Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

win32/Renos.DZ

  • 04-06-2009 6:55pm
    #1
    Closed Accounts Posts: 13,222 ✭✭✭✭


    anybody ever have any dealings with this trojan??windows defender is detecting it and keeps telling me it has removed it but detects it again later(it regenerates itself or something),undetected by kaspersky anti virus.Have tried some removal programmes but to no avail,they either dont detect or dont remove its driving me mad.appreciate any help thanks


Comments

  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Can you follow the instructions in the sticky please?


  • Closed Accounts Posts: 13,222 ✭✭✭✭Will I Amnt


    hey thanks for reply,after running the comedian there were some errors and access was denied in reg. exe. and some others,i was directed to download ERUNT,also when i ran the comedian a programme i have called ad adware was detecting trojan qhost should i continue with the next steps in the sticky?here is the malwarebytes log
    Database version: 2233
    Windows 6.0.6001 Service Pack 1

    05/06/2009 14:37:13
    mbam-log-2009-06-05 (14-37-13).txt

    Scan type: Quick Scan
    Objects scanned: 89665
    Time elapsed: 8 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\cambo and tray\AppData\Local\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


  • Closed Accounts Posts: 13,222 ✭✭✭✭Will I Amnt


    after cleaning it with malwarebytes windows defender no longer detects the trojan,it was detecting it every time on start up,am i ok to think its completely gone?


  • Registered Users, Registered Users 2 Posts: 1,674 ✭✭✭Deliverance


    Hi cambo I have the same problem with a friends computer. It sounds like this fix worked for you. Is that the case? I'd really appreciate if you could reply and let me know so I can do the same. Thanks. Oh and thanks for the sticky as well if it worked.


  • Advertisement
  • Closed Accounts Posts: 13,222 ✭✭✭✭Will I Amnt


    yea i think so,after downloading the malwarebytes programme and running the scan it found some problems and removed them,windows defender hasnt detected anything since then,but i have read on other forums of people that still needed to do more after scanning(i expected to aswel) so i guess its not a definite fix but hope it works for ya it was doing my head in for a few days


  • Registered Users, Registered Users 2 Posts: 1,674 ✭✭✭Deliverance


    cambo2008 wrote: »
    yea i think so,after downloading the malwarebytes programme and running the scan it found some problems and removed them,windows defender hasnt detected anything since then,but i have read on other forums of people that still needed to do more after scanning(i expected to aswel) so i guess its not a definite fix but hope it works for ya it was doing my head in for a few days
    Thanks cambo, I am in the process of working it out right now. I am asking this fella for help: http://www.computek.ie/techforum/viewtopic.php?f=4&t=25&p=38#p38

    And it seems like a good tech forum v. helpful fella. Hopefully between here and there the problem will be fixed.


Advertisement