25456.exe / SpamTool / BKCS cleanup help?

Micro-star international / Ex460/ex461
September 16, 2010 at 11:01:35
Specs: Microsoft Windows XP Professional, 2.21 GHz / 3071 MB
i err admit to be a fan of torrents (lol), and i think i got snared by one.

so here are my problems:

1. i downloaded a torrent recently, containing an exe file. it didn't work so i deleted it complete with its folder. but it keeps popping up again and again.

2. i ignored one AVG warning (thinking it was another false alarm), then noticed that the net icon now keeps flashing even if i'm not connecting to the net. so i scanned, and i got 15 trojans and 1 virus. the virus (a BAT/Deleter) i think is already fixed since it didn't appear in further scans, but the trojans remain, some Trojan Horse Generic17.BKCS and SpamTool.GMM. it appears in other variations too (Generic16 and SpamTool.FYS)

3. ...so i resorted to looking at my task manager processes and every time i boot my laptop, there's this process named using five numbers (e.g. 25456.exe, 04338.exe). i end process but it just comes back.

4. some more detections. Downloader.Generic9.CFQM and BackDoor.Generic12.UOV

5. lastly, i also noticed that my mouse cursor is always in "working" mode, the one with the pointer and hourglass. i don't know what program's running in the bg.

i'm using AVGFree 9.0 as my antivirus.

i saw another thread with a quite similar problem to mine, but i think i have more viruses to handle, and i don't want to reformat again if i do the wrong things with combofix. so... help please?

thanks in advance.

See More: 25456.exe / SpamTool / BKCS cleanup help?

Report •

September 18, 2010 at 04:36:27
your virus is downloading other viruses and can i have the link to the torrent i want to find out what it is and what virus it has download malware bytes and spybot seacrch and destroy and rename the downloaded files to 5 digit random numbers too install them and rename the installed exes to 5 digit random numbers too the restart in safe mode and run malware bytes and spybot search and destroy delete all the viruses found.

Report •

September 20, 2010 at 01:25:48
i lost the file already coz i had to reformat my C drive. tried using trojan remover and hitman pro. i think the virus had changed one of my main files from windows so that when it got erased, i couldn't boot my pc back to normal T^T

anyway i'll post back when i get the link of the infected torrent. thanx much.

Report •

September 20, 2010 at 01:37:30
ack it's hard to find now where i got the torrent link, anyway the game is Drawn 2: Dark Flight, it has a "collector's edition" indicator written as [CE] and it uses the name of Wendy99, one of the more popular torrent uploaders in PirateBay (i personally don't think the real Wendy99 uploaded this thing). AND it's not available on PirateBay. if i remember right this is how it's labeled: Drawn 2 Dark Flight [CE] - Wendy99

hope this can be of use :P

Report •

Related Solutions

September 20, 2010 at 04:02:27
"i couldn't boot my pc back to normal" how back to normal does your pc bootup right /can it bootup

Report •

September 20, 2010 at 11:54:38
no it goes thru the boot checking (HD, RAM check etc) and then just black screen, my HD stops running. i don't think there's anything wrong with my HD tho coz like i said i reformatted, and it works full well now like it did before the virus.

Report •

September 20, 2010 at 21:58:04
put in the windows xp cd and boot from it after EULA message were you press F8 .The Cd will search for older version of windows installed and it will detect your xp instalation and you will see this C:\WINDOWS "Microsoft Windows XP Professional" and press R and it will start repairing your windows xp install and you will loose no personal settings or anything in my documents it worked for me every time then after install dont start anything in the other drives dont even open them connect to the internet download malware bytes and spybot search and destroy and download to the c drive only install them in c drive and run a scan if the y find anything make them delete it and download a good antivirus and antspyware program then update them and run them too but dont open other drives then c before all this and im speaking from personal experience.the virus may have made an autorun to the other drives and if you open them the virus will infect windows again.

Report •

Ask Question