okay i got my new comp bout a month ago for college where im at right now…i dled avast since my room mate told me its what to use…then suddenly i got this trojan warning, i try to delete and move the file but it wouldnt let me stating that something else was already using it (was in the internet temp file and another in the win32) so i booted in safe mode and deleted it…i repeated this process atleast 5 times!! i just formatted my computer a couple hours ago and wow once again i get a trojan warning! i moved it to the chest successfully but i wanna know what could be causing this and what i can do to stop it! PLEASE GUYS ITS DRIVING ME NUTS
windows 2000
Hi :
It looks like you have a very bad piece of spyware ;
you need the assistance of Experts on an
antiSPYWARE forum, so best to go to online forum of your
antiSPYWARE Provider; if you know of none, I recommend
the Ad-Aware oriented forums at www.landzdown.com .
Spiritsongs,
This may be a setup or false positive issue in avast, and even if it is spyware, why do you have to send everybody away as soon as they arrive?
zimba,
What operating system do you have? As the computer is quite new, am I correct in assuming it’s Windows XP?
You will need to give us some more information: the name and location of the malware. This is the sort of thing we need:
Avast just picked up win32: Horst-BJ in our morning boot-time scan, thank God. It was in C: Docs and Sets\All Users\Application Data\CanonBJ\IJPrinter\CNMWindows\Canonip6600D\Installer\Inst2\helpkicker.exe
Frank
Windows 2000 in zimba’s second post
Amen to that. There really is quite a lot of talent right here on this forum.
WT*! I could’ve sworn that second post wasn’t there before! ???
well every time it detects something it says recommended action :move to chestbox, whats a noob to do?
I can only repeat what I said before:
You will need to give us some more information: the name and location of the malware. This is the sort of thing we need:
Avast just picked up win32: Horst-BJ in our morning boot-time scan, thank God. It was in C: Docs and Sets\All Users\Application Data\CanonBJ\IJPrinter\CNMWindows\Canonip6600D\Installer\Inst2\helpkicker.exe
In addition:
Win2000 has no firewall, so as soon as you connect to the internet, you are going to get attacked. Within a few minute, your computer will be pwned!
On top of that, MS no longer provides updates for Win2000, surfing with IE is going to leave you open to attack if you stray onto the wrong website. Within a few minutes, yep, you guessed it, your computer will be pwned!
Get a good free firewall like Zone Alarm and learn how to set it up, get an alternative browser like Firefox or Opera, then format again. Install avast!, Zone Alarm and the browser of your choice and maybe this time you’ll survive a little longer!
It would also help if you update Win2000 with all the secuirty fixes.
Make sure the first site you visit is Microsoft Update. Download all critical updates.
Here’s a good link to help you set up Zone Alarm:
http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u
do you even read things before you post? i already said one was in the win32 folder and the other in the temp internet folder
yeah i dled zone alarm, quite a good program!..thanks for the tips
do you even read things before you post? i already said one was in the win32 folder and the other in the temp internet folder
As I said, we need the name of the malware, and the path and filename, as per the example.
But I think it’ll be somebody else helping you out from now on, numbnuts.
thats alright your about as useful as tits on a bull
Guy (or girls, as the case may be). There’s a problem to be solved.
What did you do after reformatting? Check email? Surf? Download files? Install something from disk? I mean, certainly a reformat required re-installtion of programs and/or data.
Hello,
I have exactly the same problem as Zimba.; delete, delete, etc.
The only option is to move the trojan in the chest, succesfully…'But what could be causing
this???, to laeve it in the chest forever?
I have xp.
Hi Satine777,
Please could you start your own thread so people can see your post and offer help?
It will help us a lot if you can give us some more information: the name and location of the malware. This is the sort of thing we need:
Avast just picked up win32: Horst-BJ in our morning boot-time scan, thank God. It was in C: Docs and Sets\All Users\Application Data\CanonBJ\IJPrinter\CNMWindows\Canonip6600D\Installer\Inst2\helpkicker.exe
Thank you for the reply!
