Trojan help

Ryan January 31, 2009 at 05:01:25
Specs: Windows XP
I'm having a problem with some sort of trojan virus. I'm not sure how it is affecting my computer yet, but my AVG scans keep finding threats and deleting them. However, every new scan I do, it discovers more. Also, every once in a while a box from AVG will pop up saying it found a threat, but when I try to "heal" it an error pops up saying the file could not be found. I use the free edition of AVG. Here are the last 2 scans.

Scan 1: 1-30-09
Scan "Scan whole computer" was finished.
Infections found:;"12"
Infected objects removed or healed:;"12"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Friday, January 30, 2009, 4:07:59 PM"
Scan finished:;"Friday, January 30, 2009, 4:56:55 PM (48 minute(s) 55 second(s))"
Total object scanned:;"572458"
User who launched the scan:;"Owner"

Infections
File;"Infection";"Result"
C:\DOCUME~1\NETWOR~1\protect.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\DOCUME~1\Owner\LOCALS~1\Temp\ms.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\Documents and Settings\Owner\Local Settings\temp\ms.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\Documents and Settings\Owner\Local Settings\temp\wJQs.exe;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0P14XA8\papka2[1].gif;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\Documents and Settings\Owner\protect.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\WINDOWS\Explorer.EXE (276);"Trojan horse BackDoor.Generic10.AOBA";"Reboot is required to finish the action"
C:\WINDOWS\system32\autochk.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\WINDOWS\system32\autochk.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\autochk;"Found registry key with reference to infected file C:\WINDOWS\system32\autochk.dll";"Moved to Virus Vault"
HKU\S-1-5-21-527237240-1801674531-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\autochk;"Found registry key with reference to infected file C:\DOCUME~1\NETWOR~1\protect.dll";"Moved to Virus Vault"

Scan 2: 1-31-09
Scan "Scheduled scan" was finished.
Infections found:;"8"
Infected objects removed or healed:;"8"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Saturday, January 31, 2009, 3:45:00 AM"
Scan finished:;"Saturday, January 31, 2009, 4:54:18 AM (1 hour(s) 9 minute(s) 18 second(s))"
Total object scanned:;"660764"
User who launched the scan:;"SYSTEM"

Infections
File;"Infection";"Result"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1112\A0099671.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1114\A0099684.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1115\A0099693.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1116\A0099702.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1117\A0099714.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1118\A0099774.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1118\A0099775.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"
C:\System Volume Information\_restore{8F87597A-45DC-4E7E-AC5E-22AF76D8D550}\RP1118\A0099784.dll;"Trojan horse BackDoor.Generic10.AOBA";"Moved to Virus Vault"

I have a hijackthis file and I am currently running Malwarebytes so I can post the log if needed. Any suggestions? I've had to use Combofix in the past to get rid of a TDSSefub file, but haven't seen any reference to that in these scans. Please help. Thank you.


See More: Trojan help

Report •


#1
January 31, 2009 at 07:08:10
Don't post logs unless you're asked for them. Disable system restore, then run this:

http://www.simplysup.com/tremover/d...


Report •

#2
January 31, 2009 at 08:38:59
My apologies for the premature log post. I disabled system restore and ran the posted s/w. It scanned and returned with this: "No malicious files were found and no changes were made."

Report •

#3
February 6, 2009 at 19:29:51
I had a similar issue last week with a malware program called Spyware Protect 2009 and some sort of Trojans that weren't detected by my virus software (ezTrust) or MalwareBytes. I had to manually remove startup entries from the Registry and delete the offending executable. Mine also had references to autochk.dll and chkdsk.dll. This week the virus software is detecting trojans it hadn't detected before so I think we both got hit by something new. I'm not sure if I've completely eliminated the offender either...

Report •

Related Solutions


Ask Question