Wollf.16

Hello everyone. New poster, semi-old lurker here. I'd been having some issues and running all the necessary defense software and coming up dry. I knew (know) I was infected but I didn't (don't) want to do a re-install. I downloaded Assassin and sure enough, it found the Wollf.16 Trojan immediately.

It's a sneaky little devil and it bounces around as a mis-spelled windows process ("wininit.exe" and/or "winnit.exe").

I chased this thing around in Assassin for a while and watched as it attached itself to various open processes each time I tried to delete it within Assassin.

Setting my options to "show all dates" and making my way through the forum malware removal section, I came across 2 threads linking to wollf.16.

Following Tim's step-by-step instructions I attempted to download GTools in an effort to get it to reveal it's true location.

When I first clicked the download link for GTools, I got an error message from Firefox stating "Cannot download to this directory, try another directory" (?) then subsequently, every attempt thereafter, the "page could not be found" over and over again. The link was correct.

I do know that the file, once downloaded should be renamed as to avoid being detected when run, but when *being* downloaded? Any thoughts? Suggestions? Help!

Thanks ever so kindly.

 

I'm sorry - I mean *M*GTools.

 

:-o... and the Firefox error message is:

"Firefox can't find the file at http://forums.majorgeeks.com/chaslang/files/MGtools.exe."

Apologies.

 

I Seriously Need Help With This One:Creating Restoration DVDs With a Trojan Installed

Well, http://windows7news.com/forum/Smileys/default/sad.gif the subject line pretty much sums it up. I just got my shiny new computer that has Windows 7 on it (I know, I'm late), and 2 days later I'm hit with the wollf.16 trojan which sets up my system as a client and allows the server to have complete control over my system.

Does anyone know if I can make my new restoration dvd's while this trojan exists on my system? Will the factory restore be affected?

It's an HP desktop, fwiw. I'm pretty leary about it, and am really stuck at this point with absolutely no alternative as I have no image disk to restore from. As I said, the system is brand spanking new.

Thanks for any help anyone can provide.

Delores

 

Kestrel13!,

I give. I'm unable to download the tools. All of my machines are on the same network thus all are clients of the trojan server. I'm going to re-install on my 2 Vista machines but I don't know in the case of my Windows 7 system that I just purchased. I did not get the opportunity to create my restoration DVDs in time and am incredibly frightened, to be quite honest.

I posted as much on an MS list, but haven't heard anything back yet.

Thank you for your response.

 

Well, they are both infected because it is a client/server trojan and it saw both clients on the network and had a freaking party. Here is the initial message I get upon download attempt number one:

" C:\Users\Delores\Downloads\MGtools.exe could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location. "

Which has never happened to me before, I clicked "save", and I have been able to download to my download directory all day long (programs and regular files).

Right after this happens, I immediately get sent to an error page that says the file cannot be found.

 

I should note, that I did set up an alternate directory, and the same thing happened.

I do know that the file, once downloaded should be renamed as to avoid being detected when run, but when *being* downloaded? Now that's some serious kung-foo and I want to know how to eradicate that kind of technique *big* time.

 

Yes, but it will take me some time to get access to one. I'll get everything together and be back with the results. In the meantime, thanks for hanging in there with me.