5 Replies Latest reply on Jan 26, 2017 10:59 AM by catdaddy

    Trojans!!

      Hi. This all started Friday with the dreaded Google Links Hijacked/Redirect mess. Now I have more problems. I've followed the directions in the Homeusers' malware troubleshooting doc. I'm in the process of running Stinger now, but I know I have a problem with winlogon.exe. Is this the virus that's running "Defense Center" and keeps asking me to uninstall McAfee's? What's responsible for the pornographic shortcuts appearing on my desktop?!

       

      I writing now b/c I wasn't able to access the internet in normal mode, but I'm able to access in Safe Mode. When Stinger is done, I will run the malware program suggested in an earlier post. I'm posting my Safe Mode Scan results and Stinger Log now, in case I can't access the internet after rebooting. I can check this discussion on my PC (it's my laptop that's infected). Also, connected with this virus (?), I was unable to access Windows Update, but MS has sent me instructions, which I have yet to do.

       

      Superantispyware found and removed a lot of stuff, but it didn't solve any problems.

       

      I'll post again after Stinger runs and I run the malware program. Any and all help is much appreciated!!  Dave

       

      Scan Log:

      7 items found, 6 fixed
      Report:
      7/10/2010 1:50:27 PM Scan Started: 07/10/2010 01:50:27 PM
      7/10/2010 1:50:29 PM "C:\WINDOWS\system32\winlogon.exe" "Spy-Agent.bw.gen!mem" "10"
      7/10/2010 2:10:15 PM "C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMAa61e.tmp" "Patched-MSCVRT" "5"
      7/10/2010 2:46:14 PM "C:\WINDOWS\PRAGMAbvgoiqmqpq\pragmabbr.dll" "DNSChanger.bu" "5"
      7/10/2010 2:46:14 PM "C:\WINDOWS\PRAGMAbvgoiqmqpq\PRAGMAc.dll" "DNSChanger.bu" "5"
      7/10/2010 2:46:14 PM "C:\WINDOWS\PRAGMAbvgoiqmqpq\PRAGMAd.sys" "Generic FakeAlert!jl" "5"
      7/10/2010 2:46:14 PM "C:\WINDOWS\PRAGMAbvgoiqmqpq\pragmaserf.dll" "DNSChanger.bu" "5"
      7/10/2010 2:48:15 PM "C:\WINDOWS\system32\1054y.exe" "Artemis!D8B3DD745900" "5"
      7/10/2010 2:53:59 PM Total objects scanned: 116866
      7/10/2010 2:53:59 PM Objects detected: 7
      7/10/2010 2:53:59 PM Scan Done: 07/10/2010 02:53:59 PM

       

      Stinger:

       

      McAfee® Stinger Version 10.0.1.934 built on Jul  2 2010

      Copyright © 2010 McAfee, Inc. All Rights Reserved.

      Virus data file v1000 created on Jul 2 2010.

      Ready to scan for 3659 viruses, trojans and variants.

       

      Scan initiated on Sat Jul 10 14:59:22 2010

      C:\WINDOWS\system32\winlogon.exe

           Found the Spy-Agent.bw.gen!mem trojan !!!

      C:\WINDOWS\system32\winlogon.exe could not be repaired.

        Number of clean files: 304404

        Number of Trojans: 1

        • 1. Re: Trojans!!

          OK. Malware found 13 items, but "some items couldn't be removed"). I can access the internet on my laptop, my desktop is back to normal (proper resolution, colors, etc.), and I don't see the Defense Center nonsense. BUT, none of my shortcuts work, and, even if I try to open a program or tool from the start menu, I get prompted with "open with" and a list of programs, like Adobe, IE, etc. Even on the Malware program I just downloaded. And, McAfee's didn't open and run automatically. I was able to get that open from the start menu. And, lastly, I still have the Google Hijack/Redirect problem. Any suggestions? Please...  Dave

           

           

          Message was edited by: dcblawdog on 7/10/10 4:06:11 PM CDT
          • 2. Re: Trojans!!

            I found a fix for troubles running .exe files, and I ran TDSSKiller, rebooted, and everything seems to be OK now. Even the Google Redirect issue. Uh...thanks for the help.

             

            I know you all are volunteer moderators, and I appreciate the help when needed, but in case Big Brother McAfee is listening, given the bad DAT file episode a few months ago, and now this fiasco, I'm seriously questioning my loyalty to McAfee.

            • 3. Re: Trojans!!
              k3tg

              I don't know what malware program you were using but Malwarebytes is a good one and it is free. Go to www.malwarebytes.org and download and install it. Check for the latest updates and run the program and let it clean everything it finds.

               

              Good Luck

              • 4. Re: Trojans!!
                Peacekeeper

                When you  run www.malwarebytes.org (http://www.malwarebytes.org) as Tom suggests and www.superantispyware.com (http://www.superantispyware.com) both  of which are free and catches a lot of stuff. You should download these to a usb  stick and I suggest you rename the download files and installation folders to  something you can easily remember as virus are written to protect themselves.  When you rename the programs you can usually get them installed as they do not  pose a threat. Check for updates and run the program and let it clean everything  it finds and reboot the computer. Do the same for the other program and reboot  again.

                 

                (Above cut from a post by Tom)

                 

                No 1 program is 100% effective so I use mcafee with these two to ensure full coverage. If they find anything upload the file to Mcafee and the malware doc says it will assist mcafee in improving its coverage.

                (http://community.mcafee.com/docs/DOC-1294)

                 

                 

                Message was edited by: Peacekeeper on 11/07/10 3:18:49 PM
                • 5. Re: Trojans!!
                  catdaddy

                  Marked as 'Assumed Answered' and locking this discussion as it is over 7 years old.