Need help with removal of some sort of trojan

[john]

I seen to have acquired some sort of Trojan on my computer. Super Anti
Spyware, Windows Defender, Malwarebytes, and BitDefender Antivirus all
fail to work. I have found something called Poprock and Test-dummy in
the registry. PC Tools Spyware Doctor works but, does not remove or
detect the problem.

Thanks,
John

 

[Rich Barry]

John, I have used SpyDoctor in the past to get the path of the trojan
file. When you expand the entry in SD where does it lead you?

 

[db]

you might simply try to delete them
from the registry.

but before you do, look at the keys
and ascertain their folder locations
and delete those afterwards.

incidentally, you can delete those
entries from the registry and disk.

however, since they are trojans as
you elude to then this implies there
is a software installed that is doing
one thing as it was marketed to be

but in the background it is also unleashing
the trojans.

so find out which program is unleashing
them, or you will never see the end of
the trojan infections.

incidentally, sometimes trojans corrupt
the system files.

so don't be surprised if after you inoculate
your system, you have to initiate a repair
install to replace corrupted system files
with genuine ones.
--
db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen

~~~~~~~~~~~~~~~

 

[1PW]

I seen to have acquired some sort of Trojan on my computer. Super Anti
Spyware, Windows Defender, Malwarebytes, and BitDefender Antivirus all
fail to work. I have found something called Poprock and Test-dummy in
the registry. PC Tools Spyware Doctor works but, does not remove or
detect the problem.

Thanks,
John

Hello John:

If you *DO* already have MBAM installed previously, you may rename the
MBAM executable. For example:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to

C:\Program Files\Malwarebytes' Anti-Malware\johnmbam.exe

Then launch MBAM as usual, *update* the database and scan in the
system's normal mode as opposed to "Safe" mode.

Although the registry entries you found may indeed be toxic, some
don't relish the thought of using regedit.

Please post a follow-up to this thread with your progress.

 

[David H. Lipman]

From: "john" <[email protected]>

| I seen to have acquired some sort of Trojan on my computer. Super Anti
| Spyware, Windows Defender, Malwarebytes, and BitDefender Antivirus all
| fail to work. I have found something called Poprock and Test-dummy in
| the registry. PC Tools Spyware Doctor works but, does not remove or
| detect the problem.

| Thanks,
| John

John:

What do you mean "fail to work" ?

Fail to execute ?
Fail to find and eliminate the trojan ?

 

[john]

John, I have used SpyDoctor in the past to get the path of the trojan
file. When you expand the entry in SD where does it lead you?

Spy Doctor worked ok. It was the other programs that do not respond. I
should also add that Spy Bot does not work either.
The specific message that is given each time the programs attempt to
load is: "Windows cannot access the specified device,path, or file. You
may not have the appropriate permissions to access the item"

John

 

[john]

you might simply try to delete them
from the registry.

but before you do, look at the keys
and ascertain their folder locations
and delete those afterwards.

incidentally, you can delete those
entries from the registry and disk.

however, since they are trojans as
you elude to then this implies there
is a software installed that is doing
one thing as it was marketed to be

but in the background it is also unleashing
the trojans.

so find out which program is unleashing
them, or you will never see the end of
the trojan infections.

incidentally, sometimes trojans corrupt
the system files.

so don't be surprised if after you inoculate
your system, you have to initiate a repair
install to replace corrupted system files
with genuine ones.

I deleted the two entries but, each time the system is re booted they
reappear.

John

 

[john]

From: "john" <[email protected]>

| I seen to have acquired some sort of Trojan on my computer. Super Anti
| Spyware, Windows Defender, Malwarebytes, and BitDefender Antivirus all
| fail to work. I have found something called Poprock and Test-dummy in
| the registry. PC Tools Spyware Doctor works but, does not remove or
| detect the problem.

| Thanks,
| John

John:

What do you mean "fail to work" ?

Fail to execute ?
Fail to find and eliminate the trojan ?

Fail to execute. I posted the error message in one of my replies.

John

 

[The Real Truth MVP]

Use my Remove-it software. Choose yes for all options when prompted.
Download it here http://www.ms-mvp.org/



--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[john]

Use my Remove-it software. Choose yes for all options when prompted.
Download it here http://www.ms-mvp.org/

DO NOT WASTE MY TIME YOU LOOSER

 

[Buffalo]

Spy Doctor worked ok. It was the other programs that do not respond.
I should also add that Spy Bot does not work either.
The specific message that is given each time the programs attempt to
load is: "Windows cannot access the specified device,path, or file.
You may not have the appropriate permissions to access the item"

John

Try renaming SuperAntiSpyware.exe to something else, like gotcha.exe.
Try the same for the Malwarebytes AntiMalware executable.
Buffalo
PS: You may even want to try installing the infected HDD in another computer
as a Slave Drive and clean it there.

 

[David H. Lipman]

From: "john" <[email protected]>


| Fail to execute. I posted the error message in one of my replies.

| John

TDSS RootKit ?

Close all running programs and utilities and download Gmer
http://www.gmer.net/#files

 

[Buffalo]

I deleted the two entries but, each time the system is re booted they
reappear.

John

Follow David Lipman's advice.
That is your best chance for success.
Buffalo

 

[Elmo]

I seen to have acquired some sort of Trojan on my computer. Super Anti
Spyware, Windows Defender, Malwarebytes, and BitDefender Antivirus all
fail to work. I have found something called Poprock and Test-dummy in
the registry. PC Tools Spyware Doctor works but, does not remove or
detect the problem.

Thanks,
John

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is
available.. it prompts you to insert a CD and burns the file, no problem.

Then run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Leythos]

From: "The Real Truth MVP" <[email protected]>
Newsgroups: microsoft.public.windowsxp.help_and_support
Subject: Re: Need help with removal of some sort of trojan
Date: Wed, 30 Sep 2009 16:52:40 -0700
Organization: A noiseless patient Spider
Lines: 52
Message-ID: <[email protected]>

Well, it appears that PCBUTTS has confirmed that he's stalking me again.

Notice how he's registered an account using my name - showing his
sickness and how unethical he is.

 

[Leythos]

They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

How come you posted from another server instead of your giganews
account?

You have to resort to stalking me from multiple Usenet providers now?

 

[Patrick Keenan]

Spy Doctor worked ok. It was the other programs that do not respond. I
should also add that Spy Bot does not work either.
The specific message that is given each time the programs attempt to load
is: "Windows cannot access the specified device,path, or file. You may
not have the appropriate permissions to access the item"

John

That can be a clear symptom of a trojan, or a rootkit underneath it,
defending itself. You'd probably find that things like the malwarebytes
installer couldn't run, either. Rename the installer or the executable,
then run it.

ccleaner can help you with this process, but these infections are likely
hiding in the Windows folder structures, rather than the temp folders. A
lot of the help ccleaner affords here is reducing the time required for
scanning.

Also, if your system is infected, restore points will also be infected.
And be sure that you have created another user account, because it's
possible to damage the user profile.

HTH
-pk

 

[M.I.5¾]

Use my Remove-it software. Choose yes for all options when prompted.
Download it here http://www.ms-mvp.org/

DO NOT downlaod anything from this known purveyor of malware. Even the
authentic looking URL is a complete fake.

Google 'pcbutts1' for more info.

 

[db]

the likely would get re entered in the
registry.

you need to figure out which process
that is running is unleashing them

so, the keys should provide some
clue.

if not, run autoruns from microsoft and
or process explorer.

also, people forget about the prefetch
files - they get loaded at boot time.

and third party drivers get loaded at
boot time as well.

--
db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen

~~~~~~~~~~~~~~~

 

[Buffalo]

I deleted the two entries but, each time the system is re booted they
reappear.

John

After deleting the two entries and without rebooting, will MBAM or SAS run?