Trojan ---Collected 5.L

  • Thread starter Thread starter Richard Oliver
  • Start date Start date
R

Richard Oliver

Running XP home ed
Any help to get rid of Trojan--Collected 5.L please ------
Have scanned many sites with no success.
Regards,Richard
 
From: "Richard Oliver" <[email protected]>

| Running XP home ed
| Any help to get rid of Trojan--Collected 5.L please ------
| Have scanned many sites with no success.
| Regards,Richard

What software identified this Trojan ?


Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt524.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE in "Procedure 1" at the following URL, SYSCLEAN_FE
automates the download and execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm


2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *
 
Dave,I should have mentioned that it was found in msdirect.sys file.
I checked on my machine which runs on Win 98 and found no such file.
I wonder what msdirect.sys does ????
Kind regards and grateful thanks as always,Richard
 
From: "Richard Oliver" <[email protected]>

|
| Dave,I should have mentioned that it was found in msdirect.sys file.
| I checked on my machine which runs on Win 98 and found no such file.
| I wonder what msdirect.sys does ????
| Kind regards and grateful thanks as always,Richard
|

msdirect.sys is the Trojan !

The file could be a Hidden-System file and thus flocked from traditional finding/viewing.

Run the scans I provided.
 
Thank you again David for the tremendous help.
Carried out your instructions and your Trend scan found
seven different worms,Trojans and something I have never heard
mentioned: "reg _Lowzones.F" and .D.
Wondered what the reg means--something to do with the registry perhaps ?
AdAware also found something like 120 different items of malware.
Anyway with your assistance all is now back to normal.But the question
is with an operating system like Win XP ,for how long ??
Thanks again --Richard
 
Trend scan found
seven different worms,Trojans and something I have never heard
mentioned: "reg _Lowzones.F" and .D.
Wondered what the reg means--something to do with the registry perhaps ?

Thats exactly what the detection is! A detection for lowzones malware
registry entry.
AdAware also found something like 120 different items of malware.

Not at all uncommon.

[snip]
But the question
is with an operating system like Win XP ,for how long ??

Windows can very resilient to online threats as long as you are
proactive in taking the necessary preventative measures.
http://www.ik-cs.com/a-safe-pc.htm
 
From: "Richard Oliver" <[email protected]>

| Thank you again David for the tremendous help.
| Carried out your instructions and your Trend scan found
| seven different worms,Trojans and something I have never heard
| mentioned: "reg _Lowzones.F" and .D.
| Wondered what the reg means--something to do with the registry perhaps ?
| AdAware also found something like 120 different items of malware.
| Anyway with your assistance all is now back to normal.But the question
| is with an operating system like Win XP ,for how long ??
| Thanks again --Richard
|
| On Wed, 30 Mar 2005 19:55:00 +0200, Richard Oliver <[email protected]>
| wrote:
|

Your welcome Richard.

Thanx for updating the thread.
 
Hi David,

I have followd step by step what you have told Ricahrd to remove Trojan
Collected 5.L., however, i could not remove it and there are alot of
the said trojan.

Kindly advise what can i do.

Thanks

Robert
 
| Hi David,
|
| I have followd step by step what you have told Ricahrd to remove Trojan
| Collected 5.L., however, i could not remove it and there are alot of
| the said trojan.
|
| Kindly advise what can i do.
|
| Thanks
|
| Robert

Robert:

Please submit a sample of a file indicated to be infected by Collected 5.L to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 17 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.
 
Back
Top