Question:
Trojan Downloader keeps coming back! Please Help!?
misstiaemail
2008-12-28 12:12:32 UTC
Hi, I asked a question about this yesterday and got some great answers, i did what was suggested and guess what? It has COME BACK! I really don't want to wipe out my hard drive....this is what i have done today:

Disconnected from internet, restarted and went into safe mode under admin.
ran malwarebytes which found:
5 Trojan.BHO
HKEY_CLASSES_ROOT\solution.solution
HKEY_CLASSES_ROOT\solution.solution.1
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979}
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b}
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f242ea9d6a}

1 Trojan Agent File:
C:\WINDOWS\system32\oJDB81LN.exe.a_a

had malwarebytes remove them..
ran a vipre scan and that found nothing...

i restarted the computer---still disconnected from internet---in safe mode and logged in under my user name

ran malware bytes again....got 2 things:

Trojan. BHO

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75}

and Rogue.VistaAntivirus2008

HKEY_CURRENT_USER\SOFTWARE\VAV

had malwarebytes remove this, ran vipre which found nothing. then did a ccleaner.

set my IE7 for High security (from med. high)

restarted computer regularly, connected to the internet. everything was fine for about an hour....

i was using firefox and i checked my task manager to be paranoid and in applications was firefox and IE---i had NOT launched IE! so i ended that...i did a quick scan with malware bytes and NOTHING....

i check my system32 folder and lo and behold the things that keep coming back WAS BACK!

7j4F264n.exe
7j4F624n.exe.a_a
4l1H831p.dll

vipre labels it as: trojan-downloader.win32.agent.auip and no matter what i do, it COMES BACK....

this is what came up on my last malwarebytes scan which i ran after i knew it was back...

HKEY_CLASSES_ROOT\solution.solution
HKEY_CLASSES_ROOT\solution.solution.1
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979}
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75}
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b}
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{99c6d1bb-7555-474c-91da-d8f62a9cc75}

i had them removed...but i KNOW this will come back....WHAT DO I DO??????????? i'm thinking a sledgehammer!

i have windows XP Media Center, i have IE7 service pack 3, firefox--new version and have d/l-ed all windows updates including security patches....
Five answers:
Fed-up
2008-12-28 12:28:51 UTC
Turn off Windows system restore and delete all the restore points.

Reboot,rerun the malwarebytes scan and delete everything it finds.

Reboot again, run the scan once more. If nothing is found, turn system restore back on and create a restore point.



What apparently happened was that system restore automatically creates a restore point, when a program is installed. So when you removed the trojan, it was still in those files and could reinsert itself.
Millicent
2016-08-22 09:53:20 UTC
2
2008-12-28 13:04:43 UTC
I agree with fed-up. what a lot of people dont understand that if you delete a virus manually it just gets renamed and ends up on a different part of your hard drive. more specifically your restore points. to purge system restore you just turn it off. when you turn it off all of your current restore points are deleted. when you are done purging system restore, turn it back on.
Don
2008-12-28 12:21:15 UTC
try onecare.live.com this is microsoft's online scanner also try the other two scans offered...precisesecurity.com has manual removal instructions for antivirus 2008 and 2009
2008-12-28 12:24:25 UTC
superantispyware.com and ccleaner.com


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...