New to BullGard and to Trojans - Free Antivirus Forum

New to BullGard and to Trojans

BullGuard Antivirus Forum > Virus > Virus Questions > New to BullGard and to Trojans

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 6-22-2004 6:49 (GMT +1)

I just bought BulGard and ran a full hard drive scan and found the following in my vscan and vscript. How can I get rid of the following Trojans? rolleyes

From vscan the following are a problem.

C:\Documents and Settings\Magic\Local Settings\Temp\optimize.exe=>(Upx) Infected Trojan.Downloader.Dyfuca.BQ
C:\Documents and Settings\Magic\Local Settings\Temp\optimize.exe=>(Upx) Disinfection failed - Trying second action
C:\Documents and Settings\Magic\Local Settings\Temp\optimize.exe
C:\Documents and Settings\Magic\Local Settings\Temp\whenu.exe Infected Trojan.Adware.Whenu.B
C:\Documents and Settings\Magic\Local Settings\Temp\whenu.exe Disinfection failed - Trying second action
C:\Documents and Settings\Magic\Local Settings\Temp\whenu.exe Moved
C:\Down Load Files\Current Downloads\VBTrojanTutorial.zip Infected Backdoor.Subseven.22.A
C:\Down Load Files\Current Downloads\VBTrojanTutorial.zip Disinfection failed - Trying second action
C:\Down Load Files\Current Downloads\VBTrojanTutorial.zip Moved
C:\DownLoaded Games\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Infected Trojan.Dialer.AF
C:\DownLoaded Games\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Disinfection failed - Trying second action
C:\DownLoaded Games\Realwarroguestates.exe Infected Win32.Jeefo.A
C:\DownLoaded Games\Realwarroguestates.exe Disinfected

C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Infected Trojan.Spy.Kbman.A
C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Disinfection failed - Trying second action
C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Move failed
C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Infected Trojan.Spy.Kbman.A
C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Disinfection failed - Trying second action
C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Move failed
C:\Program Files\Common Files\updmgr\rvupdmgr.exe Infected Trojan.Downloader.KeenValue.A
C:\Program Files\Common Files\updmgr\rvupdmgr.exe Disinfection failed - Trying second action
C:\Program Files\Common Files\updmgr\rvupdmgr.exe Moved
C:\Program Files\Common Files\updmgr\simgr.exe Infected Trojan.Downloader.KeenValue.C
C:\Program Files\Common Files\updmgr\simgr.exe Disinfection failed - Trying second action
C:\Program Files\Common Files\updmgr\simgr.exe Moved
C:\Program Files\Common Files\updmgr\updmgr.exe Infected Trojan.Downloader.Keenval.E
C:\Program Files\Common Files\updmgr\updmgr.exe Disinfection failed - Trying second action
C:\Program Files\Common Files\updmgr\updmgr.exe Moved
C:\Program Files\Games\Delta Force - Land Warrior\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Infected Trojan.Dialer.AF
C:\Program Files\Games\Delta Force - Land Warrior\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Disinfection failed - Trying second action
C:\Program Files\Games\Real War Rogue States\Realwarroguestates.exe Infected Win32.Jeefo.A
C:\Program Files\Games\Real War Rogue States\Realwarroguestates.exe Disinfected
C:\WINDOWS\svchost.exe Infected Win32.Jeefo.A
C:\WINDOWS\svchost.exe Deleted

BTW, what does "Password Protected" mean?? eyes

From vscript the following are a problem.

c:\program files\bullguard\infected\whenu.exe   infected: Trojan.Adware.Whenu.B
c:\program files\bullguard\infected\whenu.exe   infected: Trojan.Adware.Whenu.B
c:\program files\bullguard\infected\whenu.exe   infected: Trojan.Adware.Whenu.B
c:\program files\bullguard\infected\vbtrojantutorial.zip   infected: Backdoor.Subseven.22.A
c:\program files\bullguard\infected\vbtrojantutorial.zip   infected: Backdoor.Subseven.22.A
c:\program files\bullguard\infected\vbtrojantutorial.zip   infected: Backdoor.Subseven.22.A
c:\program files\bullguard\infected\vbtrojantutorial.zip   infected: Backdoor.Subseven.22.A
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.C
c:\program files\bullguard\infected\simgr.exe   infected: Trojan.Downloader.KeenValue.Cc:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.A
c:\program files\bullguard\infected\rvupdmgr.exe   infected: Trojan.Downloader.KeenValue.Ac:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.E
c:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.E
c:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.E
c:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.E
c:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.E
c:\program files\bullguard\infected\updmgr.exe   infected: Trojan.Downloader.Keenval.Ec:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe   infected: Win32.Jeefo.A
c:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe   infected: Win32.Jeefo.A
c:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe   infected: Win32.Jeefo.A
c:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe   infected: Win32.Jeefo.A
c:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe   infected: Win32.Jeefo.A
c:\system volume information\_restore{de0cccde-8715-4a49-93ea-cf416a4edf49}\rp184\a0061620.exe

Sorry for the long post, but I'm new to all of this and would very much like somene who knows enlighten me on this. confused

Than you very much,

magic email; MAGIC1521@HOTMAIL.COM

Destroyer
Trusted Member

Date Joined Mar 2004
Total Posts : 245

Posted 6-22-2004 11:05 (GMT +1)

Its possible to delete trojans because they run as a program on thier own. Password Proected is basically a encrypted file that will not open unless a password is given. Password protection may be used for some password protected files are files in quarantene by other ad/virus removal programs.

Kyra <3
New Member

Date Joined Jun 2004
Total Posts : 6

Posted 6-24-2004 9:09 (GMT +1)

Haha. Was that your first scan? I know exactly how you feel.....ugh...I had like 30 viruses when I started scanning. Those are some pretty nasty trojans :P If bullgaurd caught it you should be okay ;D

Kyra <3
New Member

Date Joined Jun 2004
Total Posts : 6

Posted 6-24-2004 9:10 (GMT +1)

By the way, turn of system restore. And THEN delete the viruses. IF ytou dont turn off system restore they'll just write themselves again :P

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 6-24-2004 10:47 (GMT +1)

Thanks for responding y'all! I still confussed. freaked

Most of then say "Disinfection Failed"? Then it will say "Moved'?? MOVE WHERE!!?? smhair

Are these Trojans gone or not? If not, Just how can I get rid of them? I mean, off my system permantly!

THANKS FOR YOUR HELP,

Magic

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 6-24-2004 10:52 (GMT +1)

Just how do I "Turn Off System Restore"? confused

Then how do I delete the Trojan without deleting the entire file? freaked

And how do I turn "System Restore" back on again? sad

Destroyer
Trusted Member

Date Joined Mar 2004
Total Posts : 245

Posted 6-26-2004 10:54 (GMT +1)

In system restore ( start > all programs > access > sys tools > sys restore > ) go into options, and turn it off, reboot the computer and then you can turn it back on. ( this is Me and XP only )

Its gone into quarantene ( its safe ) You can delete it in bullguard

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 6-27-2004 4:39 (GMT +1)

What is the quarentine file called?

How do I delete the Trojan in BullGuard?

If I delete the Trojan, will the file be deleted also? smhair

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 6-27-2004 6:56 (GMT +1)

Magic,

quarantine is where the file has been moved, as far as will it delete the entire file most virus' tend to piggy back so probably not.you get to quarentine by opening bullguard, click on antivirus, across the top you find tabs one if them says quarintine click on it, highlight whats there and delete. it's that simple. BTW as far as turning sys restore back on you really don't have to virus' also tend to write themselves in there so you can leave it off. after that do a disk clean with restore on so you can remove all restore points then turn it off and restart. If I were you I would also download ad aware for spyware ok?

Eagle

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 6-27-2004 6:57 (GMT +1)

in XP the easiest way is thru the control panel not sure of ME.

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 7-28-2004 3:04 (GMT +1)

Hi Guys,

I’m still having problems understanding all of this Trojans and Viruses stuff!

I did a Antivirus Scan with BullGuard and found I had 54 infected files.

I had the "SYSTEM RESTORE" turned off before I ran the scan.

I’ve been told by email by another user that BullGuard DOES NOT

fix the files that contains Trojans and or Viruses. I hope this is not the fact. That would

be very disappointing as it would make BullGuard worth practically nothing!

One virus was detected and deleted.

But the rest, were not! It seems that BullGuard DID NOT Quarantine these Trojans /Viruses.

QUESTIONS:

If not Quarantined, HOW can I delete them?

If they were Quarantine, just where WERE they Quarantined at?

And HOW can I delete these Trojans /Viruses?

Also, Can the file in which they were found be saved and used?

The results are as follows from Vscan.log.

C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Infected Trojan.Spy.Kbman.A

C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Disinfection failed - Trying second action

C:\Kelly' PSC Downloads\Downloaded VB Routines\improved_Keylogger.zip=>VBKeyboardHook.dll Move failed

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Infected Trojan.Spy.Kbman.A

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Disinfection failed - Trying second action

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Move failed

C:\Program Files\BullGuard\Infected\istbar.dll Infected Adware.RBlast.DLL

C:\Program Files\BullGuard\Infected\istbar.dll Disinfection failed - Trying second action

C:\Program Files\BullGuard\Infected\istbar.dll

C:\Program Files\BullGuard\Infected\istsvc.exe=>(Upx) Infected Trojan.IstSvc.A

C:\Program Files\BullGuard\Infected\istsvc.exe=>(Upx) Disinfection failed - Trying second action

C:\Program Files\BullGuard\Infected\istsvc.exe

C:\Program Files\Games\Delta Force - Land Warrior\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Infected Trojan.Dialer.AF

C:\Program Files\Games\Delta Force - Land Warrior\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Disinfection failed - Trying second action

Statistics

Scan path : C:\

Folders : 6449

Files : 372716

Archives : 7778

Packed files : 13911

Identified viruses : 4

Infected files : 6

Warnings : 0

Suspect files : 0

Disinfected files : 0

Deleted files : 0

Copied files : 0

Moved files : 0

Renamed files : 0

I/O errors : 27

Scan time : 02:10:59

Scan speed (files/sec) : 47

Virus definitions : 87927

Scan plugins : 12

Archive plugins : 36

Unpack plugins : 3

Mail plugins : 6

System plugins : 1

Scan options

Detection

[X] Scan boot sectors

[X] Scan archives

[X] Scan packed files

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Copy to quarantine

[ ] Move to quarantine

[ ] Rename

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[ ] Copy to quarantine

[X] Move to quarantine

[ ] Rename

[ ] Prompt user

Scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: vscan.log

[ ] Append to existing report

Can someone PLEASE give me a step by step advice on just how to handle this?

Also, where can I download "Ad Aware for Spyware"????

Thanks,

Magic

HelpMe!plz
New Member

Date Joined Jun 2004
Total Posts : 21

Posted 7-28-2004 10:03 (GMT +1)

Thats a lot of keyloggers. Those are seriously scary since they steal all your passwords and stuff.

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 7-28-2004 1:27 (GMT +1)

send your logs to support@bullguard.com they can help . as far as the ad-aware 6 goes just do a google search it will come up with the websites for the free download.
Eagle

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 7-29-2004 3:34 (GMT +1)

Is there any way for me to delete a Trojan that BullGuard can not delete or move to quarantine? confused

Please see below!

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Infected Trojan.Spy.Kbman.A

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Disinfection failed - Trying second action

C:\Kelly' PSC Downloads\Downloaded VB Routines\Matt_Keylogger_Setup_Program.zip=>Keylogger Setup/VBKeyboardHook.dll Move failed

Thanks for your help, smile

Magic

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 7-29-2004 4:06 (GMT +1)

Do you know how to play in the regedit?
if you do then you can go in there and delete them. If not then if I were you I would stay out.

Eagle

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 7-29-2004 4:29 (GMT +1)

Hi Eagle,

It's been a while but if you could give me instructins I think I could do it! yeah

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 7-30-2004 2:03 (GMT +1)

Not a prob magic,

First go to start, then to run, click on it, when the window pops up type in "regedit" when the regedit pops up, go to the edit key click it highlight find click it, when that window comes up type in "keylogger" that should make them pop up then you simply delete them one file at at time. you will probably not be able to delete the dll files but that's how I would try.

Eagle

eagle
Senior Member

Date Joined May 2004
Total Posts : 805

Posted 7-30-2004 2:03 (GMT +1)

make sure the restore is off.

Eagle

magic
New Member

Date Joined Jun 2004
Total Posts : 8

Posted 7-30-2004 10:44 (GMT +1)

Hi again Eagle,

I tried to find the Trojan in the REGEDIT but cold not!? mad

I did manage to isolate the entire file in a folder I called

C:\Temp Virus. But I can't seem to get rid of the Trojan!

BullGuard can't disinfect or quarantine it at all. cry

Any ideas? idea

Thanks,

Magic

Please see the vscan below.

//-----------------------------------------------------------------
//
// BullGuard report file
//
// Created on: 30/07/2004 17:34:19
//
//-----------------------------------------------------------------

Summary:

C:\TEMP VIRUS\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Infected Trojan.Dialer.AF
C:\TEMP VIRUS\Delta Force 3 CRACK (1).exe=>(ZIP Sfx s)=>go.exe=>(Upx) Disinfection failed - Trying second action

Statistics

Scan path : C:\TEMP VIRUS
Folders : 1
Files : 9
Archives : 2
Packed files : 1
Identified viruses : 1
Infected files : 1
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 0
Scan time : 00:00:01
Scan speed (files/sec) : 9

Virus definitions : 87928
Scan plugins : 12
Archive plugins : 36
Unpack plugins : 3
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Forum Information

Currently it is Saturday, November 22, 2008 3:03 PM (GMT +1)
There are a total of 64.053 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 156 reply posts. View Active Threads