REMOVAL, COMPLETE ! Glacier Remote Access Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by Maggie_61, Jan 18, 2006.

  1. Maggie_61

    Maggie_61 Private First Class

    I downloaded and run a foolish program for testing PC SECURITY and it gave me VIRUSES instead !

    Other viruses I cleaned them all except this here below:

    I run my PC (WINDOWS XP PROFESSIONAL, SP2, OFFICE 2003 PROFESSIONAL, SP2) in safe mode for antispyware and viruses search and it found nothing.

    MICROSOFT ANTISPYWARE REMOVED THE VIRUS AS MENTIONED HERE BELOW, BUT I DO NOT KNOW IF IT COMPLETELY REMOVED THE FILE c:\windows\system32\system32.exe MENTIONED BELOW. I HAVE A VIEW "SHOW HIDDEN FILES" BUT I CANNOT SEE IT! IS IT POSSIBLE, IS IT REMOVED?

    NOW, I OPEN OUTLOOK 2003 AND WHEN I REPLY TO A MESSAGE I GET THIS MESSAGE:

    "MICROSOFT WORD IS SET TO BE YOUR EMAIL EDITOR. HOWEVER, WORD IS UNAVAILABLE, NOT INSTALLED OR IS NOT THE SAME VERSION AS OUTLOOK. THE OUTLOOK EMAIL EDITOR WILL BE USED INSTEAD. AN OLE REGISTRATION ERROR OCCURED. THE PROGRAM IS NOT CORRECTLY INSTALLED. RUN SET UP AGAIN FOR THE PROGRAM."

    I suppose the VIRUS IS STILL IN MY PC. HOW CAN I REMOVE IT COMPLETELY?

    Please see here below the complete message from MICROSOFT ANTISPYWARE::::

    ALSO AND MOST IMPORTANT !!!!!!!!!!!!
    I COPIED ALL MY DOCUMENTS AND OUTLOOK PST FILES IN MY LAPTOP !!!!!
    IS IT INFECTED TOO ???????????

    HEEEEEEEEEEEEELP !!!!

    =======================================================




    MICROSOFT ANTISPYWARE:



    Spyware Scan Details
    Start Date: 13/1/2006 12:44:21 ðì
    End Date: 13/1/2006 12:47:11 ðì
    Total Time: 2 mins 50 secs

    Detected Threats

    Glacier Remote Access Trojan more information...
    Status: Removed
    Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

    Infected files detected
    c:\windows\system32\system32.exe


    Detected Spyware Cookies
    No spyware cookies were found during this scan.





    Glacier

    Type: Trojan
    A Trojan that silently installs other programs without consent.

    Category: Remote Access Trojan
    A Trojan that gives an attacker remote access to a computer.

    Threat level: Severe
    Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

    Author: Y2KZERO



    © 2005 Microsoft Corporation. All rights reserved
     
  2. Maggie_61

    Maggie_61 Private First Class

    OK. I did this START - RUN - Regsvr32.exe %Windir%\System32\Ole32.dll and I fixed the OUTLOOK OLE problem.

    But I feel very unsafe my PC & LAPTOP are infected ! (?)

    What else can I do ?

    Also, I AM VERY MUCH AFRAID TO DOWNLOAD ANY PROGRAM FROM THE INTERNET anymore because I work at home with these two computers... !!!


    Thanks to you ALL !!!
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
  4. Maggie_61

    Maggie_61 Private First Class

    My problem is still that I cant find the file c:\windows\system32\system32.exe. Is it completely deleted when I removed the virus or I just cant see it?

    ...I did exaclty what you say in these directions
     
    Last edited: Aug 21, 2006
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If MS Antispyware detected it and you had it fix the problem, it either deleted the file or put it in a Quarantine folder.

    You should delete the below and never use anything from Kazaa:

    C:\DOWNLOADS\KAZAA_kmd202gu_en.exe
     
  6. Maggie_61

    Maggie_61 Private First Class

    When I go to Windows Explorer --} View ---} "Show hidden files and folders", I cant see the file c:\windows\system32\system32.exe. Is it completely deleted when I removed the virus, or I just cant see it?

    My computer technician told me that he could send me the file to put it in that folder and it would work OK, but he didnt.

    Is it a problem that this file doenst exist? (...or I only cant see it... ?) If you could, you or someone could send it to me to put it there, but I should take care NOT TO DAMAGE MY PC !!!! (I work at home.)

    I deleted the KAZAA files, but I think small problems I am having with my PC now, started after the removal of the virus from the MICROSOFT ANTISPYWARE SCAN...

    PLEASE TELL ME WHAT EXACTLY SHOULD I DO WITH THIS FILE !

    Thank you so much,
    Maggie
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please stop using the RED BOLD TEXT!!!!! It is annoying to read.

    I already answered your question about this file in my previous message.

    I don't know what you are talking about. What file is it that a tech is going to send you? If you are talking about c:\windows\system32\system32.exe , it is not a valid Windows file. Why do you want to put the virus back on your PC? And the technician must not know what he is talking about if if was going to put this file back on your PC.

    If you are still having malware problems, run the steps I gave you in my first message (that's message # 3 in this thread). Otherwise stop worrying about a file that has already been removed that you do not need. Here is some more info on that file and why it was deleted by MS Antisypware:
    You should be addressing your problem with Outlook in the Software Forum as it is not a malware issue. But try this:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;906307&sd=rss&spid=2520
     
    Last edited: Jan 19, 2006
  8. Maggie_61

    Maggie_61 Private First Class

    Thank you so much for the info !

    I could not ...understand till know if this file was useful or if it was wrong to be deleted by Microsoft Antispyware, or even if it maybe could harm my system....

    I cleared the virus from this old downloaded version of KAZAA I had from several years ago.

    WHAT DO YOU THINK I SHOULD DO WITH MY LAPTOP?
    Just delete the KAZAA files or do the WHOLE PROCEDURE (SAFE MODE & NETORKING) WITH ALL THESE PROGRAM AS YOU SAY (just not to loose time..) ?

    Thank you once again for your precious support !

    Sincerely,
    Maggie
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I really don't know what stuff you have from Kazaa on your PC but you should uninstall Kazaa and also delete the file I gave you earlier related to it.

    If you want to be sure you have no other malware on your PC, you must follow all the steps in the procedure I gave to you.

    Thanks for not using the RED. It was killing my eyes! ;)
     
  10. Maggie_61

    Maggie_61 Private First Class

    Thanks a million !!!!!

    You are great !!!! :)


    Good night from Athens, Greece !


    Maggie
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds