Trojan

**Ky.Rose** · January 16th, 2005, 09:13 PM

I ran AVG7.0 and this is what it found need help:

"C:\WINNT\GWMDMMSG.exe","ok","Quick checked"
"C:\WINNT\GWMDMpi.exe","ok","Quick checked"
"C:\WINNT\LOGI_MWX.EXE","ok","Quick checked"
"C:\WINNT\System32\SK9910DM.EXE","ok","Quick checked"
"C:\WINNT\System32\mshta.exe","ok","Quick checked"
"C:\WINNT\System32\navapq32.exe","ok","Quick checked"
"C:\WINNT\System32\rundll32.exe","ok","Quick checked"
"C:\WINNT\System32\shell32.dll","ok","Quick checked"
"C:\WINNT\System32\shimgvw.dll","ok","Quick checked"
"C:\WINNT\lmr.exe","ok","Quick checked"
"C:\WINNT\regedit.exe","ok","Quick checked"
"C:\autoprotect.exe","ok","Quick checked"
"c:\temp\salm.exe","ok","Quick checked"
"C:\WINNT\System32\kernel32.dll","ok","Quick checked"
"C:\WINNT\System32\wsock32.dll","ok","Quick checked"
"C:\WINNT\System32\user32.dll","ok","Quick checked"
"C:\WINNT\System32\shell32.dll","ok","Quick checked"
"C:\WINNT\System32\ntoskrnl.exe","ok","Quick checked"
"C:\temp\d0r1t1s.exe:\dorod.exe","Trojan horse BackDoor.Hacdef.2.G","Infected, Embedded object"
"C:\temp\d0r1t1s.exe:\ppi.exe","Trojan horse BackDoor.InvisibleFTP","Infected, Embedded object"
"C:\temp\d0r1t1s.exe:\van32.exe","Trojan horse HideWindow","Infected, Embedded object"
"C:\temp\d0r1t1s.exe","Trojan horse BackDoor.Hacdef.2.G","Infected, Archiv"
"C:\Documents and Settings\Owner\Local Settings\Temp\installer.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000163.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000164.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000165.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000166.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000167.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000168.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000169.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000170.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000171.EXE","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000176.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000185.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000193.exe","","Deleted"
"C:\WINNT\system32\f0r0r\niamx","","Deleted"
"C:\WINNT\system32\f0r0r\van32.exe","","Delete d"

**KyleOReilly** · January 17th, 2005, 08:59 AM

Hi,

I spent 12 hours yesterday trying to get this damn virus off my computer.

I looked in all the forums, did all the usual 'update your virus definitions' in Norton Antivirus, multiple scans in safe mode, downloaded four 'spyware' softwares, and none of it worked!

The only thing I managed to get to work was the 'Trojan Eliminator'! Go to this URL and download it FR~EE for 30 days. (Though I'd bookmark it too, 'cos if you get another trojan it will save you trying to find it again! ;o)

http://www.alarural.com/rd/trojan_eliminator.html

Let me know if you need any help with it. (I don't think it will be named the same, but my exe file was called: xqexwbx.exe and was in the WINDOWS main directory C:\WINDOWS\xqexbx.exe)

Hope it helps!

Kyle

Thread: Trojan

Thread Tools

Display

Trojan

I'd give this a try, it helped me remove Downloader.Trojan

Similar Threads

possible trojan

Which trojan?

Network Errors due to the ncx99.exe trojan.

Trojan virus is back?

Error on startup

Bookmarks

Bookmarks

Posting Permissions