Solve : Dang Trojans! The never ending battle where I always lose...?

1.	Solve : Dang Trojans! The never ending battle where I always lose...?
Answer» So once again I have been infected by a Trojan. I have followed all your instructions and have downloaded and ran all programs in normal and safe mode. I thought I found and deleted it last night. Ran a couple scans and everything cam up clean. Then today my resident scanner popped up saying I am infected with Sheur.BQEV. I sent it to the vault but it keeps coming back eventually so I guess I haven't essentially ever even found it. I am not sure if this pertains to anything but the other day I found Downloader.Generic7.XOQ. I am pretty sure I got that one for good. As of right now all my malware programs are saying everything is clean but I know thats not the case. Please help! Thank you for your time XP Pro; 512 MB; Home Laptop; Centrino 1.4ghz. [recovering disk space -- attachment deleted by admin]I'm not a pro or anything, but I suggest system restore. Unless your computer was infected before any re-storable day. In that case, I wish you luck !It's not showing in the HJT log. Download Malwarebytes' Anti-Malware (MBAM) Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then SHOW Results to view the results. Be sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.I scanned my computer last night and it came up clean too. Malwarebytes' Anti-Malware 1.25 Database version: 1102 Windows 5.1.2600 Service Pack 3 10:42:10 PM 8/31/2008 mbam-log-08-31-2008 (22-42-10).txt Scan type: Quick Scan Objects scanned: 48310 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not MOUSECLICK ComboFix's WINDOW while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Attached. Thx. [recovering disk space -- attachment deleted by admin] Not seeing anything out of the ordinary. Click START then RUN Now type Combofix /U in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . ---------- Download and install CleanUp!.exe Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click Options... Move the arrow to Standard CleanUp! Uncheck the following: (if checked) Delete Newsgroup cache Delete Newsgroup Subscriptions . Click OK Click the CleanUp! button to start the program. Reboot/logoff when prompted. ---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: Text file [.txt]* Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Erased like 30 megs. Scan was clean. [recovering disk space -- attachment deleted by admin]I don't know what your AV is hitting on but it isn't a virus.

Answer»

So once again I have been infected by a Trojan. I have followed all your instructions and have downloaded and ran all programs in normal and safe mode. I thought I found and deleted it last night. Ran a couple scans and everything cam up clean. Then today my resident scanner popped up saying I am infected with Sheur.BQEV. I sent it to the vault but it keeps coming back eventually so I guess I haven't essentially ever even found it. I am not sure if this pertains to anything but the other day I found Downloader.Generic7.XOQ. I am pretty sure I got that one for good. As of right now all my malware programs are saying everything is clean but I know thats not the case. Please help! Thank you for your time

XP Pro; 512 MB; Home Laptop; Centrino 1.4ghz.

[recovering disk space -- attachment deleted by admin]I'm not a pro or anything, but I suggest system restore.

Unless your computer was infected before any re-storable day.

In that case, I wish you luck !It's not showing in the HJT log.

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then SHOW Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.I scanned my computer last night and it came up clean too.

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 3

10:42:10 PM 8/31/2008
mbam-log-08-31-2008 (22-42-10).txt

Scan type: Quick Scan
Objects scanned: 48310
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not MOUSECLICK ComboFix's WINDOW while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Attached. Thx.

[recovering disk space -- attachment deleted by admin]

Click START then RUN
Now type Combofix /U in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

CleanUp!.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click Options...
Move the arrow to Standard CleanUp!
Uncheck the following: (if checked)
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
.
Click OK

Click the CleanUp! button to start the program. Reboot/logoff when prompted.

----------

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Erased like 30 megs. Scan was clean.

[recovering disk space -- attachment deleted by admin]I don't know what your AV is hitting on but it isn't a virus.

Solve : Dang Trojans! The never ending battle where I always lose...?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment