Trojan Flush M

  • Thread starter Thread starter Belprice
  • Start date Start date
B

Belprice

HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.

Thanks in advance.
Ta
JC
 
Belprice said:
HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this
virus. I tried to follow the instructions for manual removal of this
virus, however it
instructed me to restart windows in safe mode and then a full scan. When
I tried to do this I was asked for a administration password , but I
bought this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing
when I re start the computer and when I try to view the c drive I get an
error message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this
computer, such as photos and videos, can someone please help me with this
very annoying problem.

You can retrieve the data without booting into Windows by either pulling the
hard drive and attaching it to a working computer using a USB external hard
drive or slaving it internally. However, in cases of virus infection I
don't like to do this because it puts the host Windows machine at risk. A
better solution is to use either a Linux Live CD such as Knoppix or a
Bart's PE.

http://www.knoppix.net
http://www.nu2.nu/pebuilder/ - Bart's PE Builder

Once the data is retrieved, I suggest you do a clean install of Windows.
With used computers, this is the best thing to do. You already see that
there is an issue with the Administrator password and who knows what other
crud is on that box from the previous owner.

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand

If you can't do the work yourself (and there is no shame in admitting this
isn't your cup of tea), take the machine to a professional computer repair
shop (not your local equivalent of BigComputerStore/GeekSquad). If
possible, have all your data backed up before you take the machine into a
shop.

When this is over, create and implement a backup strategy because Stuff
Always Happens. Purchasing an external hard drive and Acronis True Image is
a good solution.

Malke
 
Hi Mike,

Thanks a million for coming back to me so quickly.

Unfortunately I am a man of little means and currently I can’t afford to
buy any new equipments for the computer or even pop it into a computer repair
shop , my wife seems to think Christmas presents for our children is much
more important than having my computer up and running.If only she knew!!!

As I mentioned I bought this computer second hand and it came with XP
already installed, so a clean install is also out of the question, as I don’t
have the XP setup disks to reinstall.

Are there anymore options opened to me? I’m posting this message from the
computer in question, so I can still log in and go online.. I would be very
grateful for any suggestions you might have.

Ta
JC
 
Belprice said:
Hi Mike,

Thanks a million for coming back to me so quickly.

Unfortunately I am a man of little means and currently I can?t afford to
buy any new equipments for the computer or even pop it into a computer
repair shop , my wife seems to think Christmas presents for our children
is much more important than having my computer up and running.If only she
knew!!!

As I mentioned I bought this computer second hand and it came with XP
already installed, so a clean install is also out of the question, as I
don?t have the XP setup disks to reinstall.

Are there anymore options opened to me? I?m posting this message from the
computer in question, so I can still log in and go online.. I would be
very grateful for any suggestions you might have.

I'm sorry to hear that you purchased a used computer with no installation
media. Unfortunately this is all too common. Then a problem that requires
reinstallation occurs and the buyer is left with the realization that the
used computer wasn't such a good deal after all. As soon as you can, you
should purchase XP Home and do a clean install. There are two alternative
solutions to your immediate problem:

1. Follow the removal steps for your malware at the links I already gave you
and clean up your machine yourself. If you have difficulty doing that, you
can get free guided help at one of the following specialty forums:

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

2. Or forget about Windows and install one of the many free Linux distros
instead. Naturally there will be a learning curve but at least you will
have a working operating system and won't have to spend any money beyond
the few cents to burn the Linux .iso. While I'm personally not fond of
Ubuntu (I prefer other distros), it is pretty user-friendly. Of course, you
will need to back up your data first if you install Linux. You can also use
a Linux Live CD such as Ubuntu or Knoppix which doesn't touch your hard
drive at all. Use the Live CD until you can buy and install Windows.

Malke
 
From: "Belprice" <[email protected]>

| HI there,

| I am running Norton Anti - Virus and it has reported that i have a virus
| called Trojan Flush M and no matter what I try I can not remove this virus. I
| tried to follow the instructions for manual removal of this virus, however it
| instructed me to restart windows in safe mode and then a full scan. When I
| tried to do this I was asked for a administration password , but I bought
| this computer second hand and have no idea what this pasword is!


| Also my computer is now acting very strange , programs are disappearing when
| I re start the computer and when I try to view the c drive I get an error
| message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
| RESYCLED/BOOT.COM

| I am desperate not to lose the many important family files on this computer,
| such as photos and videos, can someone please help me with this very annoying
| problem.

| Thanks in advance.
| Ta
| JC

No, NAV is declaring that you have a trojan called "Trojan Flush M" not a virus.

- Services Started:
spooler

- Control Codes Sent to Other Services:
Service Control Code
spooler SERVICE_CONTROL_STOP

- Registry Values Modified:
HKLM\SYSTEM\CONTROLSET001\CONTROL\SERVICECURRENT Name
New value
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000\Control ActiveService
Spooler


- Files Created:
c:\resycled
c:\resycled\boot.com
 
Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.
 
From: "Belprice" <[email protected]>

| Hi there,

| Thanks for coming back to me.

| Everytime I try to run Malwarebytes the programs crashes and I get this
| message "Malwarebytes' Anti-Malware has encountered a problem and needs to
| close " and then some garble about memory. Also I can't start my computer in
| safe mode as I don't know the domian name, I do know the password though and
| I sign in with this every time I log unto the computer.

| I would be grateful for any suggestions to help me round this problem.


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 
Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory.

I was just at a location where the user had trouble installing anything,
including MBAM, got errors like you state.

They were using McCrappy Antivirus with a bunch of add-ons that block
access to many things, including registry settings, temp directory,
etc... Can't believe they could use the computer at all with that crap
enabled. Disabled the McCrappy AV product and everything worked fine.
 
Do you have a cd/dvd burner on the machine? If so copy the family files to cd's or dvd's.

If not does the machine have USB ports? If so see if anyone you know has a external USB burner (cd
or dvd) and use that.

Also, how much space do the family files take up? If you have a USB port you can pick-up a small
USB Flash drive for under $20.00 for 4-8GB and under $10.00 for 1-2GB.
 
Hi Stewart ,

And everyone else whom has offered help.

I am still working on the problem , but thanks for all your suggestions.

Ta
JC
 
Back
Top