Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello! I am having a major problem with trojan. I tried to open windows media player today, and my AVG anti-virus said that I had a TROJAN DOWNLOADER.VB.EC virus in WINNT\pup.exe folder. I did a full scan and AVG moved the file to the vault but could not remove. Tried to open Media player again,and again, it wouldn't open and the virus notice came up. This is what I have now done:
1.Ran AVG again, this time it said file was healed.
2.Opened media player. Same virus appears.
3.Ran Norton 2003, no virus detected.
4.Rebooted in safemode, removed pup.exe (infected file). Deleted and emptied recycle bin.
5.Ran my ad-aware and spybot...just in case.
6.Rebooted...PUP.exe showed BACK up, and once again, AVG says infected.
I keep "healing it", deleting it, quarantining it, doesn't matter. Each reboot it comes back, and Norton doesn't find anything. I can not open media player because of this. Going nuts. Any help would be incredibly appreciated. THANKS!!!
justsweet:
Could be hiding in System Restore. Turn off System Restore and reboot your PC, then turn SR back on.
Solarian
0 
Solarian,
Thanks! but...I've been trying to figure out how to turn off system restore, and I can't locate it. Where do I look? Thanks again!justsweet
0
justsweet:
I failed to note in your original post that you're running Windows 2000.
I'm not absolutely certain, but I believe System Restore is a feature of only Windows XP and Windows Millennium.
To make sure though, you might want to post the SR question in the Windows 2000 forum here at Computing.net (see left-hand column).
Solarian
0
quite possibly the trojan has injected itself into your media player. I suggest getting a decent trojan scanner and remover and trying to remove it that way. AVG is ok but a specific trojan scanner will do a much better job.
If you can kill the trojan process, then delete all start up entries you may be able to remove it manually.
for free ware trojan removal tools go to
http://www.anti-trojan.org
0
had same problem with windows mediam player and downloader.vb.ec. remove downloader trojan,delete startup files and then reinstall media player over current player.that removes old registry entries.
0
budlite, you sir, are a genius! im on xp sp1. avg, pccillin housecall, mcafee free scan, adaware, and spybot s&d did nothing. avg found it and said it was gone but nope. tried with system restore off but no difference. then i read budlite's post. all i had to do was delete pup.exe from \windows, d/l mediaplayer from m$ downloads and reinstall it. all fixed! thanks budlite. btw i had no startup files to delete.
0
In my case AVG found it (routine check) but initially could not remove it (to the vault). I had not been using media player, so I did not detect symptoms other than AVG detection. [XP Home OS]. Various sequences of kill 'ologmsgi.exe' process, turn-off restore, re-running AVG eventually seems to got rid of the offending article. Thanks. Anti-trojan site not freeware and databases seem oblivious to 'downloader.vb.cd'!
0
I had the same problem. (XP HOME SP1). The problem was how to access the System Volume Information folder. The point is that sharing within Windows Xp Home edition does not allow to modify the access control list. In my case (XP HOME with NTFS) you have to do it like this:
First In Windows Explorer click [Tools] [Folder Options]Click the [View] tab, click [Show Hidden Files and Folders]Clear [Hide protected operating system files (Recommended)] check box.Go to a command prompt (Click [Start] [Run] type cmd and click [OK]). Then navigate to the root folder of the partition where the System Volume Information folder you want to access is located. Type the following command:
cacls ":\System Volume Information" /E /G :F and press ENTER. Now AVG or any other antivirus-program can access the System Volume Information folder and remove or "heal" unwanted files.
To restore the access control list for the modified folder type the following:
cacls ":\System Volume Information" /E /R
All the permissions are deleted en the original situation is restored.
0
i have same problem with downloader.vb.ec - i know nothing about computers so dont really know what to do - do i just delete everything associated with media player and reinstall it? I also keep getting alerts from AVG detecting virus in system restore but dont know how to get rid of it etc - am using xp home!
0
I had the problem also just a few minutes ago. AVG detected it but could not delete, remove or quarantine. I used the link below to access the sys vol information folder and manually deleted the file. Here's the link as to how to access the folder.
http://www.theeldergeek.com/system_volume_information_folder1.htm
Pay attention to the name avg gives especially the end part of it, you will see a folder name RP??? mine happened to be RP167 also at the end of the alert AVG gives is a file name look within the folder. I would suggest running a scan on the folder first. Then run a scan on the file name if AVG detects it delete the file. You may get a couple more alerts until you have deleted the file from the recycle bin. Good luck and hopes it helps.
Michelle Hammonds
www.overjoycreations.com
0
having the same problem, first one file, then two, then 16, turned off system restore, which by the way you can access with the windows button on your keyboard with the pause button, anyway, ran avg again, and hey no virus found.
By the way you can install wmplayer by pressing the start menu, my computer, c:, program files, wmplayer, installer, and double click. hope that works for you.
0
I had the same problem yesterday.
* You can't rid of the Trojan, coz the Windows Media Player .exe file has been changed with that one.
* To fix the problem you have to DELETE that PUP.exe 1st and then DELETE - WMPLAYER.exe - in Windows Media Player Directory.
* Run the SETUP_WM.exe from the same dir to UPDATE the Media Player...
* That's all... ;)
0
I too now have the downloader.vb.ec virus on my computer. I tried AVG, wasn't able to remove it. Tried ad-aware, didn't work. Found the .exe file(c:/windows/system32/bgengd.exe), but it wouldn't let me delete it (access denied). Tried turning off system restore and restarting the comp, didn't work. Tried looking in the system volume folder but it didn't work (access denied). Now I'm getting pop-ups everytime I open internet explorer. Anyone have any suggestions??? PLease help.
0
Removing Trojan horse Downloader.VB.EC
I too suffered from this little Ba$tard. Follow this advice and you too can be set free!
I went to this site for a fix:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_REVOP.A**NOTE: Do the automatic removal, not manual. Trust me on that one, if you want to make sure you get it all out of your system.
From there, I followed this link:
http://www.trendmicro.com/download/dcs.aspHere is the page where you get the latest pattern file:
http://www.trendmicro.com/download/pattern.aspYou may want to print out the instructions/info. just incase you need them. All of you with ME and XP, you'll need to read the extra info about disabling Sytem Restore.
Post back here to tell us all how it goes.
Good luck!!!
P.S. I too had my Windows Media Player infected. After you get done removing the bada$$ Trojan/Virus from your computer, you will have to re-download Windows Media Player, and re-install it over the old one.
P.P.S. My AVG would only heal the stupid thing too, not remove it. This is where Trend Micro Sysclean will help.
Professor Plutonium
0
i have this s--- too! and i had to re install media player because it didn t work.
AVG detects this trojan in "system volume restore" but when i scanned all nothing wrong found. So too bad.
0
I've been trying to get rid of this bugger all day. AVG finds it but can't get rid of it yet. I just downloaded an update hoping that would help but they still don't do the trick.
I have two files: _restore\temp\A0097097.CPY and A097099.CPY
Trend Micro doesn't seem to even detect the damn things!
Waht is the trick to disable System Restore in ME?
0
i tried to run Sysclean but when i viewed the log almost every single file said Access is denied :-/ how can i fix this problem? because i know i have downloader.vb.ec but i cant get to it
0
Thanks to zeko and all up here, what cleaned this one for me was:
Delete that POP.exe and WMPlayer.exe, (just search those 2 files) empty recycle bin. quarantine the virus with AVG or other.. ("AntiVir Personal edition", or "The Cleaner" for Trojans) update virus software or spybots before running.. clean up.
Disable system restore in ME: control panel, system, performance, file system, troubleshooting, check restore disable, apply and reboot computer.
Run antivirus again just in case, spybot, etc. Re-enable system restore, reboot. Download new WMplayer straight from microsoft.com, version 9 if you must, i prefer winamp 5.03 now..
Good luck to all.
0
Disabled system restore as per instructions. Binned pup.exe, ran AVG and Trend Micro, got the all clear, downloaded new WMplayer, and guess what, after one "clean"test last night, AVG found the bugger again this morning.
Supposedly "healed" but I've seen that before...
System restore is still disabled by the way.
0
I've had a few viruses in the last couple of days...I managed to kill off all but one.
I am running XPhome1
The PUP.exe was no problem...I just deleted it and re-installed media player as a guess...and bingo it worked!
But the next day I went out and came home with a Trojan Downloader VB.EC warning.
I did an AVG update but it can't find it.
I tried the start-run-cmd route...but I cannot acess the folder still...DOS just tells me that whatever I am typing is wrong (even though I copied the link and pasted from a help page...and manually typed it too)
I've read all the discussions and help pages but nothing is working for this guy.AVG wont find it...and it just pops up every once in a while telling me to run AVG for windows.
AVG wont find it, I cant access the system volume folder and DOS commands aren't working?
What else is left?
0
Nice to know I'm not the only one. Have followed above advice and have my fingers crossed. Attempted the Trends Micro Auto Repair to no avail, it kept reporting files missing that were sitting right there next to it in the folder!
Have my a new copy of media player now, and my fingers crossed. Will make the children cross theirs too, so they can't type in a URL on my computer anymore!!!
[url=http://www.rtfi.us/Concepts/index.htm]Dakota SEO & Design[/url]
0
You guys ROCK!!! I have been working on this for the last 4 hours and did a search on the virus name and came up with this site. It is exactly the same problem I had. I followed the easiest way, Responce 12 from Zeko and it works!!
Thanks to all!!
MikeM"Its not what you say, but how you say it"
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
