Results 1 to 8 of 8

Thread: cannot delete "Torpig"

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    1

    Default cannot delete "Torpig"

    Hi everyone, S&D keeps detecting this spyware called "Torpig" which can apperently get my bank details like pin/password and my account number, but it can't delete it. Keeps coming up with an error message. Has anyone come accross this before? Any ideas how I can get rid of it?

    Thanks,
    Alex

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    What is the error message you are getting?

    Also it would be helpful if you posted the actual detection you are getting. To do that:
    • Run another scan/fix.
    • When the scan/fix completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    If the error is preventing Spybot from attempting to do the fix, than just run a scan and copy and post the scan results as outlined above.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    9

    Exclamation I'm having the same problem!

    I found this post because I was in the search when I was having the exact same problem. Torpig apparently is a very nasty trojen that is capable of keylogging, remote controlling, compromising, repopulating itself, adding other malware and even preventing Antivirus software to work. I am trying to remove it from a clients computer and would really appreciate some help (without reformatting the hard drive). Keep in mind that if you are infected with this trojan you should immediately dissconnect yourself from the internet, which makes getting rid of it a little bit harder.

    I have a screenshot of the error from Spybot S&D as well as the log:





    Unfortunately, the log is too big to post so I will have to do it in several threads, and I am out of time today. I will be back tomarrow!
    Last edited by trunker; 2007-07-17 at 03:59.

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    trunker:

    If the report is too long to post, you most likely selected the wrong option. You should select "Copy results to clipboard" not "Copy full report to clipboard"

    _____________

    re: The following message:

    Warning

    There were problems in the include file C:\Program Files\Spybot – Search Destroy\Indudes\Trojans.sbi See 'Include errors.log' for details.
    You need the TCP/IP plugin with the new rule set included in beta updates on 2007-06-06 and regular updates starting on 2007-06-13 or else you will get the above error.

    The TCP/IP settings plugin enables Spybot to use new rules which can detect IP addresses entered by malware and exchange them with non harmful entries.

    To download and install the TCP/IP plugin you either have to:
    1. Download the following update using the integrated update facility:
      • TCP/IP Settings plugin - !TCP/IP Settings plugin (65 KB) - 2007-06-06


      --- or (if you do not use the integrated update facility) ---

    2. Download and execute the following item from the Downloads Web page:
      • TCP/IP Plugin 1.0 - product description - product description
        md5: 7FD95B7E814EA2F56AEACE3613B4A0E9

        This adds capabilities to find and replace malicious network settings. Only needed if you do not want to use the update function integrated into Spybot-S&D.
    Last edited by md usa spybot fan; 2007-07-17 at 07:54.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    9

    Unhappy

    Thanks, that fixed the error. However Torpig was still unable to be removed. Here is the Results Log:

    Torpig: Temporary file (File, fixing failed)
    C:\WINDOWS\Temp\$_2341234.TMP

    Torpig: Temporary file (File, fixing failed)
    C:\WINDOWS\Temp\$_2341233.TMP


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-07-11 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-07-11 Includes\Cookies.sbi (*)
    2007-05-30 Includes\Dialer.sbi (*)
    2007-07-11 Includes\DialerC.sbi (*)
    2007-07-11 Includes\Hijackers.sbi (*)
    2007-07-11 Includes\HijackersC.sbi (*)
    2007-07-11 Includes\Keyloggers.sbi (*)
    2007-07-11 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-07-11 Includes\Malware.sbi (*)
    2007-07-11 Includes\MalwareC.sbi (*)
    2007-07-11 Includes\PUPS.sbi (*)
    2007-07-11 Includes\PUPSC.sbi (*)
    2007-07-11 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-07-11 Includes\SecurityC.sbi (*)
    2007-07-11 Includes\Spybots.sbi (*)
    2007-07-11 Includes\SpybotsC.sbi (*)
    2005-02-16 Includes\Tracks.uti
    2007-07-03 Includes\Trojans.sbi (*)
    2007-07-11 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

  6. #6
    Senior Member
    Join Date
    Jul 2006
    Location
    Croatia
    Posts
    735

    Default

    Did you tried to boot computer in Safe Mode ?
    If you want to boot in Safe Mode, do the next:
    1. Restart the computer.
    2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
    3. Instead of Windows loading as normal, a menu should appear. Select the first option, to run Windows in Safe Mode.
    4. Open Spybot S&D while still in safe mode.
    5. Close all browsers, check for problems and fix everything found in red.
    6. Repeat until no more items are found in red.
    7. Close Spybot-S&D.
    8. Reboot back into Windows.

    If that doesn't work, then:
    1.Read this thread:"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    2.Create a thread in Malware Removal.

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    9

    Default

    Quote Originally Posted by Tom.K View Post
    Did you tried to boot computer in Safe Mode ?
    If you want to boot in Safe Mode, do the next:
    1. Restart the computer.
    2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
    3. Instead of Windows loading as normal, a menu should appear. Select the first option, to run Windows in Safe Mode.
    4. Open Spybot S&D while still in safe mode.
    5. Close all browsers, check for problems and fix everything found in red.
    6. Repeat until no more items are found in red.
    7. Close Spybot-S&D.
    8. Reboot back into Windows.

    If that doesn't work, then:
    1.Read this thread:"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    2.Create a thread in Malware Removal.
    Did that, but with no success... the files were removed but they always come back.
    I will open a new thread now in the Malware section. Thanks!

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello.

    Apprantly you missed the malware forum sticky Tom.K posted above:
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Please follow the procedure there to produce the logs requested. Thanks.
    Last edited by tashi; 2007-07-18 at 20:49. Reason: added info
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •