system
October 1, 2004, 3:25pm
1
I’m new to the boards, and I’m onyl 15 so I don’t have a 100% understandign on how to do things. I use Windows ME.
Win32:Trojan-gen. {Other}
I poped Trojan-gen into a McAfee thing and it gave me these stats:
"BackDoor-RS
There are several variants of this trojan, and the specific actions taken are decided by the hacker who uses this trojan, so this description is a general guide.
All it seems ot be doing is making 3 different kinds of pop ups coem up every 3 minutes or so.
I got it with aobut 6 other viruses, but they seem to be cleaned. At the end of each scan, it says “This while is deleted successfully” but every tiem I scan again, it’s detected. I went to Properties on My Computer, ect and Disabled system restore and cleaned it, and it didn’t fix the problem. Ad-aware is also picking it up as a Spyware but it can’t clena it either.
If oyu need some kind of info or what ever I’ll be chekcign back often. Any help is appreciated.
Eddy
October 1, 2004, 3:35pm
2
That is a false positive caused by system restore. If you disable system restore and reboot the problem will be solved.
Eddy
October 1, 2004, 4:28pm
4
No problem, glad to see it is solved. Live long and safe now
system
October 1, 2004, 4:43pm
5
kind of off topic but I sitll get the pop ups every 2-5 mintues now, and I scanned for Spyware/viruses twice ( I scan every night out of habit too, XD) and I didn’t find anything. Is there anything that you know of that isn’t considered a virus that may be related to the thing I had?
I also had a couple of the spyware “Ezula” that I heard cannot be fully fixed. If there’s nothin I can do Ima just completely reboot the comp to factory state since all I use my PC for is an MMORPG, altohugh I’m not sure if I’ll ahve problems wiht my DSL sicne I never restarted with it before.
Eddy
October 1, 2004, 4:50pm
6
Hold on. Most problems can be fixed without the need of a clean install. Click on the link in my signature and follow all steps on that page. And if you don’t use it also disable the windows messenger service url=http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx [/url]
Let us know if you still have problems after doing so. Take your time to read and do it. No need to rush, better slow and safe than fast and sorry.
system
October 1, 2004, 4:55pm
7
After a quick look over on windows messenger service link, I notice it’s all XP, so will that apply to me since I use ME?
Eddy
October 1, 2004, 5:06pm
8
Nope, skip that part. On windows 98(se) and ME you can’t disable it. A little mistake from me. I forgot that you use ME. Sorry
system
October 1, 2004, 5:26pm
9
I had Ad-Aware and Avast AntiVirusus already. I downloaded Hijackthis and Spybot S & D, and S&D is runnign atm. What should I do after running Highjackthis?
Eddy
October 1, 2004, 5:26pm
10
Post the log here and let us have a look at it.
system
October 1, 2004, 5:32pm
11
Logfile of HijackThis v1.98.2
Running processes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 http://www.tibia.com/ http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home @msdxmLC.dll ,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXhttps://www.spydeleter.com/order2.php?KBID=1062 (file missing)http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
Eddy
October 1, 2004, 5:50pm
12
I’m sorry to say but your system is infected with malware.
\windows\rundll.exehttps://www.spydeleter.com/order2.php?kbid=1062 (file missing)mcafee.com updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
Nothing found.
o4 - hklm..\run: [loadqm] loadqm.exe
and HERE is what the online analyzer says about it.
Fix the items that are reported as bad.
system
October 1, 2004, 5:59pm
13
Thank you. Can I post the Hijackthis log liek once a week (every other week) or so? And if so what should the topic title be? XD. It may be better to PM so it won’t spam up the forum.
Eddy
October 1, 2004, 6:08pm
14
No need to do so, just follow the steps as described on the page in my signature once in a while and you will be pretty safe.
system
October 1, 2004, 8:35pm
15
Oen problem I came across after getting the same pop up over and over…
o9 - extra button: your pc is infected with spyware - click here to fix your pc - {fb74c951-aca1-4e33-a94c-a9261eb2ccb7} -
That wont delete. i tried again to kill it but every tiem I scan it’s still there.
Eddy
October 1, 2004, 8:36pm
16
Try it in safe mode. Let us know if that is working.
system
October 1, 2004, 8:39pm
17
How do i get safemode on ME?
Eddy
October 1, 2004, 8:46pm
18
Start your system, press F8 before windows loads, and from the menu, choose safe mode.
system
October 1, 2004, 8:50pm
19
Just adding to Eddys answer
With some computers if you press and hold a key as the computer is booting you will get a stuck key message as the computer is booting. If this happens just tap the “F8 key” continuously until you get the startup menu.
–lee
system
October 1, 2004, 9:16pm
20
Safe mode didn’t do any good. I scanned on Ad-Aware again and got htis:
VX2 File Malware c:_RESTORE\TEMP\CNYPTDLG.0
It says Ad-aware will scan at reboot but it’s nto scanning, it usually does whe it syas this. I tried redoing the Turning off system restore thing but I don’t know…
And here’s my log file for HJTL
Logfile of HijackThis v1.98.2
Running processes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 http://www.tibia.com/ http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home https://www.spydeleter.com/order2.php?KBID=1062 (file missing)http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home
