Virus A0025728.exe

Colin17 · Apr 13, 2006

I am having a problem removing a Virus - my virus protection told me that I had a virus in MSN Messenger - it said that it was an unknown virus and did not remove it. I uninstalled MSN Messenger and scanned again for a virus - the report was a file A0025728.exe which was infected. My virus software is Command Antivirus - I have downloaded AVG and run it. AVG told me there was a virus but not what it was.
My Operating System is: Microsoft Windows XP, Home Edition, Version 2002, Service Pack 2
My Computer is: Dell Computer Corporation, Intel Pentium III Processor, 498 MHz, 256 MB of RAM.
I am attaching a HighjackThis Scan and would appreciate any help that you can give me.
Many thanks in anticipation,
Colin17.

DavidGP · Apr 13, 2006

Hi Colin,

were you given a location of the virus reported in this file A0025728.exe ?

best bet is to run through this guide of ours first, - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender

Panda Scan

HijackThis

.

Colin17 · Apr 14, 2006

Problem solved - Computer now clean - AVG found two Tojan horses - Downloader.Small.15AZ (Found 4 times) and Collected.4.AO (Found once).
Please find Vault info below:

AVG Virus Vault

Trojan horse Downloader.Small.15.AZ C:\WINDOWS\MatAdown.dll 13/04/06 15:56 MatAdown.dll 15.5 KB
Trojan horse Downloader.Small.15.AZ C:\WINDOWS\SYSTEM32\MatAdown.dll 13/04/06 15:56 MatAdown.dll 15.5 KB
Trojan horse Collected.4.AO C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gba1680.exe 13/04/06 15:56 gba1680.exe 16.67 KB
Trojan horse Downloader.Small.15.AZ C:\System Volume Information\_restore{845D16C4-42AE-4989-B5B5-FBE5AFD49853}\RP179\A0025784.dll 14/04/06 15:04 A0025784.dll 15.5 KB
Trojan horse Downloader.Small.15.AZ C:\System Volume Information\_restore{845D16C4-42AE-4989-B5B5-FBE5AFD49853}\RP179\A0025785.dll 14/04/06 15:04 A0025785.dll 15.5 KB

Thank you
Colin17

DavidGP · Apr 14, 2006

Great, now if your still clean and those items are still listed in the System Volume Information \ Restore folder then, turn off System Restore and reboot then turn back on System Restore as it will flush all your restore points as some will be holding the trojan.

Colin17 · Apr 17, 2006

Have now done as you suggested - computer now clean
Thank you - Colin17

DavidGP · Apr 17, 2006

Good Stuff Colin, please also have a read of this guide How to Protect yourself from malware!

and happy surfing

Log in or Sign up

Virus A0025728.exe

Colin17 Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Colin17 Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Colin17 Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member