cancel
Showing results for 
Search instead for 
Did you mean: 
bman318
Level 7

Yahoo virus

I got a trojan that came into me via yahoo.  It is trying to go out via yahoo.  I've deleted yahoo to close the door, but McAfee is not seeing it. Anybody else been wormed?

0 Kudos
8 Replies
bman318
Level 7

Re: Yahoo virus

Any idea how to get the memory scanned to get rid of this thing?

0 Kudos
exbrit
Level 21

Re: Yahoo virus

Moved this to the correct area.  It's a bit difficult to know what to suggest without any details such as a name for the trojan, your operating system and service pack plus what versions of McAfee you have installed, but.....

Try downloading, updating and running the free version of these two tools:

http://www.superantispyware.com/superantispywarefreevspro.html

http://www.malwarebytes.org/mbam.php

Let them remove everything they find and reboot immediately when asked to.

Message was edited by: Ex_Brit on 12/4/09 6:49 PM
0 Kudos
bman318
Level 7

Re: Yahoo virus


No sir, that didn't work.  It is still doing it.  I think it is trying to go out via the IMs.  I have Vista SP2 installed, and the McAfee is the McAfee Internet Security via Toshiba.  Not certain how to find the Trojan Horse/Worm.  Content.IE5\VBP3BDLT\2Tq[1].zip was blocked once.  Not certain what is getting through the IM program.

0 Kudos
exbrit
Level 21

Re: Yahoo virus

Download Hijackthis and post its log along with the symptoms you are seeing on one of the following forums for expert advice:

DOWNLOAD HIJACKTHIS

Do not post the log here, we can't help!

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

MAJOR GEEKS FORUM

MALWAREBYTES FORUM

MALWARE REMOVAL FORUM

SPYWAREHAMMER FORUM

SPYWARE INFO FORUM

WHAT THE TECH FORUM

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

0 Kudos
JackEagle
Level 7

Re: Yahoo virus

Peter,

FYI,

The program, 2tq[1].ZIP IS running thru YAHOO IM.

An IM from a friend (infected) popped up and asked how I liked the new glasses she picked out (and YES, she wears glasses)

I have two separate computers running McAffee and another running NAV.  Both identified, reported 2TQ[1].zip and repaired same yet YIM continues to send IM's to each individual in the address book. Apparently the ZIP file is SFX and the trojan file names have been changed since 2004.  tHE TROJAN IS STILL RUNNING ABOUT EVERY 30 MIN.

0 Kudos
exbrit
Level 21

Re: Yahoo virus

Did you post a Hijackthis log as I suggested?

0 Kudos
bman318
Level 7

Re: Yahoo virus

Yes, I did.  I am awaiting an analysis report.  We shall see.  I'll post back here too if/when I get a fix.

0 Kudos
exbrit
Level 21

Re: Yahoo virus

You are sure that this isn't some kind of advertising from Yahoo?   I seem to remember something similar happening before I ditched it altogether.

0 Kudos