Results 1 to 9 of 9
  1. #1
    Lounger
    Join Date
    Nov 2006
    Location
    San Juan, Puerto Rico, USA
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    trojan horse changes (xp prof serv pk2)

    Help!!!! My Compaq laptop computer has been invaded by trojan horse "Downloader generic7.kld". AVG 7.5 was able to find it and delete it, but not before, I believe, it made some changes to my op system. My desktop keeps changing to one with an annoying message about spyware infestation. Also, Windows explorer keeps popping up and sending me to porno sites and other undesired sites. AVG originally found changes in two sys operating files. shell32.dll and host. I have been unable to reverse these changes. I tried to restore the system to an earlier date, but it does not allow the restore program to complete. Now after a second scan AVG tells me that a change has also taken place in partition table (MBR), whatever MBR means. I do not want to start from scratch if I can avoid. Is there any way I can resolve these issues without radical surgery.

    Mike

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: trojan horse changes (xp prof serv pk2)

    Mike,
    There seems to be a LOT of variations of the downloader generic trojan. Quick looks through a few sites like Symantec and others suggest, to first disable System Restore, reboot into safe mode and then run your AV program. Another suggests that AVG does NOT remove that trojan completely?

    AdAware has a free online scan that says it will remove that trojan. Get it HERE
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Lounger
    Join Date
    Nov 2006
    Location
    San Juan, Puerto Rico, USA
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse changes (xp prof serv pk2)

    Bob

    Thanks for the information--it was very helpful. I did access AdAware and it did scan and located the infection. However it would not clean it unless I registered, and that I think carried a $20 cost. Before I went that way, I decided to try downloading the free AVG version 8, and then updated it. AVG 8 was able to find the infection and cleaned it.

    Mike

  4. #4
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: trojan horse changes (xp prof serv pk2)

    Glad you got it cleaned up, Mike. <img src=/S/cool.gif border=0 alt=cool width=15 height=15>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  5. #5
    Lounger
    Join Date
    Nov 2006
    Location
    San Juan, Puerto Rico, USA
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse changes (xp prof serv pk2)

    It seems to be working just fine, except for something I notice that seems new to me. I see a bunch of files that seem to have a double extension--the regular extension such as exe, wmv, zip, etc , plus an extra extension called "part". I don't know if these are file names changes made by the virus. The filetype is labeled also "part" I don't recall seen this extension or type before. Could these be changes effected by the creation of a disk partition (MBR) created at some point by the virus? So far these files have not given me an error, as far as I can tell. Has anyone seen this before?

    Mike

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: trojan horse changes (xp prof serv pk2)

    They might be leftovers from the trojan downloader. From here.....
    In general terms, many download managers will store parts of downloads in a file given the file extension .PART and then combine these when the download is complete. A .PART file by itself is generally of little to no use. You need to wait until the download is complete before opening it.

    Try moving them to a folder on your desktop, renaming them and see if it has any adverse effects. If no problems turn up in a week or two, I'd say it's probably safe to delete them.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    Lounger
    Join Date
    Nov 2006
    Location
    San Juan, Puerto Rico, USA
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse changes (xp prof serv pk2)

    Thanks--I was able to move them to a folder on my desktop as you suggested. So far I have not needed any of these files. If I notice no problems in the next few days, I will proceed to delete them.

    Mike

  8. #8
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: trojan horse changes (xp prof serv pk2)

    I hadn't been back on the Lounge yesterday but I see DocWatson answered and said what I would have posted.

    Rename them and wait a while to see if anything complains.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  9. #9
    Lounger
    Join Date
    Nov 2006
    Location
    San Juan, Puerto Rico, USA
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: trojan horse changes (xp prof serv pk2)

    Thanks--I will do just that

    Mike

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •