PDA

View Full Version : Help with a strange trojan.



Phoenix_Fox2007
2008-04-20, 02:33
I don't have logs, but I have the names of the trojans.
They are: Trojan.virtumod.based Trojan.virtumod.240 and Trojan.virtumod.251

any help with these? they shut off my computer when I try to remove them, and it doesn't seem to have any strange services or background processes running I can remove from my registry manually. I can't find Any information on these trojans whatsoever.

shelf life
2008-04-20, 14:51
hi,

trojan vundo is a generic name for that family of trojans--- I could guess but a hjt log would be a better idea.
try this tool, post the log and a also a hjt log:

Please download Malwarebytes' Anti-Malware to your desktop:

http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

hjt:
see item number four for hjt at this link:
http://forums.spybot.info/showthread.php?t=288

shelf life

Phoenix_Fox2007
2008-04-20, 21:21
now that I know the generic name, i could probably find the entries in the registry XD well... a new problem has arisen.. on the infected computer, the device manager and network connection tools will not load... I've also lost internet connectivity ^^ isn't that fun?

shelf life
2008-04-21, 01:14
hi Phoenix_Fox2007


find the entries in the registry
malware can drop files all over your computer.


I've also lost internet connectivity
a good thing because malware wants a working internet connection, to send you pop ups, download more trojans, remote access, bounce spam, etc

shelf life

Phoenix_Fox2007
2008-04-22, 01:04
There are DLL files running the trojan, of course. Now, i am just going to give up. I've been locked out of my workstation, on both MY administrator account and Safe mode's. Somehow, a blank password has been added, and when I log in... "Windows could not log you in due to an access restriction"

shelf life
2008-04-25, 01:15
hi Phoenix_Fox2007,

are you able to get connectivity yet? where you able to get malwarebytes?