downloader.small.27.k

  • Thread starter Thread starter Jim Handy
  • Start date Start date
J

Jim Handy

Hi,

AVG keeps detecting this Trojan every so often. Seems to be in a EXE file
with a random number name (i.e. 5412.exe). I move the offending file to the
vault and then delete it and run AVG which finds nothing. Then the next day
or so AVG catches another instance of this Trojan. Any ideas on how to nip
this thing at the source?

Thanks
 
Jim Handy said:
Hi,

AVG keeps detecting this Trojan every so often. Seems to be in a EXE file
with a random number name (i.e. 5412.exe). I move the offending file to
the vault and then delete it and run AVG which finds nothing. Then the
next day or so AVG catches another instance of this Trojan. Any ideas on
how to nip this thing at the source?

Thanks
Click to expand...
Are you surfing the same websites each day? It could be one of the sites you
are visiting is dropping the trojan onto your PC.
 
No not really. AVG seems to find a new instance of this Trojan shortly
after I go online.
 
Jim Handy said:
No not really. AVG seems to find a new instance of this Trojan shortly
after I go online.
Click to expand...
Then there's something else that AVG isn't spotting that is then downloading
the payload.
You need to download and run:

Hijackthis
Spybot
Ad-aware
CWShredder
 
From: "Jim Handy" <[email protected]>

| Hi,
|
| AVG keeps detecting this Trojan every so often. Seems to be in a EXE file
| with a random number name (i.e. 5412.exe). I move the offending file to the
| vault and then delete it and run AVG which finds nothing. Then the next day
| or so AVG catches another instance of this Trojan. Any ideas on how to nip
| this thing at the source?
|
| Thanks
|


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
No not really. AVG seems to find a new instance of this Trojan shortly after
I go online.
Click to expand...

I believe this is one item that is part of coolweb's masive
trojan/malware advertising package. Does spybot search & destroy or,
Ad-aware indicate you have the coolweb infection? I have cleaned
several computer the last week that had many of these variation.

JR the postman
 
Notice any unusual programs running?

Any programs that can run scripts?

--




Earn £400 - £600 a month 10 - 15 hours a week Hit reply and beg for details
or call
+44 (0)1912471885

www.CheaperThanBT.org.uk/2

: Hi,
:
: AVG keeps detecting this Trojan every so often. Seems to be in a EXE file
: with a random number name (i.e. 5412.exe). I move the offending file to
the
: vault and then delete it and run AVG which finds nothing. Then the next
day
: or so AVG catches another instance of this Trojan. Any ideas on how to
nip
: this thing at the source?
:
: Thanks
:
:
 
Back
Top