Here are the files, they, Avast!, recommend me to store in the chest:
C:\WINDOWS\system32\kernel32.dll Bestandscategorie: 0
BestandsID: 0000000002 Originele bestandsnaam: C:\WINDOWS\system32\winsock.dll Bestandscategorie: 0
BestandsID: 0000000003 Originele bestandsnaam: C:\WINDOWS\system32\wsock32.dll Bestandscategorie: 0
BestandsID: 0000000004 Originele bestandsnaam: C:\Documents and Settings\Bremer\Local Settings\Temp\p2psetup.exe Bestandscategorie: 1
BestandsID: 0000000005 Originele bestandsnaam: C:\Documents and Settings\Bremer\Local Settings\Temporary Internet Files\Content.IE5\8ZNFM85H\p2psetup[1].exe Bestandscategorie: 1
BestandsID: 0000000006 Originele bestandsnaam: C:\System Volume Information_restore{AE2A05D5-0BFF-4A26-84F5-38FD9C43AE12}\RP30\A0002258.exe Bestandscategorie: 1
And this I found, in according with viruses, when I searched in ‘documents and settings’ on my pc:
C:\WINDOWS\system32\kernel32.dll Bestandscategorie: 0
BestandsID: 0000000002 Originele bestandsnaam: C:\WINDOWS\system32\winsock.dll Bestandscategorie: 0
BestandsID: 0000000003 Originele bestandsnaam: C:\WINDOWS\system32\wsock32.dll Bestandscategorie: 0
BestandsID: 0000000004 Originele bestandsnaam: C:\Documents and Settings\Bremer\Local Settings\Temp\p2psetup.exe Bestandscategorie: 1
BestandsID: 0000000005 Originele bestandsnaam: C:\Documents and Settings\Bremer\Local Settings\Temporary Internet Files\Content.IE5\8ZNFM85H\p2psetup[1].exe Bestandscategorie: 1
BestandsID: 0000000006 Originele bestandsnaam: C:\System Volume Information_restore{AE2A05D5-0BFF-4A26-84F5-38FD9C43AE12}\RP30\A0002258.exe Bestandscategorie: 15-10-2006 2:31:50 1160008310 Bremer 2444 Sign of “Win32:Lineage-197 [Trj]” has been found in “C:\Documents and Settings\Bremer\Local Settings\Temp\p2psetup.exe[UPX]” file.
5-10-2006 2:33:41 1160008421 Bremer 2444 Sign of “Win32:Lineage-197 [Trj]” has been found in “C:\Documents and Settings\Bremer\Local Settings\Temporary Internet Files\Content.IE5\8ZNFM85H\p2psetup[1].exe[UPX]” file.
5-10-2006 2:41:30 1160008890 Bremer 2444 Sign of “Win32:Lineage-197 [Trj]” has been found in “C:\System Volume Information_restore{AE2A05D5-0BFF-4A26-84F5-38FD9C43AE12}\RP30\A0002258.exe[UPX]” file.
I hope this is some or enough information.
I read in this posting that it is a good idea to dowload Zone Alarm. I am planning to do that.
I myself downloaded, from a link on a page from Avast!: Spybot search and destroy.
I think that’s a good program as well:-)
I would like to hear your opinion:-), about this:-)
Thank you!
These files seem to be on the System folder of the Chest, i.e., they’re there for backup purposes.
Maybe Bestandscategorie: 0 means exactly this.
Very good program. No conflicts with avast.
I think the three files Tech mentioned may well be the protected copies of system files which avast! stores in the chest.
p2psetup[1].exe is a P2P adware file. Some P2P networks come bundled with adware/spyware and are best avoided.
See here:
http://www.spybot.info/en/articles/infected_and_clean.html
The files detected seem to be in temp files and System Restore files.
To delete temp files, try using CleanUp:
http://www.stevengould.org/software/cleanup/
I also suggest you run Spybot and also Ad-Aware and a-Squared free to check for traces of adware:
http://www.download.com/3000-2144-10045910.html
http://www.emsisoft.com/en/software/free/
To remove files in System Restore, you will need to temporarily disable System Restore and then turn it back on again, as described here:
http://www.pchell.com/virus/systemrestore.shtml
and here:
http://antivirus.about.com/od/windowsbasics/a/systemrestore.htm
Thank you all, very very much, for the good reply’s, which will help me a lot!
As soon if I have the time I’m gona read them!
Satine.
!