Solve : Trojan Virus?

1.	Solve : Trojan Virus?
Answer» Hi scanned my computer with my anti virus and it tells me I have these 9 viruses but it will not remove them. Can somebody help me with this. I am running windows XP. This is the report from the virus scan. Result: 9 malware found * Scanning aborted by user * Trojan-Dropper.Win32.Agent.anpy (virus) C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe C:\WINDOWS\system32\NetworkService32\117.crack.zip\setup.exe C:\WINDOWS\system32\NetworkService32\118.keygen.zip\keygen.from.Black.X\keygen.exe C:\WINDOWS\system32\NetworkService32\118.keygen.zip\setup.exe C:\WINDOWS\system32\NetworkService32\119.serial.zip\setup.exe C:\WINDOWS\system32\NetworkService32\120.setup.zip\keygen_from_iFLUENCE\keygen.exe C:\WINDOWS\system32\NetworkService32\120.setup.zip\setup.exe Trojan-Dropper.Win32.Agent.anmf (virus) C:\WINDOWS\system32\NetworkService32\119.serial.zip\keymaker_by_CORE\CORE10k.EXE Trojan-Dropper.Win32.Agent.anmg (virus) C:\WINDOWS\system32\NetworkService32\119.serial.zip\keymaker_by_CORE\keymaker.exe Here is the superanti spyware log... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/23/2009 at 12:58 PM Application VERSION : 4.26.1002 Core Rules Database Version : 3908 Trace Rules Database Version: 1853 Scan type : Complete Scan Total Scan Time : 00:45:29 Memory items scanned : 553 Memory threats detected : 0 Registry items scanned : 4899 Registry threats detected : 0 File items scanned : 64111 File threats detected : 1 Adware.Casino Games (Golden Palace Casino) C:\HOLDEMV6\CASINO.EXE Here is the log for the anti-malware Malwarebytes' Anti-Malware 1.36 Database version: 2170 Windows 5.1.2600 Service Pack 3 5/23/2009 1:26:08 PM mbam-log-2009-05-23 (13-26-08).txt Scan type: Quick Scan Objects scanned: 75560 Time elapsed: 2 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\NetworkService32\117.crack.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\117.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\118.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\118.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\119.serial.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\119.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\120.setup.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\120.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\121.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\121.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\122.music.snd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\122.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\123.music.au (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\123.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\124.video.wmv (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NetworkService32\124.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully. Clik Here Follow the instructions and post your logs... Someone will be along shortly. This is what Warez will get you...I am seeing this... Well, It seems as if you have been doing a lot of torrent downloading by the looks of it. KEYMAKER.exe, KEYGEN.exe. Before we go further... Let me point out something. Downloading torrent's has a high RISK of viruses, Trojans, worms, etc. Also, most torrent's are illegal. But, let me help... Since the program directed you to the proper directories of the worms, this makes life easy(er). let us look at the first one: C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe Go to My Computer (XP) or Computer (Vista) > Click Local Disk > WINDOWS > system32 > NetworkService32 > 117.crack.zip Delete the 117.crack.zip folder and there goes virus 1. Do this with the rest and it should work. If it doesn't just tell us. Hope This Helps, Miles M.Quote from: milesman on May 20, 2009, 04:20:35 PM I am seeing this... Well, It seems as if you have been doing a lot of torrent downloading by the looks of it. KEYMAKER.exe, KEYGEN.exe. Before we go further... Let me point out something. Downloading torrent's has a high risk of viruses, Trojans, worms, etc. Also, most torrent's are illegal. But, let me help... Since the program directed you to the proper directories of the worms, this makes life easy(er). let us look at the first one: C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe Go to My Computer (XP) or Computer (Vista) > Click Local Disk > WINDOWS > system32 > NetworkService32 > 117.crack.zip Delete the 117.crack.zip folder and there goes virus 1. Do this with the rest and it should work. If it doesn't just tell us. Hope This Helps, Miles M. Please don't instruct the OP to do anything, as this may cause the problem to be even worse. And torrenting may be illegal, but most likely, if you got it from a reputable source (in torrenting circles), then it will be clean. The OP probably downloaded the .zips from an unknown source.OK, Maybe I didn't give the BEST idea . But hey, that's what I would do.Uninstall all of your cracks, keygens, warez, patches.... whatever they are calling them now before posting for help in the malware removal forum. We will not help anyone pirate anything or help to MAKE the system work with pirated software. But if you mess up your computer in the process, we will help you fix it.Quote from: evilfantasy on May 20, 2009, 04:43:59 PM Uninstall all of your cracks, keygens, warez, patches.... whatever they are calling them now before posting for help in the malware removal forum. We will not help anyone pirate anything or help to make the system work with pirated software. But if you mess up your computer in the process, we will help you fix it. Cracks and keygens are commonly used terms for specific types of pirating. Cracks are demos that have been "cracked" (hence the name), so that the full version is accessible. Keygens are programs that create random STRINGS of numbers and letters to fool the demo that you've bought the full version. Warez is the general term for all pirated or pirating related software.I followed the paths but none of those files exist in system 32 Thy this: 1) Go into the folder where you think they are. 2) Go to Tools > Folder Options > View > Scroll Down And Check "Show Hidden Files and Folders" This may show the files if there "Hidden" But this may not work. Hope This Does Though! Miles M.Dwayne, LISTEN UP, follow the advice given by Patio in reply #1 , follow evilfantasys' reply # 5 , and ignore the rest ...... your computer will be working and online much faster if you follow the guidelines.Quote from: Karnac on May 21, 2009, 07:15:04 AM Dwayne, LISTEN UP, follow the advice given by Patio in reply #1 , follow , and ignore the rest ...... your computer will be working and online much faster if you follow the guidelines. Try milesman's idea first. If it doesn't help you then try evilfantasys' reply # 5. Keep us informed All I said was to get rid of the cracks....

