Infested with problem trojan horse

April 12, 2009 at 12:41:45
Specs: Windows XP SP3, AMD Athlon 64 (x2) Dual Core 4200+ / 2 Mb Ram
I have some major problems with my desktop PC. I posted a query some hours ago but it no longer seems to appear on the website so I’m re-posting.

Yesterday I was visiting some websites when my AVG (7.5) started throwing up all sorts of warnings that changes were being made to my system. I immediately disconnected and did a system scan which indicated that the following had changed:


Then a full scan showed:
C:\Documents and settings\default\local settings\temp\AC25.tmp (Trojan Horse Downloader.generic8.ZVT and deleted by AVG).

C:\Documents and settings\default\local settings\temp\BN11.tmp (Trojan Horse Sheur2.ZZF and deleted by AVG).

C:\WINDOWS\system32\crypts.dll (Trojan Horse Downloader.Agent2.AVE and deleted by AVG).

It also found Rootkit-Agent.CW, but I can’t now see how I discovered that.

The PC itself works more or less normally, but apart from sending this message I have not connected it to the internet since. But I have configured AVG to tell me of any attempts to connect to any IP addresses. It seems as if any programme I start (including AVG) try’s to communicate with one of half a dozen IP addresses none of which there should be any reason to do so and 2 of which are dubious Latvian IP’s. I tried to connect to the internet once, but unless it was routed through one of these IP addresses it wouldn’t let me connect

So far apart from running AVG scans a few times I have also switched off the system restore. I have also run Malwarebyte and carried out the actions it recommended.

I have also now run Hijack This 2.0.2 . Even to my untrained eye (and I am very much a novice when it comes to this) some of it looks strange. For example:
O1 - Hosts: ::1 localhost
O1 - Hosts: ???????????????
O1 - Hosts: ???????????????
O1 - Hosts: ???????????????
O1 - Hosts: ???????????????

I can attach the complete report if required

Any suggestions as to how I can get rid of these problems. I’d rather not have to reformat and reinstall if I can possibly avoid doing so. When I did a scan on Friday the system got the all clear, so I all seems to have happened on Saturday.


See More: Infested with problem trojan horse

Report •

April 14, 2009 at 02:14:17
You should scan your computer with Malwarebytes in Safe Mode.

Report •

April 14, 2009 at 02:32:13
Thanks I'll try this and see what happens.

Report •

Related Solutions

Ask Question