help me about Win32:Trojan-gen{other} and some virus

it keep alert me about the virus Win32:Trojan-gen{other} in C:\DOCUME~1\Sean88\LOCALS~1\Temp\2.exe
at first i choose delete but it still alert after awhile then i try keep into the chest and it still same
i adi delete more than 5 times and inside my chest have 8 of the same virus alert
how to solve?
izit false alert?

as for Win32:Rootkit-gen[Rtk] (C:\WINDOWS\system32\killkb.dll / C:\WINDOWS\update.dll)
is both of the dll contain virus?
can i delete it or it just false alert also??
i now just keep them in chest

Hi 3256142,

You are infected with: Irc.Momma worm re: http://www.auditmypc.com/process/temp2.asp
Remove this with the following tool: http://www.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=4
What does this tool do?

This tool removes the so called temp2.exe virus and friends “copy.exe, host.exe”… it removes it from all your hard drive partitions including floppy disks and USB flash disks (those must be write enabled during the scan process)

It also removes the leftovers of this virus by removing the ‘autorun.inf’ files and cleaning up you system registry, so you wont see the ‘autoplay’ item anymore.

Moreover, this tool has been downloaded thousands of times and found works not only with this virus but with many other viruses that share the same behavior!

How to use it?

Start your computer in Safe mode and run this tool. if you have infected floppy/flash disks you can insert them and click start. you can repeat this for every disk you have.

For bugs & problems, please contact me, or leave your comment here.
Courtesy of tool developer": Issam Sergiwa

Win-Trojan/KillAV.34304

System Risk Network Risk Spread Risk Current Spread Level
Danger Danger Harm Attention
Aliases
Primary Symptoms Other Malignant Codes, Network, File execution
Infected OS Windows Infected Route Other Malignant Codes, Network, File execution
Kind Trojan Horse Infected Type Execution File
Origin Unknown Specific Working Date Unknown
Date Discovered 2009-04-23 (local time) Date Discovered in Korea 2009-04-23

Content

  • Method of Infection

It can’t self-propagate. It is likely that the system could be infected when a user downloads an executable file from email, messenger, board, and download centers and run the file. Or, it is possible that it is installed by other malicious codes (worms, viruses and trojan horses).

  • Symptoms after Execution

[Creating Files]

It creates following file(s) in the Windows folder.

  • aboy.dll

Note) Depending on the MS Windows version, Windows folder’s location may differ. Generally, the location is C:\Windows for Windows 95/98/ME, C:\WinNT for Windows NT/2000.

It creates following file(s) in the Windows system folder.

  • killkb.dll

Note) Depending on the MS Windows version, Windows system folder’s location may differ. Generally, the location is C:\Windows\System for Windows 95/98/ME, C:\WinNT\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP.

Post a hijackthis log txt file attached to your next posting, download this from here:
http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

We will analyze that and see with what further steps should be taken to cleanse your machine from these malware infections,

polonus

just now i go safe mode and use the RRT(not free :'() and it just got 1 option to check which is system files/folders
after i check and remove it
it still the same
keep on alert me about the virus
do i really need to get full version of RRT only can remove the virus??
i cant even enjoy game or movie because it keep on alert the virus

Hi 3256142,

The files in the chest can not do any harm, they are like prisoners in a prison, leave them there and after a week or so you can delete them safely,
Give me a fresh hijackthis logfile txt first,
We look at your logfile first and then do the cleansing,
The tool is free for personal use only, you are not using it businesslike, do you? Download site: http://www.sergiwa.com/modules/mydownloads/visit.php?cid=2&lid=4

polonus

here is the log

i try do the RRT tomorrow morning
feel tired already
now my time is 6am the morning
:-X :o :-X

Hi 3256142,

Remove all of your hostfile, also the good hosts there, and restore to the original hostfile, read here how to:
http://www.mvps.org/winhelp2002/hosts.htm
You have two resident av solutions, haven’t you, avast and kasperky, drop one, two resident av scanners will interfere with each other and make things worse. Do not!
When your computer is clean, install ServicePack3 for XP, and see all third party software is recent and patched using PSI Secunia: http://secunia.com/PSISetup.exe
These entries were reported as bad and should be fixed using HijackThis:
Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.3 h96b.info

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot hackerbf.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 geekbyfeng.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 121.14.101.68

Kind

Nasty (2.63 / 5.00)

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 ppp.etimes888.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 www dot bypk.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 udp.hjob123.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 www dot gamehacker.com.cn

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 gamehacker.com.cn

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.3 adlaji.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 user1.12-27.net

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 fengent.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot sony888.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 user1.asp-33.cn

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot netkwek.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 ymsdkad6.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot lkwueir.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.1.1 user1.23-17.net

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 upa.luzhiai.net

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot guccia.net

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 mm119mkssd.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 61.128.171.115:8080

Kind

Nasty (2.63 / 5.00)

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 www dot 1119111.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 win.nihao69.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 puc.lianxiac.net

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 pud.lianxiac.net

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 210.76.0.133

Kind

Nasty (2.63 / 5.00)

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 61.166.32.2

Kind

Nasty (2.63 / 5.00)

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 218.92.186.27

Kind

Nasty (2.63 / 5.00)

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 www dot fsfsfag.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 ovo dot ovovov.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 dw.com.com

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 t.myblank.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails Unknown
O1 - Hosts: 127.0.0.0 x.myblank.cn

Kind

Unknown URLs should be fixed. Unknown entries within the HOSTS-file should be fixed.

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 qq-xing.com.cn

Kind

Must be fixed!

Visitor’s assessment Analyzerdetails
O1 - Hosts: 127.0.0.0 59.125.231.177:17777

Kind

Unknown
O4 - HKLM..\Run: [RRT-Auto] C:\Documents and Settings\Sean88\Desktop\RRT\RRT.exe auto Unknown appl. check this at www.virustotal.com if it is legit…
Nasty (2.63 / 5.00)

polonus

erm i not very understand about the hosts things

  1. how to i remove my hostfile?
    2)after remove do i need restart first then only install new host file?
  2. is this http://www.mvps.org/winhelp2002/hosts.zip the correct host file??
  3. i cant update my windows (u know why)

about the RRT , i adi clear it in safe mode and it say my pc is clean from temp2.exe
do i need to remove in administrative(user) also ? i just clean in my own user not in administrative user

Hi 3256142,

You have to clean with the tool with full admin rights the main account,
there you can use the following program to get back the good hosts file, go here and read the instructions:
http://www.mvps.org/winhelp2002/hosts2.htm

polonus

erm is the admin user consider a main account??
i do the clearing using RRT but it still infected with the virus
do i need to completely clear the Trojan before changing the hostfile??

about the RRT do i need to place it in win32 so that it can clear it or i just can put in desktop folder?
when i open the RRT and click the remove on top of the S/W it say scanning for 1 sec and less then it say it have clear the temp2.exe
feel so strange the file so many but it can scan so fast( fast until need 1sec or less to scan all)

i almost lose my patience
thinking of format my pc more better
use RRT MBAM superspyware change the host file
all done adi but still getting that kind of virus report

:frowning: >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

Install HostsMan http://www.abelhadigital.com/
Then update it and replace your hosts file

if i install the host file
izit can clear my trojan-gen away??

by the way
where can i access the C:\DOCUME~1\Sean88\LOCALS~1\Temp??
all i can access is C:\Documents and Settings\Sean88\Local Settings\Temp
not dodume~1 or locals~1

It could remove the redirection (from one good site to nowhere).

The ~1 folders are the eight-three (8.3) character name (or short name) of that same folder.

erm i got 1 last thing to ask
got any virus can dmg my usb driver?
now when i install my pendrive into my pc at the btm task bar the safety remove usb will not display up
i check the setting and there setting got display out
now after i use finish my usb or external HD i can safety remove
i need to shut down pc or take the risk to straight pull of the usb
scare pull off the usb without safety remove will cause the file loss

Is dmg = damage?
If so, yes, a virus could damage (infect) USB driver files.

Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

it still got the same virus alert ah~~~~~~~~~~~~~~~~~~~~~~~~~ Lips Sealed Shocked

i fell like throwing my cpu away Angry Angry Angry Angry

Why don’t you bring your computer to like a computer place and have them reboot it ? it might cost alot of money but if you cant fix the virus then i suggest that.

if i take my pc to repair
then i rather format my computer my own it cost me 0 DOLAR

Yeah you should do that.

oh ya izit the system restore still contain the trojan
this cause me cant clean up the trojan??