Trojan Horse removal help needed

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by poolcue, May 24, 2006.

  1. poolcue

    poolcue Private E-2

    I have just come to use my main computer and although Windows ME loads up, as soon as it is finished my AV Guard informs me that a trojan horse has installed itself on my hard drive. I am unable to get into windows.The AV asks me what should it do delete remove or keep. The trouble is that this trojan horse has frozen my mouse so I am unable to do anything. It has also frozen my keyboard and I can not get any further. Is there anyway to sort this problem out? I am only a beginner so please could you make it as easy as possible for me to understand. Many thanks Pete
     
    poolcue, May 24, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Can you provide any more info on what your AV is finding? Like a filename and a path to where it is located.

    Try booting into safe mode and running your AV program and fixing it. See the below if you do not know how to get into safe mode:

    Starting your computer in Safe mode
     
    chaslang, May 24, 2006
    #2
  3. poolcue

    poolcue Private E-2

    Many thanks for your help. This is what appears on my screen. C/Windows/System/IBM00001.DLL is the Trojan Horse TR/PSW.Sinowal.D.3

    I have taken your kind advice and managed to get the computer into safe mode but cannot not type config because the trojan horse as done something to the keyboard ports.

    So still need your professional help.

    Thank you
     
    poolcue, May 24, 2006
    #3
  4. poolcue

    poolcue Private E-2

    Many thanks to Chaslang - you did it! I managed to sort out the safe mode and managed to locate the AV and set it to work. It destroyed the trojan! Many many thanks. Pete UK
     
    Last edited: May 24, 2006
    poolcue, May 24, 2006
    #4
  5. poolcue

    poolcue Private E-2

    Many thanks to Chaslang - you did it! I managed to sort out the safe mode and managed to locate the AV and set it to work. It destroyed the trojan! Many many thanks. Pete UK
     
    poolcue, May 24, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The trojan you mentioned is normally found in the below folder:

    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm000xx.xxx

    Where xx.xxx can be anything. Like ibm00001.exe or ibm00002.dll etc.

    If this PC is used for any online banking or financial related matters of any type, you should take the below warning seriously:


    Serious Note: If you have files like ibm000x.exe or dll on your PC, you could have a serious problem to deal with related to a password stealing trojan. Your financial accounts (passwords etc) may have been compromised. See this link:

    http://www.liutilities.com/products/wintaskspro/processlibrary/ibm00001/

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, May 24, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds