Downloader.Trojan

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hi,
Freeprod.com downloads something vicious. It usually gets deleted but
it keeps on. When it gets in it creates

/Programme Files/Common Files/Windows/services32.exe
Norton will not delete it.


Are there good answers to this one?
 
(e-mail address removed) AKA Mike on 12/7/2005 in
Hi,
Freeprod.com downloads something vicious. It usually gets
deleted but it keeps on. When it gets in it creates

/Programme Files/Common Files/Windows/services32.exe
Norton will not delete it.


Are there good answers to this one?
Click to expand...
******************Reply Separator*************************

Start here-Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Post back results.
max


NEVER download files from anywhere unless it is from the website of the
developer,manufacturer or some entity you trust. The developers
websites ALWAYS have the most up to date files that haven't been
tampered with by some third party who is "hosting"(read Leeching or
Stealing) those files without permission.
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236
 
Hello,

Our product should detect and remove the services32 - Super Ad Blocker
with SUPERAntiSpyware:
http://www.superadblocker.com

Super Ad Blocker is designed to be quick and easy for end-users with no
complicated setup or configuration.

On a technical side, Super Ad Blocker | SUPERAntiSpyware offers several
unique features such as using a system level driver to delete detected
items, so pests do not come back once detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan
and clean your computer and then remove Super Ad Blocker if you do not
wish to keep it. We do appreciate when users support our development
efforts by purchasing the product :)

If that does not find and/or remove the spyware/adware on your machine,
you can submit a diagnostic and I will diagnose your machine for free
and post the results back to the group and update our rules with
anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

** Please note that I am the author of the above programs and sites and
I do have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase
the software and are free to try the software, clean/fix your system,
and then uninstall.
 
Mike said:
Hi,
Freeprod.com downloads something vicious. It usually gets deleted but
it keeps on. When it gets in it creates

/Programme Files/Common Files/Windows/services32.exe
Norton will not delete it.


Are there good answers to this one?
Click to expand...
=====================
Did it (freepod.com) tell you you had some kind of spyware and give you
an option to download some file?

They have some JS code that seems to scan for trojans and list them for
you at web page launch (based on a very quick look at the code).

JS code at hxxp://www.freepod.com/antispy.js
 
From: "Mike" <[email protected]>

| Hi,
| Freeprod.com downloads something vicious. It usually gets deleted but
| it keeps on. When it gets in it creates
|
| /Programme Files/Common Files/Windows/services32.exe
| Norton will not delete it.
|
| Are there good answers to this one?
|

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
Hi,
Freeprod.com downloads something vicious. It usually gets deleted but
it keeps on. When it gets in it creates

/Programme Files/Common Files/Windows/services32.exe
Norton will not delete it.


Are there good answers to this one?
Click to expand...
Adware and spyware...
http://www.maxifiles.com/policy/toc.html
Im suprised norton did not detect anything in the downloads.Try adaware
or one of the free trial detectors.
me
 
Hi,
Thanks for the guidance. When I ran your little programme the download
didn't happen but now my computer is uploading non stop. What it is sending
I know not; files from my computer, Spam, what ever.

Does this make sense?

Mike
 
From: "Mike" <[email protected]>

| Hi,
| Thanks for the guidance. When I ran your little programme the download
| didn't happen but now my computer is uploading non stop. What it is sending
| I know not; files from my computer, Spam, what ever.
|
| Does this make sense?
|
| Mike

My utility only performs a FTP GET or HTTP GET. Since it is open source interpreted code
this is readily proven.

As I noted...
* NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through *
* your FireWall to allow it to download the needed AV vendor related files. *

If you "uploading non-stop" then You are infected with adware/spyware as well.


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
Hi,
Freeprod.com downloads something vicious. It usually gets deleted but
it keeps on. When it gets in it creates

/Programme Files/Common Files/Windows/services32.exe
Norton will not delete it.


Are there good answers to this one?
Click to expand...

Malware is called not-a-virus:AdWare.Win32.Maxifiles.u by Kaspersky.
It is detected and removed using Davids Multi AV tool using the
kaspersky engine.

Greetings :)
 
Back
Top