Answer»

Hi scanned my computer with my anti virus and it tells me I have these 9 viruses but it will not remove them. Can somebody help me with this. I am running windows XP. This is the report from the virus scan.

Result: 9 malware found
*** Scanning aborted by user ***

Trojan-Dropper.Win32.Agent.anpy (virus)
C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe
C:\WINDOWS\system32\NetworkService32\117.crack.zip\setup.exe
C:\WINDOWS\system32\NetworkService32\118.keygen.zip\keygen.from.Black.X\keygen.exe
C:\WINDOWS\system32\NetworkService32\118.keygen.zip\setup.exe
C:\WINDOWS\system32\NetworkService32\119.serial.zip\setup.exe
C:\WINDOWS\system32\NetworkService32\120.setup.zip\keygen_from_iFLUENCE\keygen.exe
C:\WINDOWS\system32\NetworkService32\120.setup.zip\setup.exe

Trojan-Dropper.Win32.Agent.anmf (virus)
C:\WINDOWS\system32\NetworkService32\119.serial.zip\keymaker_by_CORE\CORE10k.EXE

Trojan-Dropper.Win32.Agent.anmg (virus)
C:\WINDOWS\system32\NetworkService32\119.serial.zip\keymaker_by_CORE\keymaker.exe

Here is the superanti spyware log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2009 at 12:58 PM

Application VERSION : 4.26.1002

Core Rules Database Version : 3908
Trace Rules Database Version: 1853

Scan type : Complete Scan
Total Scan Time : 00:45:29

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 4899
Registry threats detected : 0
File items scanned : 64111
File threats detected : 1

Adware.Casino Games (Golden Palace Casino)
C:\HOLDEMV6\CASINO.EXE

Here is the log for the anti-malware

Malwarebytes' Anti-Malware 1.36
Database version: 2170
Windows 5.1.2600 Service Pack 3

5/23/2009 1:26:08 PM
mbam-log-2009-05-23 (13-26-08).txt

Scan type: Quick Scan
Objects scanned: 75560
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\NetworkService32\117.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\117.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully.

