ad-aware up to date?
HijackThis http://download.com.com/3000-2144-10227352.html
Click to expand...



Similar story here on my brother's computer.

I did a full clean-up for him yesterday with updated Nortons,Spybot,
Window Washer etc. Norton showed nothing amiss till log-on this
morning.

Then it popped up a message of: Infection found in :c:\\Documents and
Settings\xx\Webinstall.exe
Virus name: Download trojan. Cannot repair
Access to file was denied.

Went to Norton website where an ad for some other virus remover popped
up several windows obscuring the Norton site. Stupidly I downloaded
Flash player 6 when asked and it started playing a full page animation
of a fly which eventually got eaten by some lizard or something. I
could only close it by restarting the the comp from Task Manager

As advised here, and from my own( uninfected) comp The Hijack This
site initiated a download of the prog wihtout asking me what
directory to save to and in fact didn't download. I tried to go to
other download sites from Google (ie spywareinfo.com - Merijin Org)
and the pages couldn't display. I wonder if their own pages got
hijacked or some such? Heh..

I then went to Simply Super site for their latest Trojan Remover prog
and hope it can remove the stuff. Perhaps it will help the original
(RB) poster as well, it has a 30 day trial for free.
http://www.simplysup.com/tremover/index.html

Sorry for the mini-novel explanation here, I'm not all that savvy and
wonder if Norton's "access to file was denied" message will also deny
any removal efforts. Is the Webinstall.exe a component of the
operating sys or Internet Explorer? And if it can't be repaired
should I replace it from somewhere? Also being networked to my bro's
computer does it put mine at any risk?

Thanks for reading :)
Marsha
 
Ran AVG last nite and it says I have some kind of virus it doesn't handle.

Ran current Spybot and AdAware, and neither of those found anything.

Ran Bitdefender and it says I have a Downloader.HF trojan.

Did a Google search on Downloader.HF and went and read all the references.

Still not quite sure how to get rid of the pest.

Would appreciate any advice/help on it.
Click to expand...

Your version of Windows would be nice information to have...

If the file is in C:\_RESTORE (in Windows ME) or C:\System Volume
Information (in XP), disable Restore, restart the computer. Scan,
restart again, scan again and if clean re-enable Restore and restart
again.

Otherwise, the registry key you're looking for is
HKEY_LOCAL_MACHINE\SOFTWARE\filename - with "filename" being the name
of the file identified by AVG and Bitdefender, NOT the example given
in McAfee's description. If the file is *only* being found in
Restore, it's unlikely you'll find the registry key. If you haven't
already, be sure to back up the registry before making the alteration.

If you found the reg key and deleted it, and the file is somewhere
else besides Restore, restart in Safe Mode and scan again and you
should be able to remove it. However if the rest of the adware
remains it may be reinstalled on the next restart. You may find this
adware listed in Add/Remove Programs. Anti-virus and anti-trojan
programs are only likely to identify the part of the adware considered
to be malicious - ie, that which downloads and runs executable files.
They are not going to identify the part that makes the ad pop up.
This usually means you'll still have the adware but it won't be
updated. If Ad-Aware and Spybot have been updated and still aren't
finding it, then it's time to go to HiJackThis.

If you don't know how to disable Restore or restart in Safe Mode,
you'll find that information in the computer's Windows Help files.
Just do a search on "restore" and "safe mode".

Carol
 
As advised here, and from my own( uninfected) comp The Hijack This
site initiated a download of the prog wihtout asking me what
directory to save to and in fact didn't download. I tried to go to
other download sites from Google (ie spywareinfo.com - Merijin Org)
and the pages couldn't display. I wonder if their own pages got
hijacked or some such? Heh..
Click to expand...

Everything Merijn is associated with is under Denial of Service
attack, apparently from the makers of the coolwebsearch spyware, so
getting the files can get ... interesting. Keep trying
www.merijn.org/download and www.spywareinfo.com/~merijn/

Carol
 
Reboot in safe mode then they are not active, then do your scan or just go
to the file and delete it!! trojans can be just deleted. the scan will fix
the reg etc.

dont believe everything i say check first with the masters, but in safe mode
is always good.

Stephen
 
On that special day, , ([email protected]) said...
Everything Merijn is associated with is under Denial of Service
attack, apparently from the makers of the coolwebsearch spyware, so
getting the files can get ... interesting. Keep trying
www.merijn.org/download and www.spywareinfo.com/~merijn/
Click to expand...

FYI: The CWShredder can still be obtained, although from a different
place.

There is another link that hopefully cannot be DoSed down that easily,
and is valid, too. Some nice guy posted it recently in alt.comp.freeware

http://www.majorgeeks.com/download4086.html

Good luck.


Gabriele Neukam

(e-mail address removed)
 
Reboot in safe mode then they are not active, then do your scan or just go
to the file and delete it!! trojans can be just deleted. the scan will fix
the reg etc.
Click to expand...

This is true the large majority of the time. However in a few notable
cases, deleting the file without removing the registry entry pointing
to it before trying to enter standard mode Windows can result in near
disaster. There is not enough information available in either of
these cases for "just delete it" to be safe advice, IMO.

Carol
 
On that special day, , ([email protected]) said...


FYI: The CWShredder can still be obtained, although from a different
place.

There is another link that hopefully cannot be DoSed down that easily,
and is valid, too. Some nice guy posted it recently in alt.comp.freeware

http://www.majorgeeks.com/download4086.html

Good luck.


Gabriele Neukam

(e-mail address removed)
Click to expand...


Thank you all for the help. I'm a bit over my head with this so I
really appreciate some hand-holding.

To quote my first post: "Norton showed nothing amiss till log-on this
morning.
Then it popped up a message of: Infection found in :c:\\Documents and
Settings\xx\Webinstall.exe
Virus name: Download trojan. Cannot repair
Access to file was denied. "

Does the access denied bit mean that Norton couldn't access it for
the repair or that it is denying access to that webinstall.exe from
any other source?

Sorry if this all sounds a bit ignorant, but I've got to learn
sometime and there's so much info I've been reading up on, it's
becoming more confusing than anything :)

Having used Spybot, and AdAware (and Window washer at some stage. one
of them apparently knocked out Norton (which is asking for a
re-install) and net working is knocked out between our machines (so
will have to re-establish that too.) Don't know how all that happened
or what did it but it just shows that a 'little' knowledge can be a
dangerous thing. Heh.

Right now when I reboot the comp Ad-aware seems to find things all
over again and at removal it says it 'can't remove ...\windows
system32\msg118.dll'

I ran that trojan remover prog from simplysup.com and it finds
nothing.

Back to try and puzzle this out...any further and elemetary
instructions form you knowledgable is most welcome.

Thanks
Masha
 
Back
Top