Trojan Horse Downloader.Generic.HPA

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi folks,

I'm a newcomer here so I beg your patience. Every time I log into my account
only in XP my anti-virus immediately tells me that I have got the above
Trojan. I immediately heal it or delete it but invaraiably when I reboot and
log in the next time, it's back again. I have ran numerous scans using
different software but to no avail and I can't seem to find much info about
the trojan on the net. Does anyone have any advice on permanently removing
this? Incidentally, I'm also being plagued by adware called oinadserver,
which neither Ad-Aware or MS Ant-Spyware can either locate or remove. Again,
I would appreciate any suggestions.

Thanks in advance.

Pacim
 
Hi ... Try doing your scans in safe mode , Also make sure you turn off
system restore and , Just to add delete all temp files /cookies , If you
need to know how that is done ? I or someone else from here will tell you
how its done , just ask ...

....
 
Hi folks,

I'm a newcomer here so I beg your patience. Every time I log into my account
only in XP my anti-virus immediately tells me that I have got the above
Trojan. I immediately heal it or delete it but invaraiably when I reboot and
log in the next time, it's back again. I have ran numerous scans using
different software but to no avail and I can't seem to find much info about
the trojan on the net. Does anyone have any advice on permanently removing
this? Incidentally, I'm also being plagued by adware called oinadserver,
which neither Ad-Aware or MS Ant-Spyware can either locate or remove. Again,
I would appreciate any suggestions.

Reboot in SAFE MODE and run the AV software again.

Lets start with Spyware and viruses, there are a couple basic rules that
you need to always follow: 1) Only download software you can validate.
Don't just trust any link to a file, make sure that you are downloading
from a vendors real site. 2) Use a non IE browser as much as possible,
FireFox has worked quite well for our use and most of our clients. 3)
Don't install Peer-2-Peer file/music sharing programs, at all, nada,
never. 4) Don't install search helpers or other unneeded tools - the
more you install the more likely you are to be infected with something
or to install something with a backdoor into your system. 5) Make sure
your Anti-virus software is current and working, and that you scan for
spyware once in a while (Monthly or more frequently).

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

Also, do not post your log files here - there are HiJack groups for just
that purpose, not to mention all the web based forums setup for looking
at them.

Always remember - only download files from Trusted Sites.

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

You can also download Symantec Trial version of their Antivirus software
rom here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site.

If you take nothing else from this post, remember the following:

Only download files from Trusted Sites.

To better clean your system of Spyware/Viruses, reboot your computer in
SAFE MODE and run your AV software, then run AdAwareSE, then reboot back
into normal mode.

Install Windows XP SP2 and stop using IE unless you need to - I
recommend FireFox for the web except for banking sites.

And one more time: Only download files from Trusted Sites.
 
From: "Pacim" <[email protected]>

| Hi folks,
|
| I'm a newcomer here so I beg your patience. Every time I log into my account
| only in XP my anti-virus immediately tells me that I have got the above
| Trojan. I immediately heal it or delete it but invaraiably when I reboot and
| log in the next time, it's back again. I have ran numerous scans using
| different software but to no avail and I can't seem to find much info about
| the trojan on the net. Does anyone have any advice on permanently removing
| this? Incidentally, I'm also being plagued by adware called oinadserver,
| which neither Ad-Aware or MS Ant-Spyware can either locate or remove. Again,
| I would appreciate any suggestions.
|
| Thanks in advance.
|
| Pacim

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


For non-viral malware...

Please download, install and update the following software...

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
Folks,

I just wanted to say many thanks. I posted a hijack this log to AumHa and
one of the guys there sorted the problem.

Thanks for the tips.

Pacim

David H. Lipman said:
From: "Pacim" <[email protected]>

| Hi folks,
|
| I'm a newcomer here so I beg your patience. Every time I log into my account
| only in XP my anti-virus immediately tells me that I have got the above
| Trojan. I immediately heal it or delete it but invaraiably when I reboot and
| log in the next time, it's back again. I have ran numerous scans using
| different software but to no avail and I can't seem to find much info about
| the trojan on the net. Does anyone have any advice on permanently removing
| this? Incidentally, I'm also being plagued by adware called oinadserver,
| which neither Ad-Aware or MS Ant-Spyware can either locate or remove. Again,
| I would appreciate any suggestions.
|
| Thanks in advance.
|
| Pacim

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


For non-viral malware...

Please download, install and update the following software...

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
Back
Top