addio.exe, the downloader-yk trojan, and more (Oh My!)

Discussion in 'Malware Help (A Specialist Will Reply)' started by jasonh, May 16, 2005.

  1. jasonh

    jasonh Private E-2

    Greetings all,

    I'm having issues with my system and the Downloader-YK Trojan.

    Here's the specifics:

    I'm using a Dell Dimension 4500 with a 1.8 ghz P4 and 1 gig RAM. I'm running windows xp home.

    My anti-virus software (McAffee) has been detecting and deleting the Downloader-YK trojan over the last three days. The filenames are in either c:\windows or c:\windows\system32 and have oddnames like:

    mfcaf.exe
    netkp.exe
    apiym.exe

    and various others.

    Invariably, these files are associated with an application called addio.exe.

    Now for the oddest part. I have been getting messages from windows security center with an icon in my task bar claiming that my system may be at risk and to click here to find out how to protect my system. The other message I get is an actual pop-up dialog box that says "windows security center has detetcted suspicious network activity on your firewall" (or something approximately along those lines), and tells me to click ok to find out how to fix my system. when I do so, it sends me to an MSN messenger site with .net extension advertising various anti-spyware tools....but this is where it gets odd. I unhook my cable modem and use various applications and that box will come up while I AM DISCONNECTED FROM MY NETWORK.

    I do not think I even have windows security center installed as this was released around october '04 and I don't think I installed any such security update--though I might have as that's been awhile ago....

    Soooo...diagnosis anyone? Should I post a Hijack This Log File?

    Thanks,

    jasonh
     
    jasonh, May 16, 2005
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    After doing ALL of the above if you still have a problem:


    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, May 16, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds