Trojan.Downloader.Small.popcorn64 Trojan, PWS Pinch Stealer

[Guest]

This files keep popping up even after I run Anti-Spyware Beta 1. It can
remove them and ten minutes later, it pops up again. Actually, I get a web
window asking me to purchase anti-spy ware from third parties (not
Microsoft). I am curious if it has anything to do with WindowsMedia Player
or some other program connected to the web?

 

[Guest]

Hekko:

Have you try running MSAS and your Anti-virus in safe mode??
http://www.spywaredb.com/remove-trojandownloader-win32-small-axo/

Good luck

Engel

 

[Dave M]

Looks like a HijackThis is required for removal, puppy. I don't think MSAS even
in safe mode is going to help you here, though your welcome and encouraged to
give it a try. Sorry, but I believe you'll need the specialized help that a
HijackThis forum can offer. Take a look at this website:
http://forums.majorgeeks.com/showthread.php?t=76078

 

[Guest]

With you having a password stealer running you should avoid logging into
banking sites, paypal, ebay etc.. also change password's on your system when
you get clean, Run Microsoft Antispyware and choose a full system scan, When
the scan is finished click the Plus + beside the names in the results page,
The files for the Trojan and password stealer are these :

Small.popcorn64 Trojan Downloader

c:\windows\system32\hlmicro.exe

PWS-Pinch Password Stealer

c:\windows\system32\bndmod.exe

If it shows the above files then they are still active on your system but if
it shows this below then they are in your system restore :

Small.popcorn64 Trojan Downloader

c:\system volume information\_restore{}\rp\Random.exe

PWS-Pinch Password Stealer

c:\system volume information\_restore{}\rp7\Random.exe

If they are showing in system restore then follow this to clear the restore
points:

First Create a New Restore Point

Goto Start Menu > Run > And copy & paste this in

%SystemRoot%\System32\restore\rstrui.exe

Press Enter, Choose create a restore point and Next , Name it and press
Create

Next clear the infected Restore Points

Goto Start Menu and Run and type

cleanmgr

Press Enter, Goto the "More Options" tab and press Clean up on the System
Restore area to remove all the restore points except the one we just created

If its not in the restore area then reboot into safe mode (Reboot and keep
tapping F8 then choose safe mode from the list) Run a full scan With
Microsoft Antispy and remove anything found.

Reboot back to normal mode and try the scanner again , With you getting pop
ups for other removers its possible you have other problems on your system so
using Ewido Security Suite would be usefull to check for other Trojan/Malware
files that.

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes From the main
menu click on 'scanner' then click 'Complete System Scan' When ewido finds
something, it will pop up a notification. Select "Remove" and check the boxes
"Perform action with all infections" and "Create encrypted backup" then click
on ok.When the scan finishes, click on "Save Report" and save it to your
desktop or c:/drive incase you need it again.

Let us know if you have any problems

Regards

Andy

 

[Guest]

I downloaded ewido and it found 66 infected files!!! Now I can only hope
that I am in the clear! Wow! Thanks for your help.