win32trojano-177

HELP!! I need a step by step to get rid of this trojan it pops uo only when I want to play a game on msn games it says its a virus I have been going on line to play this game and this has never happened before…I know its really not a virus…how can I get rid of this and stop avast for picking up this file as a virus. :frowning:

Hi monalee2,

This thread deals with this problem win32trojano, using the Search tool in this forum can be very helpful.

You should also look at General Advice&Tools for virus/trojan/malware removal.

HTH David

:cry: I have spent hours I have done everything possible I took your advice…the only thing I havn’t done is uninstall avast…I wonder how suzzanah made out with her trojan I know something about computers but I’m still in trouble here someone help pleazzzzzzzzzeee

Hi Monalee,

help us to help you…:
please reread the topic linked by david,
answer theose questions here, and tell us exactly WHAT you did and with what results…

e.g.:

what WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!

Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ?

test the file with OnlineScanners e.g. from Trend, RAV & KAV to get a more specific name. You need to temporarily pause AV-ResidentShield/Monitor/Guard to be able to scan the file online

What did ad-aware, SPYBOT & CWSHREDDER find ?

did you secure your WIN & IE ?
otherwise it might just always ome back again…
and please post the hijackthis-Log

Avast found win32:Trojano-177 on my PC too, on 6-22-04:
It was detected in:

  1. C:\WINDOWS\Downloaded Program Files\popcaploader.dll
  2. C:\Program Files\HJT\backup-20040309-204429-273.dll

During repair, I got the following messages:

  1. popcaploader.dll [L] win32:Trojano-177[Trj] (0) during file repair error occurred: file not repaired.
  2. backup-20040309-204429-273.dll [L] win32:Trojano-177 [Trj] (0) file successfully repaired.

Online scans at Panda and Trendmicro, plus updated spybot S&D, adaware, and CWSshredder all find nothing. I use XP Home Edition-SP1, all updates installed. Please let me know if this is a false positive or an as-yet unknown trojano variant…
???
Thanks in advance!
cyberdelicat (running Avast free/home edition with latest build)

To all concerned, after following instructions as to how to get rid of trojano-177 nothing worked so I simply uninstalled Avast and reinstalled, this solved my problem…

Thanx monalee… not sure why the mods didn’t respond… ::slight_smile:

Google shows this Ad-Aware report:
“[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = h**p://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab”

and it doesn’t seem to be malicious (RAV & KAV don’t complain either…)

So (if a VPS-Update !! doesn’t help):

  • like said in the linked advice, please send the file to virus@avast.com , best in password-protected ZIP- or RAR-archive
  • include archive-password, and problem description and/or link to this topic in the mail text; clearly state that you suspect a “false positive” :wink: