Virus removal help

[Hellfighter]

Trilogy

Download newer Hijackthis: http://danborg.org/spy/HJT/hijackthis.exe you will need it so they can see what is really going on inside your system or you can use SpyBot Log file to if you like ether one will do.

post the info up here as hijackthis.txt to attachment it in the registier it being restarted and we need to delete the registier enter on this virus

there are tech-heads at this site that work on downloader viruses to get them remove: http://www.bullguard.com/forum/

??????????you have not said the name of it at all?????????
its a virus (you don't know the name of it) that is a downloader type viruses means it update live online (internet) there are many type viruse by name that are downloader viruse we need to know what one it is by name.

1.) Sophos virus analysis: Troj/Downloader
2.) Trojan horse downloader agent.5.K
3.) Win: 32RAHack, Virus downloader (new 12/24/2004)

Quote:

Originally Posted by Corrine

Hi, babylion. Have you tried an online AV scan?

Panda
Symantec
TrendMicro
A2 Trojan Scan

time being don't log-in any banks or game you have a trojan horse it may keep track of your log-in info and send it up to the maker of it
=========================================
listing of downloader viruses: http://vil.mcafee.com/newVirus.asp

Generic Downloader.h 01/05/2005 Trojan Win32 4400 Low Low

Generic Downloader.c 01/05/2005 Trojan Win32 4317 Low Low

Generic Downloader.b 01/05/2005 Trojan Win32 4298 Low Low

Generic Downloader.f 12/29/2004 Trojan Win32 4397 Low Low

Downloader-TO 12/28/2004 Trojan Downloader 4417 Low Low

there are more too.

[Matt]

chief bro i truthfully dont know the name of the virus

[.DareDevil.]

Well i would say some viruses can screw you so bad you have to use system restore or wipe your hardrive the nrestore if you have backups you will be in good shape!!!!!Sorry about the bad news there it has happened to me before!!!!!!!!!!!

[Hellfighter]

online virus scan: free and they do remove them all;

[Norton Online Virus scan]

[TrendMicro online virus scan]
==========================================
general Intel:
Symantec Security Response - "Download.Trojan"
Download.Trojan connects to the Internet and downloads other Trojan horses or components.
http://securityresponse.symantec.com...ter/venc/data/ download.trojan.html - 25.7KB - United States 76%
Find Similar
--------------------------------------------------------------------------------
Symantec Security Response - Download.Trojan.B
Download.Trojan.B is a Trojan Horse that downloads and executes Backdoor.Sdbot.M. The original filename may be update0932.exe. It is written in the Borland ...
http://securityresponse.symantec.com...ter/venc/data/ download.trojan.b.html - 25.7KB - United States 76%
Find Similar
--------------------------------------------------------------------------------
Symantec Security Response - "Download.Trojan.PSK
Downloader.Trojan.PSK is a program that downloads the Trojan, Backdoor.IRC.PSK, from a remote Internet site and executes it on the local system.
http://securityresponse.symantec.com...ter/venc/data/ download.trojan.psk.html - 22.1KB - United States
===========================================
you will need to try to get the name of it so try to do another scan see if you can get the name of it ok, my heart is out for you guy.

not all virus are the same you need to edited the registry key's and delete the file that has the virus there maybe a application.exe too. this is one bad virus it gets updates thats why they call it a downloader virus
===========================================
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations. so you need to disable it then system restore will delete every thing inside System Restore folder, after system reboot back to desktop then folder is clean, do a full virus scan if it clear of viruse's enable system restore.

did look for this item "r1mya.dll" thats has to do with one virus i do mean i really look around sorry found nothen listed with any info on it. not letting you go i going to keep looking for info on this one for you if it take me all night ok. your my home boy not letting you go bud.

last take a look here may help you give it a try:
http://www.trendmicro.com/vinfo/viru...me=TROJ_BROK.A

[Hellfighter]

will Trilogy
i got one now? bugger

"to read it click-on image above"

basic it call: Trojan-Downloader-Delf
file name: srchcommon[1].enc
it was deleted but there is a draw back this type can downloaded even more crap, so now going to update my 2 anti-virus programs and do a deep scan and a bootscan to see if there is more.

i got it from a url site some place don't know this morning some time.

[Hellfighter]

update seem spysweeper was the only one to seen it? Spybot S&D, Avast!,Fix-it5, Lavasoft:adware SE, none of them seen it at all. Spysweeper seen it and remove it. i did a scan using all of them above to see if there was anything new using all the tools i had. glade to say it no more and no other virus got loaded in.

www.webroot.com has the spysweeper think they have a demo or a one last so many days.

yes they do i check: http://www.webroot.com/downloads/?WR...d80de2d2f64dd7

[~MOUSE~]

If you have Spybot, try looking in the TOOLS - SYSTEM STARTUP section.
See if there are any programs you don't recognise running.

[Scattergun]

Get Mcafee never has missed a problem with it and It provides extra Protection and scans everything befor it downloads it Well atleast for me

[Hellfighter]

Quote:

Originally posted by ~MOUSE~
If you have Spybot, try looking in the TOOLS - SYSTEM STARTUP section.
See if there are any programs you don't recognise running.

As for Me:
ok i check that everything is in this area that should be no then out of place, for me it is totally gone.

spysweeper did the job on removing it.

i all so disable the system restore, after i restarted the system got to desktop (restore folder clean out of all files type) then re-enable it after. still clean.

[Rider]

should be able to just hit run>and type msconfig, then disable all startup options>restart and delete the file>then hit run>type msconfig again and enable your start ups again..........I would say if that dont work, you really need to get SPysweeper cuz i got that too, and it works GReaaat!!

hope that helps a lil.

[.DareDevil.]

msconfig? Isnt that Mouse Configruaration!!!!!!

[Matt]

microsoft?

[Lakie]

you cant go into dos and delete it like earlier windows OS's can you?

[Rider]

Quote:

Originally posted by Visor*CP*/visor_dflw
msconfig? Isnt that Mouse Configruaration!!!!!!

lmfao, no man

when u hit start>Run>type msconfig and you will get some options, goto the tab that says start up and uncheck everything then restart

[Hellfighter]

msconfig means: Microsoft configuration
use for setting for start up and more options you can use one should be very carefull on what you disable in here this has system files some do need to be enable only disable items that has no then to do with system setting if you do disable these items you may find windows not working at all.

[Rider]

not if u have windows xp, u can disable all in xp, just not on older versions of windows, but xp dont have any system files on the start up tab just programs

[VooDoo-]

you got all the windows updates? there security stuff really helps...

[Matt]

Quote:

Originally posted by Rider
not if u have windows xp, u can disable all in xp, just not on older versions of windows, but xp dont have any system files on the start up tab just programs

i tried that, it didnt work

[atholon]

Did you try that Mcaffee avert stinger scanner?

[zaitsev]

boot from nortons, if you have nortons, go into your bois and change your boot squance to your cd drive first, make surey you have your nortons disk in the drive, save your bois and restart, you should then boot straight into nortons without loading anything from windows, of course you need a bootable cd drive, most new ones are. or you could hook your hd up to another computer and make it slave, bootup to that comps normal os and then access the drive and delete the files that way