Win32:Trojano-620 and Win32:Trojan-gen

Viruses and worms
1

Hi team,

Thanks for running this forum and helping us all with these virus problems.

My laptop stopped accepting incoming email, and then stopped all connections over the LAN. I reinstalled some hardware and drivers, and got it talking to the Net long enough to download a copy of avast 4.5 (thanks again). then started it up.

Infections included one copy of Win32:Adware-Superlogy (is this spyware?)at this address

c:\windows\system\acantx.dll

and two copies of Win32:Trojano-620 at these addresses:

c:\windows\system\tvmk21.dll
c:\windows\system\tvm_b5_bundle_21.exe

then the avast software froze. When I rebooted, it found that memory was infected, fixed that, and went on to locate copies of Win32:Trojan-gen at these addresses

c:\windows:\bxxx5.dll
c:\windows\temp\bundle.exe
c:\windows\temp\DelA395.tmp

The scanning is past the windows directory now, so I’m probably past the worst of it… :-\

All this stuff got past Norton Antivirus!! >:(

I’ve found very little about the Trojano-620 virus so far, except that it’s part of a group that’s called Backdoor by Symantec, and which includes some pretty malicious stuff.

What can you tell me about steps to take (after the Chest), and what the Trojano and Superlogy viruses do?

Thanks. :slight_smile:

2

If you have a NT based system (XP/2k/2K3/NT), I suggest you run a boot time scan and delete those infected files. They definatly do not belong on your system.

3

Sorry, forgot to mention, it’s Win98SE with all the upgrades.

4

In that case I suggest a full system scan in safe mode.
Settings:

  • thorough scan
  • archive scanning enabled.

When the scan is done, also run Ad-Aware and Spybot s&d.

5

Can do. Is it enough to chest or repair thes files? So far, do you think these files served any useful purpose before?

And secondly, what kind of damage do these viruses lead to, like stolen passwords, etc?

Thanks…

6

Since even google has nothing the files you mentioned, it (imo) is safe and recommended to delete them.

Yes, trojans are nowadays many times created to steel passwords.
I suggest you change all the passwords you use. You should do that on a regular base anyway.

7

Many thanks. :slight_smile: