Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!  
Forum Quick Jump
 
New Topic Post reply to : Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!! Printable version of : Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
[ << Previous Thread | Next Thread >> ]

Eclipse86
New Member


Date Joined Jun 2008
Total Posts : 1
  		   Posted 6-5-2008 6:07 (GMT +2)    Quote: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!Alert an admin about: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
Hey guys, so I recently got one of my files infected with a Trojan (used Avast Antivirus to scan). Similar to the one in this thread
http://forumserver.t!!!lustwo.com/showthread.php?t=216676

it infected the file "c:\poker\noiq poker\_setuppoker.exe"


Here is the message I received from Avast after performing a full system scan:


Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Poker\NoIQ Poker\_SetupPoker.exe" file




I was unable to repair the file, so I opted to delete it instead.



After that I restarted my computer and re-scanned and nothing else was infected.

My questions are, is the virus/trojan still lurking on my computer but just hasnt infected anything else yet?

If so is there a way I can get rid of it?

I'm getting really scared about this and is extremely scared to open any of my poker accounts for fear of my passwords getting stolen.

All help is appreciated.

Also I downloaded HiJackThis and ran a scan, here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:30 PM, on 6/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2715683108-1705201158-197556394-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6513 bytes



If someone could decipher this log file and let me know if theres anything wrong with it/if im still infected, and what I could do that would be great. As im sorta going a bit paranoid here.


I also ran the Online Virus Scanner with Kaspersky and here are the results:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 11:36:15 PM
Operating System: Microsoft Windows Vista, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 830149
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 77542
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:16:59

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files (x86)\PostgreSQL\8.3\data\pg_log\postgresql-2008-06-04_214141.log Object is locked skipped
C:\ProgramData\comodo\common\db\sigsdb.db Object is locked skipped
C:\ProgramData\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.32.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.32.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX .000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.Ntfy7.gth r Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf75CA.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf75CB.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-073608.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Logs\Dfsr00005 .log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\dfsr.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\fsr.log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\fsrtmp.log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\tmp.edb Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_1024.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_256.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_32.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_96.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_idx.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_sr.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\H istory\History.IE5\MSHist012008060420080605\index. dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\T emporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat.LOG1 Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat.LOG2 Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TM.blf Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Defender\FileTracker\{7FEE989B-D4AD-4699-B186-128C47CCA473} Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Live Contacts\mkc_cm@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Live Contacts\mkc_cm@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF26F5.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF27D5.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF2D47.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF4EDD.tmp Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Microsoft\Windows \Cookies\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\cert8.db Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\formhistory.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\history.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\key3.db Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\parent.lock Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\search.sqlite Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\webappsstore.sqlite Object is locked skipped
C:\Users\Carlton\NTUSER.DAT Object is locked skipped
C:\Users\Carlton\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Carlton\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat.LOG1 Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat.LOG2 Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TM.blf Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\postgres\NTUSER.DAT Object is locked skipped
C:\Users\postgres\ntuser.dat.LOG1 Object is locked skipped
C:\Users\postgres\ntuser.dat.LOG2 Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TM.blf Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.



As you can see there are a bunch of locked files that didn't get scanned by Kaspersky. Could this be the result of the Trojan?[url]
Back to Top
 

Dragan
New Member


Date Joined Jun 2008
Total Posts : 10
  		   Posted 7-13-2008 2:20 (GMT +2)    Quote: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!Alert an admin about: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
Just use demand a scan on turning on pc option or smth like that and if it finds anything use option '6' (move all to virus chest) that is like quarantine and when u turn on ur pc he will be in virus chest and it won't be able to run/execute it self from there and just delete him.
Back to Top
 

Dragan
New Member


Date Joined Jun 2008
Total Posts : 10
  		   Posted 7-13-2008 2:27 (GMT +2)    Quote: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!Alert an admin about: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
Umm btw i just saw program u have called 'spybot seach & destroy'
That is virus bundled with that program...it isn't actually a AV.U got window pop-ups before right ?It said u have some viruses yada yada...but it prompts a user to download it as they are sure it is AV for removing viruses but it is virus it self and that how he downloads arbitary files and other malicious software programs.Maybe that's how u got Trojan-gen (other).
Once i tested vundrop virus (vundo family virus) and he downloaded trojan-gen(other)...that trojan is probably downloaded by other virus.
Just use a demand a scan when turning on pc option and use option '6' as wroten above.Good luck
Back to Top
 

xPreatorianx
New Member


Date Joined Jun 2008
Total Posts : 3
  		   Posted 7-17-2008 10:57 (GMT +2)    Quote: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!Alert an admin about: Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
Sorry Did not read the rules Like I should have done!

Post Edited (xPreatorianx) : 17-07-2008 22:29:46 GMT

Back to Top
 
New Topic Post reply to : Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!! Printable version of : Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!
 
Forum Information
Currently it is Saturday, October 11, 2008 12:05 AM (GMT +2)
There are a total of 62.715 posts in 15.645 threads.
In the last 3 days there were 40 new threads and 108 reply posts. View Active Threads
Who's Online
This forum has 26696 registered members. Please welcome our newest member, sreenath22.
38 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Computer problem (4)10-10-2008 21:56:23 (sher87)
Sony Ericsson w350i is infected with New Folder.exe virus (0)10-10-2008 19:49:00 (sreenath22)
Wholesale jordan1-23 shoes,shirt,polo,evisu,duck,ugg,gucci,coogi,coach handbag (0)10-10-2008 19:20:31 (mytrader)
Joran shoes (0)10-10-2008 19:18:09 (mytrader)
Wholesale jordan,nike,ugg,gucci,coogi,evisu,polo,duck,shoes,jeans,clothes (0)10-10-2008 19:10:36 (mytrader)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard