Need Help identifying process dlding trojans

July 21, 2009 at 02:54:52
Specs: Windows Vista
Hi

Yesterday after I started my PC, Kaspersky alerted me that Windows Explorer was trying to download two infected files from these urls

-hxxp://travelthegreenway.com/dol4.exe

-hxxp://ecolavage.fr/dol4.exe

infected with:
Trojan.Win32.Buzus.bolj

I have googled, scanned with Kaspersky and Spybot S&D and found nothing.

How can identify and remove whatever is trying to download viruses on my PC and how come Kaspersky identify the threat from the web but cannot find what's actually trying to download crap on my PC?

If anyone has a suggestion scanwise or any hint, I'd appreciate it.

Thanks


See More: Need Help identifying process dlding trojans

Report •


#1
July 21, 2009 at 05:34:06
Which kaspersky product have you installed?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
July 21, 2009 at 08:41:16
I'm using Anti Virus 2009... I trust it and it does work since it's actually stopping the virus from being downloaded onto the computer... I'm just not sure how the downloader got there in the first place since everything I download is scanned...

Now I just finished scanning with Eset Online Scan (if only NOD32 had worked properly on Vista, that would have been my first choice) and here's what it found...

C:\RECYCLER\S-1-5-21-5879773601-2533638639-858429124-7424\sysdate.exe a variant of Win32/Kryptik.XF trojan

could it be the culprit? How can it hide in the recycler (which is of course empty) and where does it come from? Shouldn't the scanner also find the original archive or app or installer that installed this crap?

should I reboot in safe mode to clean it?

thanks


Report •

#3
July 21, 2009 at 08:58:37
Generate a AVZ report ( http://www.malwarecrawler.com/klpos... ) upload it rapidshare.com and post download link to it.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
July 21, 2009 at 13:27:42
Alright... I found my original virus and I know why KAV didn't find it... it was on a USB key that I used to give a file to print to a printer... he made a big show of scanning the key when I gave it to him but he must have used Norton or some other crap AV and he actually was the one who infected my key... lol

I still don't get why KAV didn't tell me anything when I plugged the key afterwards but hey at least I found the problem...

in any case here's the report you asked for

http://rapidshare.com/files/2584670...

thanks for your help


Report •

#5
July 21, 2009 at 14:03:15
You system looks clean. If KAV doesn't detect anything you can send the sample to http://support.kaspersky.ru/virlab/... They usually reply fast.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
July 22, 2009 at 02:04:32
thanks for the help... will do.

AND I will ring the neck of the printer guy! A friend who used my key afterwards and runs NIS (it's an office computer with moronic ITs) not only DID find the sys.exe on his computer after running Eset Scan on my advice but also dol4.exe and a bunch of exes in the Temp folder all running in the Task Manager... ah... Norton... I don,'t miss you at all :)


Report •


Ask Question