Need help on a Virus / Trojan

  • Thread starter Thread starter SME
  • Start date Start date
S

SME

My laptop is infected with a Virus / Trojan. Can some one identify it and
help me remove it. This is what it has done:

1. It replaced the wallpaper with one advertizing itself. Even if I replace
it, it comes back when I reboot the system.
2. It installed a screen saver, which on activation takes a snapshot of the
desktop and some bugs keep eating it away. I think this repeats every few
minutes, since I will have to move the mouse several times before I get the
current desktop.
3. It cleared all previous system restore points. So I can't restore to a
previous good state.
4. The "Desktop" and "Screen Saver" tabs in the Display Properties window
have been removed. So I can't disable the wallpaper and the screen saver.
5. I do have McAfee provided by Comcast. Once my system is infected, I did a
manual scan and found nothing unusual. But even it was not able to clear
Internet Temp files. It crashes when this is attempted. I found a file in
internet temp directory with a name that looks like some script. But the
McAfee warned me of a program ".tt20.tmp" accessing internet and I didn't
grant permission.
6. When my system was infected, it actually installed a program called
"Malware Protector". It appears there was no choice but install it when it
pops up a window, since even if you say NO, it does what it want to do. It
provided no option to uninstall. So I removed it from "Add / Remove
Programs" of Control Panel. Then only I realized that my wallpaper and
screen saver have been set (originally I didn't have any wallpaper and
screen saver). This Malware Protector was asking to pay up $49 or so to
PROTECT MY COMPUTER. That was on June 8th.
7. Yesterday, on June 9th, it installed another program called "Advanced XP
Defender". So now I have disconnected this machine from rest of my home
network and from internet.

Am I the only one affected by this? How old is this Virus / Trojan (I found
a reference to one that encrypted all files and ask for the ransom)? Any
remedy other than restoring the system from OEM's restore disk? If it is a
old one, why McAfee couldn't protect me from this?

ThanQ...
 
SME said:
My laptop is infected with a Virus / Trojan. Can some one identify it
and help me remove it. This is what it has done:

1. It replaced the wallpaper with one advertizing itself. Even if I
replace it, it comes back when I reboot the system.
2. It installed a screen saver, which on activation takes a snapshot
of the desktop and some bugs keep eating it away. I think this
repeats every few minutes, since I will have to move the mouse
several times before I get the current desktop.
3. It cleared all previous system restore points. So I can't restore
to a previous good state.
4. The "Desktop" and "Screen Saver" tabs in the Display Properties
window have been removed. So I can't disable the wallpaper and the
screen saver. 5. I do have McAfee provided by Comcast. Once my system
is infected,
I did a manual scan and found nothing unusual. But even it was not
able to clear Internet Temp files. It crashes when this is attempted.
I found a file in internet temp directory with a name that looks like
some script. But the McAfee warned me of a program ".tt20.tmp"
accessing internet and I didn't grant permission.
6. When my system was infected, it actually installed a program called
"Malware Protector". It appears there was no choice but install it
when it pops up a window, since even if you say NO, it does what it
want to do. It provided no option to uninstall. So I removed it from
"Add / Remove Programs" of Control Panel. Then only I realized that
my wallpaper and screen saver have been set (originally I didn't have
any wallpaper and screen saver). This Malware Protector was asking to
pay up $49 or so to PROTECT MY COMPUTER. That was on June 8th.
7. Yesterday, on June 9th, it installed another program called
"Advanced XP Defender". So now I have disconnected this machine from
rest of my home network and from internet.

Am I the only one affected by this? How old is this Virus / Trojan (I
found a reference to one that encrypted all files and ask for the
ransom)? Any remedy other than restoring the system from OEM's
restore disk? If it is a old one, why McAfee couldn't protect me from
this?
Click to expand...

http://www.bleepingcomputer.com/malware-dev/remove-malwareprotector2008

http://www.bleepingcomputer.com/malware-dev/advanced-xp-defender

Also, please read:

http://www.elephantboycomputers.com/page2.html#Viruses_Malware
 
From: "SME" <[email protected]>

| My laptop is infected with a Virus / Trojan. Can some one identify it and
| help me remove it. This is what it has done:
|
| 1. It replaced the wallpaper with one advertizing itself. Even if I replace
| it, it comes back when I reboot the system.
| 2. It installed a screen saver, which on activation takes a snapshot of the
| desktop and some bugs keep eating it away. I think this repeats every few
| minutes, since I will have to move the mouse several times before I get the
| current desktop.
| 3. It cleared all previous system restore points. So I can't restore to a
| previous good state.
| 4. The "Desktop" and "Screen Saver" tabs in the Display Properties window
| have been removed. So I can't disable the wallpaper and the screen saver.
| 5. I do have McAfee provided by Comcast. Once my system is infected, I did a
| manual scan and found nothing unusual. But even it was not able to clear
| Internet Temp files. It crashes when this is attempted. I found a file in
| internet temp directory with a name that looks like some script. But the
| McAfee warned me of a program ".tt20.tmp" accessing internet and I didn't
| grant permission.
| 6. When my system was infected, it actually installed a program called
| "Malware Protector". It appears there was no choice but install it when it
| pops up a window, since even if you say NO, it does what it want to do. It
| provided no option to uninstall. So I removed it from "Add / Remove
| Programs" of Control Panel. Then only I realized that my wallpaper and
| screen saver have been set (originally I didn't have any wallpaper and
| screen saver). This Malware Protector was asking to pay up $49 or so to
| PROTECT MY COMPUTER. That was on June 8th.
| 7. Yesterday, on June 9th, it installed another program called "Advanced XP
| Defender". So now I have disconnected this machine from rest of my home
| network and from internet.
|
| Am I the only one affected by this? How old is this Virus / Trojan (I found
| a reference to one that encrypted all files and ask for the ransom)? Any
| remedy other than restoring the system from OEM's restore disk? If it is a
| old one, why McAfee couldn't protect me from this?
|
| ThanQ...
|



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 
Back
Top