Clik Here

Follow the instructions and post your logs...
Someone will be along shortly.

This is what Warez will get you...I am seeing this...

Well,
It seems as if you have been doing a lot of torrent downloading by the looks of it. KEYMAKER.exe, KEYGEN.exe. Before we go further... Let me point out something. Downloading torrent's has a high RISK of viruses, Trojans, worms, etc. Also, most torrent's are illegal. But, let me help...

Since the program directed you to the proper directories of the worms, this makes life easy(er). let us look at the first one:

C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe

Go to My Computer (XP) or Computer (Vista) > Click Local Disk > WINDOWS > system32 > NetworkService32 > 117.crack.zip

Delete the 117.crack.zip folder and there goes virus 1. Do this with the rest and it should work. If it doesn't just tell us.

Hope This Helps,

Miles M.Quote from: milesman on May 20, 2009, 04:20:35 PM

I am seeing this...

Well,
It seems as if you have been doing a lot of torrent downloading by the looks of it. KEYMAKER.exe, KEYGEN.exe. Before we go further... Let me point out something. Downloading torrent's has a high risk of viruses, Trojans, worms, etc. Also, most torrent's are illegal. But, let me help...

Since the program directed you to the proper directories of the worms, this makes life easy(er). let us look at the first one:

C:\WINDOWS\system32\NetworkService32\117.crack.zip\crack.by.ORiON\crack.exe

Go to My Computer (XP) or Computer (Vista) > Click Local Disk > WINDOWS > system32 > NetworkService32 > 117.crack.zip

Delete the 117.crack.zip folder and there goes virus 1. Do this with the rest and it should work. If it doesn't just tell us.

Hope This Helps,

Miles M.

Please don't instruct the OP to do anything, as this may cause the problem to be even worse. And torrenting may be illegal, but most likely, if you got it from a reputable source (in torrenting circles), then it will be clean. The OP probably downloaded the .zips from an unknown source.OK,

Maybe I didn't give the BEST idea . But hey, that's what I would do.Uninstall all of your cracks, keygens, warez, patches.... whatever they are calling them now before posting for help in the malware removal forum.

We will not help anyone pirate anything or help to MAKE the system work with pirated software. But if you mess up your computer in the process, we will help you fix it.Quote from: evilfantasy on May 20, 2009, 04:43:59 PM

Uninstall all of your cracks, keygens, warez, patches.... whatever they are calling them now before posting for help in the malware removal forum.

We will not help anyone pirate anything or help to make the system work with pirated software. But if you mess up your computer in the process, we will help you fix it.

Cracks and keygens are commonly used terms for specific types of pirating. Cracks are demos that have been "cracked" (hence the name), so that the full version is accessible. Keygens are programs that create random STRINGS of numbers and letters to fool the demo that you've bought the full version. Warez is the general term for all pirated or pirating related software.I followed the paths but none of those files exist in system 32
Thy this:

1) Go into the folder where you think they are.
2) Go to Tools > Folder Options > View > Scroll Down And Check "Show Hidden Files and Folders"

This may show the files if there "Hidden"
But this may not work.

Hope This Does Though!

Miles M.Dwayne, LISTEN UP, follow the advice given by Patio in reply #1 , follow evilfantasys' reply # 5 , and ignore the rest ...... your computer will be working and online much faster if you follow the guidelines.Quote from: Karnac on May 21, 2009, 07:15:04 AM

Dwayne, LISTEN UP, follow the advice given by Patio in reply #1 , follow , and ignore the rest ...... your computer will be working and online much faster if you follow the guidelines.

Try milesman's idea first. If it doesn't help you then try evilfantasys' reply # 5.
Keep us informed All I said was to get rid of the cracks....

Solve : Trojan Virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment