Need to remove a trojan

A

abbygayle

New member
I downloaded a keygen or something for Daniusoft WMA MP3 player (dumb, i now know...) Anyway, I have a trojan. I have AVG running a scan, but it has been running for two days and still isnt finished. These are the infections listed in AVG so far:
crack.exe
serial.exe
number.exe
danuisoft_wma_mp3_co
tiny.nfo.viewer.exe
danuisoft.wma.mp3.co

My spybot scan said to check error.log file. So I did that. Here is what that says:
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>


I'm not sure where to go from here. I would greatly appreciate if someone would be able to point me in the right direction. THanks!
 
ok, thanks for replying. i had 1.4 so i'm trying to update as suggested.
but when i go to download i get an error that says:
C:/programfiles/sypbot/search& destroy\plugins/tcpipaddress.dll

an error occured trying to replace existing file
delete filefailled;code 5
access denied

if i retry i get the same error. should i ignore? (not suggested according to error)?
 
Hello,

We recommend a fresh install of Spybot - Search & Destroy.

Please uninstall Spybot - Search & Destroy according to the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Then make a fresh install of Spybot - Search & Destroy 1.6.
You will find links to several download locations on our website:
http://www.safer-networking.org/en/mirrors/index.html

You will also have to update your new version using the integrated updater.
This should solve the problem.

Best regards
Sandra
Team Spybot
 
ok,thanks i was able to scan spybot without any interruptions or references to the error.log file, but none of the trojans listed above were in the scan. just things from hitbox, fastclick, tradedoubler, adrevolver, burstmedia, casalemedia.

Have I removed the trojan? Is there more I need to do?
Also, should I remove the Danuisoft program if possible? WIll the trojan follow it around?

if i go to the error.log again it has the following. i dont know if that means or anything or not.
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
 
i'm not sure how to edit the above post, but i should clarify that the last scan was done with a clean version of spybot s&D 1.6
 
abbygayle:

abbygayle said:
i'm not sure how to edit the above post, ...
Click to expand...
You can't edit posts in this forum after 15 minutes.

abbygayle said:
ok,thanks i was able to scan spybot without any interruptions or references to the error.log file, ... Have I removed the trojan?
Click to expand...
There were no Trojans. What you were getting were detection rule errors in the Trojans.sbi and TrojansC.sbi files being reported by the old version of Spybot because some of the new detection rules are incompatible with that old version.
 
i see, thank you...

i know this is a spybot forum but if i dont have any trojans do you know why my avg would list all of those same things (see first post) under infections?

if i did, indeed, have a trojan, would spybot have listed it and fixed it?

thanks again for your help.
 
abbygayle:

abbygayle said:
i see, thank you...

i know this is a spybot forum but if i dont have any trojans do you know why my avg would list all of those same things (see first post) under infections?

if i did, indeed, have a trojan, would spybot have listed it and fixed it?

thanks again for your help.
Click to expand...
What version of Spybot - Search & Destroy are you currentally running (Spybot » Help » About)?

I personally do not use Grisoft's AVG and you did not include a log of the detections by AVG, so I am at a loss to answer that question.

The errors that you posted were primarally the failure of rootkit checks (hidden file checks) that fail in versions of Spybot below Spybot 1.5.2.20.

Assuming you are running Spybot 1.6.0.30, if the rootkits actually existed with a scan using Spybot 1.6.0.30, Spybot should have detected them.
 
I am running version 1.6.0.30 for spybot search and destroy.

For my avg log is this what you mean? These are the result/infections listed during my scan.

crack.exe
serial.exe
number.exe
danuisoft_wma_mp3_co
tiny.nfo.viewer.exe
danuisoft.wma.mp3.co
 
abbygayle:

abbygayle said:
... i know this is a spybot forum but if i dont have any trojans do you know why my avg would list all of those same things (see first post) under infections? ...
Click to expand...
I guess I'm missing something. Spybot listed errors in detection rules for checks associated with these malware checks:
  • Delf.Spool.cn
  • FlashExploit
  • Win32.Agent.frl
  • Zlob.DNSChanger
  • Zlob.DNSChanger.rtk
abbygayle said:
... For my avg log is this what you mean? These are the result/infections listed during my scan.

crack.exe
serial.exe
number.exe
danuisoft_wma_mp3_co
tiny.nfo.viewer.exe
danuisoft.wma.mp3.co
Click to expand...
I don't see any connection between the two.
 
sorry if i'm confusing. i'm pretty inexperienced with security softwares.

the things listed in the avg infection list were related to the software kegen i downloaded (danuisoft) so i assumed that was how the trojan got on my computer.

i guess my main question is, do i have a trojan or don't i? i thought i did. but spybot hasn't found anything and avg has those listed.

are you saying in your opinion i do not have a trojan (even though those things are listed as infections under avg)?
 
abbygayle:

abbygayle said:
... are you saying in your opinion i do not have a trojan (even though those things are listed as infections under avg)?
Click to expand...
No I am not saying that at all.

What I am saying is the the original errors that you were getting with Spybot were because you were running an old version of Spybot. They were not detections of malware.

The detections that you are getting with Grisoft's AVG could very well be detections of malware that is not picked up during a Spybot spybot scan.
 
You must log in or register to reply here.
Back
Top