Win32.Trojan Gen

  • Thread starter Thread starter Evi
  • Start date Start date
E

Evi

Avast found Win32.Trojan Gen on a friend's PC along with the following.

C:/Windows/SYSTEM/mxflrfn.exe/[UPX] unable to scan UPX archive is corrupted

C:/Windows/Temp/morphrec.exe/[UPX] unable to scan UPX archive is corrupted

C:/Windows/All users/./RELATED HTM

C:/Windows/ All users/Application Data/./sb Recovery.ini

C:/Windows/ All users/Application Data/sb Recovery.reg

C:/Windows/ All users/Application Data/00227165.urr

C:/Windows/ All users/Application Data/0201469.urr

C:/Windows/ All users/Application Data/wkrparam.lst

C:/Windows/ All users/Application Data/ 00228384.dat

C:/Windows/ All users/Application Data/ 00246769.dat

C:/Windows/ All users/Application Data/ 0024AD.dat

C:/Windows/ All users/Application Data/files.ini

C:/Windows/ All users/Application Data/002272FA.jpg

C:/Windows/ All users/./mail Stamp Btn.html

C:/Windows/ All users/. /SmileyCentral Btn.html

C:/Windows/ All users/. /Cursor Mania Btn.html

C:/Windows/ All users/. /My stationery Btn.Html

C:/Windows/ All users/. /My SignatureInsert Btn.html

C:/Windows/ All users/. /My Signature Preview Btn.html

C:/Windows/ All users/. /Fun Budl con Btn.html

C:/Windows/ All users/Application Data/00b685B.dat

C:/Windows/ All users/Application Data/not allowed

C:/Windows/ All users/Application Data/not allowed

C:/Windows/ All users/Application Data/SbRecovery.ini

C:/Windows/ All users/Application Data/sbRecovery.reg

We sent everythign to the vault and emptied it. We ran SpyBot and Ad-Aware
and deleted everything they found.

But next time we started, there it was again.

These people had a 2nd hand Pc with lots of rubbish on it but want to avoid
a reformat since they don't have the Windows CD

The PC has Windows ME but we did switch off System Restore before running
the cleanup procedure.

Any ideas?
Evi
 
Evi:

If you don't have Adaware SE v1.05, download this version. If you do, then just follow the
directions on its use.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt422.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html




| Avast found Win32.Trojan Gen on a friend's PC along with the following.
|
| C:/Windows/SYSTEM/mxflrfn.exe/[UPX] unable to scan UPX archive is corrupted
|
| C:/Windows/Temp/morphrec.exe/[UPX] unable to scan UPX archive is corrupted
|
| C:/Windows/All users/./RELATED HTM
|
| C:/Windows/ All users/Application Data/./sb Recovery.ini
|
| C:/Windows/ All users/Application Data/sb Recovery.reg
|
| C:/Windows/ All users/Application Data/00227165.urr
|
| C:/Windows/ All users/Application Data/0201469.urr
|
| C:/Windows/ All users/Application Data/wkrparam.lst
|
| C:/Windows/ All users/Application Data/ 00228384.dat
|
| C:/Windows/ All users/Application Data/ 00246769.dat
|
| C:/Windows/ All users/Application Data/ 0024AD.dat
|
| C:/Windows/ All users/Application Data/files.ini
|
| C:/Windows/ All users/Application Data/002272FA.jpg
|
| C:/Windows/ All users/./mail Stamp Btn.html
|
| C:/Windows/ All users/. /SmileyCentral Btn.html
|
| C:/Windows/ All users/. /Cursor Mania Btn.html
|
| C:/Windows/ All users/. /My stationery Btn.Html
|
| C:/Windows/ All users/. /My SignatureInsert Btn.html
|
| C:/Windows/ All users/. /My Signature Preview Btn.html
|
| C:/Windows/ All users/. /Fun Budl con Btn.html
|
| C:/Windows/ All users/Application Data/00b685B.dat
|
| C:/Windows/ All users/Application Data/not allowed
|
| C:/Windows/ All users/Application Data/not allowed
|
| C:/Windows/ All users/Application Data/SbRecovery.ini
|
| C:/Windows/ All users/Application Data/sbRecovery.reg
|
| We sent everythign to the vault and emptied it. We ran SpyBot and Ad-Aware
| and deleted everything they found.
|
| But next time we started, there it was again.
|
| These people had a 2nd hand Pc with lots of rubbish on it but want to avoid
| a reformat since they don't have the Windows CD
|
| The PC has Windows ME but we did switch off System Restore before running
| the cleanup procedure.
|
| Any ideas?
| Evi
|
|
 
We did use Adaware.

When we install the Trend Sysclean package, do we need to disable Avast?

We did try to download something from the Trendmicro site but when we tried
to click on it, Avast told us that it contained a virus. Is this a fake
reading?

Evi


David H. Lipman said:
Evi:

If you don't have Adaware SE v1.05, download this version. If you do, then just follow the
directions on its use.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt422.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html




| Avast found Win32.Trojan Gen on a friend's PC along with the following.
|
| C:/Windows/SYSTEM/mxflrfn.exe/[UPX] unable to scan UPX archive is corrupted
|
| C:/Windows/Temp/morphrec.exe/[UPX] unable to scan UPX archive is corrupted
|
| C:/Windows/All users/./RELATED HTM
|
| C:/Windows/ All users/Application Data/./sb Recovery.ini
|
| C:/Windows/ All users/Application Data/sb Recovery.reg
|
| C:/Windows/ All users/Application Data/00227165.urr
|
| C:/Windows/ All users/Application Data/0201469.urr
|
| C:/Windows/ All users/Application Data/wkrparam.lst
|
| C:/Windows/ All users/Application Data/ 00228384.dat
|
| C:/Windows/ All users/Application Data/ 00246769.dat
|
| C:/Windows/ All users/Application Data/ 0024AD.dat
|
| C:/Windows/ All users/Application Data/files.ini
|
| C:/Windows/ All users/Application Data/002272FA.jpg
|
| C:/Windows/ All users/./mail Stamp Btn.html
|
| C:/Windows/ All users/. /SmileyCentral Btn.html
|
| C:/Windows/ All users/. /Cursor Mania Btn.html
|
| C:/Windows/ All users/. /My stationery Btn.Html
|
| C:/Windows/ All users/. /My SignatureInsert Btn.html
|
| C:/Windows/ All users/. /My Signature Preview Btn.html
|
| C:/Windows/ All users/. /Fun Budl con Btn.html
|
| C:/Windows/ All users/Application Data/00b685B.dat
|
| C:/Windows/ All users/Application Data/not allowed
|
| C:/Windows/ All users/Application Data/not allowed
|
| C:/Windows/ All users/Application Data/SbRecovery.ini
|
| C:/Windows/ All users/Application Data/sbRecovery.reg
|
| We sent everythign to the vault and emptied it. We ran SpyBot and Ad-Aware
| and deleted everything they found.
|
| But next time we started, there it was again.
|
| These people had a 2nd hand Pc with lots of rubbish on it but want to avoid
| a reformat since they don't have the Windows CD
|
| The PC has Windows ME but we did switch off System Restore before running
| the cleanup procedure.
|
| Any ideas?
| Evi
|
|
Click to expand...
 
Yes, Avast gave a False Positive. Go ahead disable Avast download the files and run
sysclean.com.

--
Dave




| We did use Adaware.
|
| When we install the Trend Sysclean package, do we need to disable Avast?
|
| We did try to download something from the Trendmicro site but when we tried
| to click on it, Avast told us that it contained a virus. Is this a fake
| reading?
|
| Evi
|
|
| | > Evi:
| >
| > If you don't have Adaware SE v1.05, download this version. If you do,
| then just follow the
| > directions on its use.
| >
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download SYSCLEAN.COM and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt422.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
| directory as
| > SYSCLEAN.COM.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode and shutdown as many applications as
| possible.
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full
| Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform
| using both the
| > Trend Sysclean utility and Adaware
| > 7) If you are using WinME or WinXP,Re-enable System Restore and
| re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~
| 600MB),
| > 8) Reboot your PC.
| > 9) If you are using WinME or WinXP, create a new Restore point
| >
| > * * * Please report back your results * * *
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | Avast found Win32.Trojan Gen on a friend's PC along with the following.
| > |
| > | C:/Windows/SYSTEM/mxflrfn.exe/[UPX] unable to scan UPX archive is
| corrupted
| > |
| > | C:/Windows/Temp/morphrec.exe/[UPX] unable to scan UPX archive is
| corrupted
| > |
| > | C:/Windows/All users/./RELATED HTM
| > |
| > | C:/Windows/ All users/Application Data/./sb Recovery.ini
| > |
| > | C:/Windows/ All users/Application Data/sb Recovery.reg
| > |
| > | C:/Windows/ All users/Application Data/00227165.urr
| > |
| > | C:/Windows/ All users/Application Data/0201469.urr
| > |
| > | C:/Windows/ All users/Application Data/wkrparam.lst
| > |
| > | C:/Windows/ All users/Application Data/ 00228384.dat
| > |
| > | C:/Windows/ All users/Application Data/ 00246769.dat
| > |
| > | C:/Windows/ All users/Application Data/ 0024AD.dat
| > |
| > | C:/Windows/ All users/Application Data/files.ini
| > |
| > | C:/Windows/ All users/Application Data/002272FA.jpg
| > |
| > | C:/Windows/ All users/./mail Stamp Btn.html
| > |
| > | C:/Windows/ All users/. /SmileyCentral Btn.html
| > |
| > | C:/Windows/ All users/. /Cursor Mania Btn.html
| > |
| > | C:/Windows/ All users/. /My stationery Btn.Html
| > |
| > | C:/Windows/ All users/. /My SignatureInsert Btn.html
| > |
| > | C:/Windows/ All users/. /My Signature Preview Btn.html
| > |
| > | C:/Windows/ All users/. /Fun Budl con Btn.html
| > |
| > | C:/Windows/ All users/Application Data/00b685B.dat
| > |
| > | C:/Windows/ All users/Application Data/not allowed
| > |
| > | C:/Windows/ All users/Application Data/not allowed
| > |
| > | C:/Windows/ All users/Application Data/SbRecovery.ini
| > |
| > | C:/Windows/ All users/Application Data/sbRecovery.reg
| > |
| > | We sent everythign to the vault and emptied it. We ran SpyBot and
| Ad-Aware
| > | and deleted everything they found.
| > |
| > | But next time we started, there it was again.
| > |
| > | These people had a 2nd hand Pc with lots of rubbish on it but want to
| avoid
| > | a reformat since they don't have the Windows CD
| > |
| > | The PC has Windows ME but we did switch off System Restore before
| running
| > | the cleanup procedure.
| > |
| > | Any ideas?
| > | Evi
| > |
| > |
| >
| >
|
|
 
Back
Top