win32/Renos.DZ

Will I Amnt

anybody ever have any dealings with this trojan??windows defender is detecting it and keeps telling me it has removed it but detects it again later(it regenerates itself or something),undetected by kaspersky anti virus.Have tried some removal programmes but to no avail,they either dont detect or dont remove its driving me mad.appreciate any help thanks

aidan_walsh

Can you follow the instructions in the sticky please?

Will I Amnt

hey thanks for reply,after running the comedian there were some errors and access was denied in reg. exe. and some others,i was directed to download ERUNT,also when i ran the comedian a programme i have called ad adware was detecting trojan qhost should i continue with the next steps in the sticky?here is the malwarebytes log
Database version: 2233
Windows 6.0.6001 Service Pack 1

05/06/2009 14:37:13
mbam-log-2009-06-05 (14-37-13).txt

Scan type: Quick Scan
Objects scanned: 89665
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\cambo and tray\AppData\Local\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

ActorSeeksJob

hi

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\drivers\royal.sys
  %SYSTEMDRIVE%\*.
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Will I Amnt

after cleaning it with malwarebytes windows defender no longer detects the trojan,it was detecting it every time on start up,am i ok to think its completely gone?

Deliverance

Hi cambo I have the same problem with a friends computer. It sounds like this fix worked for you. Is that the case? I'd really appreciate if you could reply and let me know so I can do the same. Thanks. Oh and thanks for the sticky as well if it worked.

Will I Amnt

yea i think so,after downloading the malwarebytes programme and running the scan it found some problems and removed them,windows defender hasnt detected anything since then,but i have read on other forums of people that still needed to do more after scanning(i expected to aswel) so i guess its not a definite fix but hope it works for ya it was doing my head in for a few days

Deliverance

cambo2008 wrote: »

yea i think so,after downloading the malwarebytes programme and running the scan it found some problems and removed them,windows defender hasnt detected anything since then,but i have read on other forums of people that still needed to do more after scanning(i expected to aswel) so i guess its not a definite fix but hope it works for ya it was doing my head in for a few days

Thanks cambo, I am in the process of working it out right now. I am asking this fella for help: http://www.computek.ie/techforum/viewtopic.php?f=4&t=25&p=38#p38

And it seems like a good tech forum v. helpful fella. Hopefully between here and there the problem will be fixed.