Win32:Trojano-281[Trj]

Viruses and worms
1

The resident scanner alerted me.

With a “ggnjkrzc.exe” in C:\DOCUME~1\ELLE\LOCALS~1\TEMP. Infected with Win32:Trojano-281[Trj].

After that, I stopped what I was doing and did a thorough scan. Came up with 484DDDCAd01 in C:\Document and Settings\Elle\Application Data\Mozilla\Firefox\Profiles\Default.f19\Cache
Infected with Win32:Trojano-281[Trj].

I’ve moved said files to the Virus Chest.
After the thorough scan I did a scan with Housecall, it came up with nothing. I ran Spybot, nothing. I also restarted and ran HijackThis. I used their online log file analyser, nothing.

I’ve done a Google search on “ggnjkrzc.exe”, and I couldn’t find anything.

I think I just got this thing from going to a web page, grr!

I was wondering if there is anything else I need to do, other than delete them? And do any of you know what this is?

Edit: OS is Windows XP with SP2

2

Try repairing them and if that doesnt work go to http://virusscan.jotti.dhs.org/ and submit those .exe files then mabey delete them (im not a virus expert :-[ )
Watchthisspace

3

Hmm… How to you upload them to that site if they’re in the chest?

Also, I’ve done a trojan scan at windowsecurity. It said it couldn’t scan C:\ System Volume Information, access was denied.

4

When viewing Event viewer with WinXP home sp2, I found this entry under Anti Virus:
Date 10/9/2004 Source Avast
Time 1:15:04 A.M. Category Client
Type: Warning Event ID 90
User: NT Authority\System Description. Sign of “Win 32:
Trojano-28 [trj] has been found in C:\Documents and
Settings\Greg\Application Data\opera\opera 75\profile\cache4\oprOOCHB.exe” file.
I have scanned with Avast 4.1.418, 0442-0 found nothing. Have used Ad-Aware SE 1.05, found nothing, used latest version of ewido security suite found nothing, latest version of a2, nothing. Used SpyBot S&D vs. 1.3.found nothing. Also used windows security.com/trojan scan on line/Trojan scan .asp, found nothing. I am wondering if this entry in my Windows “Event Viewer” is a false positive? Any information about this would be appreciated. Thanks in advance. :slight_smile:

5

Look at the location Neal. It was in the cache. (temporary file) Emptying the cache has most likely delete it already.

6

Hi Eddy, Okay, thanks for the info. I should have realized that but didn’t. Appreciate you pointing that out to me. :slight_smile:

7

I keep getting this virus popping up like every other day. It’s always in the C:/Windows/Temp folder and it has a different name every time. The last one was O8OYOQQUH.exe and they always try to install default.exe. Avast catches it and sometimes freezes the comp, other times it lets me delete it.

I’m guessing that these are coming off the internet, though I only use Mozilla for web browsing and usually only go to the same websites each day. I have a firewall in the router and I would hope that it would catch it. If it’s not off a webpage, then where is this thing located in my comp and how can I stop it?

OS: 98SE

8

Hi,

this is probably aggressive Spy-/Adware:
VGREP

A Full thorough/archive scan with Uptodated avast doesn’t find any other malware… ?

Work through the link “VirusRemoval” below in my sig and then:

  • try to remove it with AD-AWARE & SPYBOT
  • post a hijackthis-Log here afterwards
  • secure your Browser & system better

:wink: