Hi everyone, S&D keeps detecting this spyware called "Torpig" which can apperently get my bank details like pin/password and my account number, but it can't delete it. Keeps coming up with an error message. Has anyone come accross this before? Any ideas how I can get rid of it?

Thanks,
Alex

What is the error message you are getting?

Also it would be helpful if you posted the actual detection you are getting. To do that:
Run another scan/fix.
When the scan/fix completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
If the error is preventing Spybot from attempting to do the fix, than just run a scan and copy and post the scan results as outlined above.

I found this post because I was in the search when I was having the exact same problem. Torpig apparently is a very nasty trojen that is capable of keylogging, remote controlling, compromising, repopulating itself, adding other malware and even preventing Antivirus software to work. I am trying to remove it from a clients computer and would really appreciate some help (without reformatting the hard drive). Keep in mind that if you are infected with this trojan you should immediately dissconnect yourself from the internet, which makes getting rid of it a little bit harder.

I have a screenshot of the error from Spybot S&D as well as the log:

http://i7.photobucket.com/albums/y258/trunker76/error2.jpg

http://i7.photobucket.com/albums/y258/trunker76/error1.jpg

Unfortunately, the log is too big to post so I will have to do it in several threads, and I am out of time today. I will be back tomarrow!

trunker:

If the report is too long to post, you most likely selected the wrong option. You should select "Copy results to clipboard" not "Copy full report to clipboard"

_____________

re: The following message:


Warning

There were problems in the include file C:\Program Files\Spybot – Search Destroy\Indudes\Trojans.sbi See 'Include errors.log' for details.
You need the TCP/IP plugin with the new rule set included in beta updates on 2007-06-06 and regular updates starting on 2007-06-13 or else you will get the above error.

The TCP/IP settings plugin enables Spybot to use new rules which can detect IP addresses entered by malware and exchange them with non harmful entries.

To download and install the TCP/IP plugin you either have to:
Download the following update using the integrated update facility:
TCP/IP Settings plugin - !TCP/IP Settings plugin (65 KB) - 2007-06-06

--- or (if you do not use the integrated update facility) ---


Download and execute the following item from the Downloads (http://www.spybot.info/en/download/index.html) Web page:
TCP/IP Plugin 1.0 - product description - product description
md5: 7FD95B7E814EA2F56AEACE3613B4A0E9

This adds capabilities to find and replace malicious network settings. Only needed if you do not want to use the update function integrated into Spybot-S&D.

Thanks, that fixed the error. However Torpig was still unable to be removed. Here is the Results Log:

Torpig: Temporary file (File, fixing failed)
C:\WINDOWS\Temp\$_2341234.TMP

Torpig: Temporary file (File, fixing failed)
C:\WINDOWS\Temp\$_2341233.TMP


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-11 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-11 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-11 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-11 Includes\HijackersC.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-07-11 Includes\Malware.sbi (*)
2007-07-11 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-11 Includes\PUPSC.sbi (*)
2007-07-11 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-11 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-11 Includes\SpybotsC.sbi (*)
2005-02-16 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi (*)
2007-07-11 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

Did you tried to boot computer in Safe Mode ?
If you want to boot in Safe Mode, do the next:
1. Restart the computer.
2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
3. Instead of Windows loading as normal, a menu should appear. Select the first option, to run Windows in Safe Mode.
4. Open Spybot S&D while still in safe mode.
5. Close all browsers, check for problems and fix everything found in red.
6. Repeat until no more items are found in red.
7. Close Spybot-S&D.
8. Reboot back into Windows.

If that doesn't work, then:
1.Read this thread:"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
2.Create a thread in Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22).

Did you tried to boot computer in Safe Mode ?
If you want to boot in Safe Mode, do the next:
1. Restart the computer.
2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
3. Instead of Windows loading as normal, a menu should appear. Select the first option, to run Windows in Safe Mode.
4. Open Spybot S&D while still in safe mode.
5. Close all browsers, check for problems and fix everything found in red.
6. Repeat until no more items are found in red.
7. Close Spybot-S&D.
8. Reboot back into Windows.

If that doesn't work, then:
1.Read this thread:"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
2.Create a thread in Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22).

Did that, but with no success... the files were removed but they always come back.
I will open a new thread now in the Malware section. Thanks!

Hello.

Apprantly you missed the malware forum sticky Tom.K posted above:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) ;)

Please follow the procedure there to produce the logs requested. Thanks.