Can't remove Win32/Renos.dz please help :(

June 26, 2009 at 01:01:06
Specs: Windows XP, 1.18gb
I've recently got infected with a virus called TrojanDownloader:Win32/Renos.dz.Window alerted me about it and i attempted to remove it with Window defender and thought that the treat was gone.But it seems to come back again everytime i remove it.about every 30 minutes it happened.

i tried to go on safe mode and run all my anti-virus
SpyBot S&D
MalwareBytes Anti-Malware
Window Defender

but both Malware Bytes and SpyBot wasn't able to detect that virus.
Window Defender also didn't detect that virus until later when that same warning pop up.

Hope you can help me out of this one :(


See More: Cant remove Win32/Renos.dz please help :(

Report •


#1
June 26, 2009 at 07:11:45
Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Attach Scan log/Summary to your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
June 26, 2009 at 14:49:13
sorry the scan is now currently at 5% after 5hours..but don't worry i'll send the log to you as soon as it is done.

i appreciate the help and sorry for late reply


Report •

#3
June 26, 2009 at 14:53:21
To speed it up a bit close all running spyware/antivirus protection. Run the scan in safe mode.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
June 27, 2009 at 04:42:47
Scan
----
Scanned: 3518550
Detected: 14
Untreated: 0
Start time: 6/26/2009 9:44:53 AM
Duration: 18:36:10
Finish time: 6/27/2009 4:21:03 AM


Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: Trojan program Trojan.Win32.FraudPack.own File: c:\windows\msa.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyl File: C:\Documents and Settings\Zodax\Desktop\Pareto_AV_Setup_RW.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyp File: C:\Documents and Settings\Zodax\Local Settings\Application Data\Downloaded Installations\{1B4C9447-81FA-43E8-89FE-9CA0D9B4EB39}\ParetoLogic Anti-Virus PLUS.msi//Data1.cab/paretoshellext.dll
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: C:\Documents and Settings\Zodax\Local Settings\Application Data\Downloaded Installations\{1B4C9447-81FA-43E8-89FE-9CA0D9B4EB39}\ParetoLogic Anti-Virus PLUS.msi//Data1.cab/pareto_av.exe
deleted: Trojan program Trojan.Win32.FraudPack.own File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP11\A0002273.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyl File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP11\A0002276.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyp File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP11\A0002277.msi//Data1.cab/paretoshellext.dll
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP11\A0002277.msi//Data1.cab/pareto_av.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyp File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP7\A0002174.msi//Data1.cab/paretoshellext.dll
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP7\A0002174.msi//Data1.cab/pareto_av.exe
deleted: Trojan program Trojan.Win32.FraudPack.oyp File: D:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP9\A0002199.RBF
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: D:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP9\A0002200.RBF
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP11\A0002277.msi//Data1.cab
deleted: Trojan program Trojan.Win32.FraudPack.oyq File: C:\system volume information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP7\A0002174.msi//Data1.cab


Events
------
Time Name Status Reason
---- ---- ------ ------
6/26/2009 9:45:04 AM Running module: smss.exe\smss.exe ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search Yes
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----


Sorry it took so long :D
thanks again


Report •

#5
June 27, 2009 at 06:47:14

Report •

#6
June 27, 2009 at 08:23:34
so far so good thanks for your help :D

i'll confirm with you again next weekend,i got school.

but i think it's gone for good because window defender will tell me it found the Win32/Renos. dz every time i switch on my computer.Thanks for taking your time to help me :D


Report •


Ask Question