Help with 4 possible Trojans, Please help.

Discussion in 'Malware Help (A Specialist Will Reply)' started by BlueEyedFox, Apr 10, 2009.

  1. BlueEyedFox

    BlueEyedFox Private E-2

    Okay so I have two files starting in my startup today, I believe I have 2 trojans and am not sure how to go about removing them.

    I run Comodo Internet Security and Malwarebytes Anti Malware

    At the moment by CIS is blocking both files, From program and firewall request (By my own will). IT did try to access the internet but I stopped it. People are telling me to Format but I have too much on here to do that.

    CIS and Malware Bytes dont detect nothing.

    Here are the virusscan.jotti.org results

    File 1: 1CB72.exe.exe

    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found Win32:Downloader-CGE
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found Troj.Downloader.W32.CodecPack.epq
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found W32/Downldr3.DZ
    F-Secure Anti-Virus
    Found Trojan.Win32.Agent2.hga
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found Trojan.Win32.Agent2.hga
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Quick Heal
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found Trojan-Downloader.VB.gen

    File 2: 9F6B3.exe.exe

    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found Win32:Downloader-CGE
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found Troj.Downloader.W32.CodecPack.epq
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found W32/Downldr3.DZ
    F-Secure Anti-Virus
    Found Trojan.Win32.Agent2.hga
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found Trojan.Win32.Agent2.hga
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Quick Heal
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found Trojan-Downloader.VB.gen
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------
    Here are the VirusTotal results

    File 1 : 1CB72.exe.exe

    a-squared 4.0.0.101 2009.04.10 -
    AhnLab-V3 5.0.0.2 2009.04.10 -
    AntiVir 7.9.0.138 2009.04.10 -
    Antiy-AVL 2.0.3.1 2009.04.10 Trojan/Win32.Agent2
    Authentium 5.1.2.4 2009.04.09 W32/Downldr3.DZ
    Avast 4.8.1335.0 2009.04.09 Win32:Downloader-CGE
    AVG 8.5.0.285 2009.04.10 -
    BitDefender 7.2 2009.04.10 -
    CAT-QuickHeal 10.00 2009.04.10 -
    ClamAV 0.94.1 2009.04.10 -
    Comodo 1109 2009.04.10 -
    DrWeb 4.44.0.09170 2009.04.10 -
    eSafe 7.0.17.0 2009.04.07 -
    eTrust-Vet 31.6.6448 2009.04.10 -
    F-Prot 4.4.4.56 2009.04.09 W32/Downldr3.DZ
    F-Secure 8.0.14470.0 2009.04.10 Trojan.Win32.Agent2.hga
    Fortinet 3.117.0.0 2009.04.09 -
    GData 19 2009.04.10 Win32:Downloader-CGE
    Ikarus T3.1.1.49.0 2009.04.10 -
    K7AntiVirus 7.10.698 2009.04.09 -
    Kaspersky 7.0.0.125 2009.04.10 Trojan.Win32.Agent2.hga
    McAfee 5579 2009.04.09 -
    McAfee+Artemis 5579 2009.04.09 -
    McAfee-GW-Edition 6.7.6 2009.04.10 -
    Microsoft 1.4502 2009.04.10 -
    NOD32 3999 2009.04.10 -
    Norman 6.00.06 2009.04.09 -
    nProtect 2009.1.8.0 2009.04.10 -
    Panda 10.0.0.14 2009.04.10 -
    Prevx1 V2 2009.04.10 Medium Risk Malware
    Rising 21.24.44.00 2009.04.10 -
    Sophos 4.40.0 2009.04.10 -
    Sunbelt 3.2.1858.2 2009.04.10 Trojan.Win32.Agent2.hga
    Symantec 1.4.4.12 2009.04.10 -
    TheHacker 6.3.4.0.305 2009.04.09 -
    TrendMicro 8.700.0.1004 2009.04.10 TROJ_AGENT.AQER
    VBA32 3.12.10.2 2009.04.10 Trojan-Downloader.VB.gen
    ViRobot 2009.4.10.1688 2009.04.10 -
    VirusBuster 4.6.5.0 2009.04.10 -

    File 2: Could get it to upload, Virustotal is working when it wants to

    error : Please report failure as: ErrorTime= "Apr 10 16:05:29"

    -------------------------------------------------------------------------

    http://img12.imageshack.us/img12/492/malwareq.png

    Sorry for posting so much stuff, I wanted to make sure I had everything so I can be assited properly.

    Please help me out, Thanks.

    Edit: I have two new files named BAB2D.exe and 0E808.exe after a blue screen when I tried to run some program that supposed to scan for rootkits or something.

    Oh and everytime I restart, Even though I changed some settings with AusLogic Boost thing it says "Excuting .dll" something before it starts up and i see my desktop, It spammed alot of em the first time but I think its related to AusLogic
     
    BlueEyedFox, Apr 10, 2009
    #1
  2. Corporal Punishment

    Corporal Punishment Head of Software Shenanigans Staff Member

    Please begin by clicking Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search forTDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
    • Also if TDSSserv.sys is found and you disable it, then reboot.
    • After reboot continue on with the below cleaning instructions.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    Corporal Punishment, Apr 11, 2009
    #2
  3. BlueEyedFox

    BlueEyedFox Private E-2

    I did not find TDSSserv.sys
     
    BlueEyedFox, Apr 12, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just continue on with the rest of the instructions.
     
    chaslang, Apr 15, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds