PDA

View Full Version : ftpacc! GRRRR!



BlackDeath
2005-11-07, 19:09
Im having a problem removing this one! ftpacc.exe? Yesterday it was harddisk.exe and before that it was odbcdos.exe.?????? It changes its name daily! Hides in folders like fonts and prefetch. What is it and how can u get rid of it? Thanks!

SOME LOG EXAMPLES!
WinXP
11/7/2005 10:57:45 AM Denied value "*ftpacc" (new data: "C:\WINDOWS\system\ftpacc.exe rerun") added in System Startup global entry!
11/7/2005 10:37:56 AM Denied value "*harddisk" (new data: "") deleted in System Startup global entry!

11/7/2005 10:38:05 AM Allowed value "*sysdvd" (new data: "C:\WINDOWS\Tasks\sysdvd.exe rerun") added in System Startup global entry!
:mad:

tashi
2005-11-07, 22:58
Hi there and welcome to the forum. :)

1) Please make sure you have Spybot-S&D version 1.4
Uninstalling Previous Spybot-S&D (http://www.safer-networking.org/en/faq/27.html)
Spybot-S&D Version 1.4 Download (http://www.spybot.info/en/download/index.html)
Tutorial (http://www.spybot.info/en/tutorial/index.html)

2) Then run three on-line scans. (one at a time)

Bit Defender Virus Scan (http://www.bitdefender.com/scan/licence.php)

Trend Micro Online Scan (http://housecall.trendmicro.com/)

Mcafee Virus Scan (http://us.mcafee.com/root/mfs/default.asp?cid=9914)

Save any logs produced and report back here with details of what was found/removed please.

BlackDeath
2005-11-13, 21:02
This is what it is!

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\FTPACC.EXE
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system\ftpacc.exe

Thats from the bit defender scan. The file is identified as Trojan Vundo.381952.A

I have been to every forum known to man trying to rid myself of it. While Im not to computer savy I do know that it is ruining my online gaming experience. AVG does not recognize it as a virus because they say its spyware????????? PFFFT! Anyway how can I get rid of it?

Thanks again!:)

tashi
2005-11-13, 21:17
Hello.
Please go here and follow instructions to post a hjt log.
http://forums.spybot.info/forumdisplay.php?f=22

If you have already sought assistance at another site please give a link to the topic.

Cheers. :)

BlackDeath
2005-11-14, 00:32
Here is a link to a log for you !

http://forum.aumha.org/viewtopic.php?t=16590&sid=1154d8e562ba51bb95aa9d8a8e0d3621

All the bad stuff has been removed with the exception of the ftpacc!!!!

Thanks!:)

LonnyRJones
2005-11-14, 03:32
Hi

Continue there until cleaned up with PA Bear
Take the suggestion to disable tea timer