Articles

Trojan Virus

May 25, 2009 at 10:31:57
Specs: Microsoft Windows Vista Home Premium, 1.795 GHz / 3062 MB

I am unable to do anything online with this computer unless it is in safe mode. Every time I attampt to open a website, it blocks it with a "personal antivirus" dark red box, saying that the site is potentially dangerous to the computer, and urges me to install the software. I never installed a "personal antivirus" so i am thinking that it is the virus, but I am not savvy on viruses so i need some help. Please, walk me through how to get rid of this thing, so I can get back online?

See More: Trojan Virus

Report •


#1
May 25, 2009 at 10:51:37

Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screen shot/log of detected items that is fixed and which it could not fix. Once you post the log we will continue with further steps from there.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 25, 2009 at 11:35:02

Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
To Private Message me Click Here


Report •

#3
May 25, 2009 at 17:58:01

5/25/2009 12:18:41 PM File: C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2U6R9Y\file[1].exe detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 12:18:41 PM File: C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2U6R9Y\file[1].exe not disinfected postponed
5/25/2009 12:19:58 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACaf8.tmp detected Trojan program 'Packed.Win32.Tdss.m'
5/25/2009 12:19:58 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACaf8.tmp not disinfected postponed
5/25/2009 12:19:58 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACdb6.tmp detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 12:19:58 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACdb6.tmp not disinfected postponed
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/agntcons.vbs password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/agntlang.vbs password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/comctl.lpk password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/config.ini password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/pbar.vbs password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/UnInsStr.vbs password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/uninst.vbs password protected
5/25/2009 1:23:52 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/uninstall.htm password protected
5/25/2009 2:27:52 PM File: C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2U6R9Y\file[1].exe detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 2:27:52 PM File: C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2U6R9Y\file[1].exe not disinfected postponed
5/25/2009 2:29:10 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACaf8.tmp detected Trojan program 'Packed.Win32.Tdss.m'
5/25/2009 2:29:10 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACaf8.tmp not disinfected postponed
5/25/2009 2:29:10 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACdb6.tmp detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 2:29:10 PM File: C:\Users\Rhiannon\AppData\Local\Temp\UACdb6.tmp not disinfected postponed
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/agntcons.vbs password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/agntlang.vbs password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/comctl.lpk password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/config.ini password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/pbar.vbs password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/UnInsStr.vbs password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/uninst.vbs password protected
5/25/2009 5:07:27 PM File: D:\i386\Apps\App001465\Apps\MSC\msclgmis.cab/screm.ui/uninstall.htm password protected
5/25/2009 5:27:37 PM File: c:\users\rhiannon\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2u6r9y\file[1].exe detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 5:44:34 PM File: c:\users\rhiannon\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2u6r9y\file[1].exe deleted
5/25/2009 5:44:34 PM File: c:\users\rhiannon\appdata\local\temp\uacaf8.tmp detected Trojan program 'Packed.Win32.Tdss.m'
5/25/2009 5:44:54 PM File: c:\users\rhiannon\appdata\local\temp\uacaf8.tmp not disinfected cannot be disinfected
5/25/2009 5:44:54 PM File: c:\users\rhiannon\appdata\local\temp\uacaf8.tmp deleted
5/25/2009 5:44:55 PM File: c:\users\rhiannon\appdata\local\temp\uacdb6.tmp detected Trojan program 'Trojan.Win32.TDSS.adrc'
5/25/2009 5:44:55 PM File: c:\users\rhiannon\appdata\local\temp\uacdb6.tmp deleted

Report •

Related Solutions

#4
May 25, 2009 at 18:02:25

Attach the whole log (upload it to rapidshare.com).

--------------------------------------------
To Private Message me Click Here


Report •


Ask Question