Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Problem


  • Please log in to reply

#1
revenga

revenga

    Member

  • Member
  • PipPip
  • 20 posts
Hi. I have been running Ad-Aware SE and every time I ran it about 20 traces of a the same trojen poped up and It said i would have to reboot to delete them, and I did and I ran the scan again after rebot and nothing came up, then whe I robooted again and the trojen came up agian. the trojens name was smething along the lines of "Matrishasyou" if that helpsat all. Please help me to get rid of this problem.
  • 0

Advertisements


#2
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
Matrishasyou

thats a japanese trojan

this is what i found

When the variety it tries looking the overseas sight, it reached the point where such a ones come out suddenly.
-------------------------------
Your computer is infected!

Possible harmful infection was detected ON your PC The system will now download and install the most efficient spyware removal PROGRAM to prevent private data loss an your identify theft.
Click here to protect your PC from the biggest spyware threats.
-------------------------------
When so, it tries starting PC usually, it reached the point where power source is dropped selfishly.
Well because - foreboding did, starting with safe mode, when (it is normality starting, in order for you to drop PC itself) the variety it tried inspecting.

Once,howeveralso the coconut tried seeing, because you did not understand well, when you try searching Spybot and Ad-Aware, in up-to-date state the racketeer racketeer it is caught, @ ω @;

The result which is searched with 0 Spybot
< Avenue A. Inc. >
Cookie of research company.

< Cimuz >
Troy wooden horse type virus. Considerably, ヤバイ ones it seems, steals the information of the credit card and the information of key-in it seems.

< CoreMetrics >
Cookie of research company.

< DoubleClick >
The cookie of the research company, "double click".It is the spy wear "of third party"type, but as long as is used normally the pattern which is not problem separately.

< FastClick >
The cookie of the research company, "FastClick".

< HotsearchBar >
Adding wear. Announcement is indicated on PC.

< Mailbot >
Troy wooden horse type computer virus. It is スパム, the mail is transmitted to the address which are registered to your own E-mail.

< MediaPlex >
Cookie of research company. Once, it is something which is classified into the spy wear, but they are not vicious ones.
Unless the not turning off て there is a problem, it is thing, but deletion the to make sure.

< Microsoft.Windows.RedirectedHosts >
"Microsoft" is praised, butthe spy wear っ ぽ it is very. Once deletion.

< Microsoft.WindowsSecurityCenter.TaskManager >
Unless it is the spy wear, is.

< SexList > < SexTracker >
Cookie of research company. Once, it is something which is classified into the spy wear, but they are not vicious ones.
Unless the not turning off て there is a problem, it is thing, but deletion the to make sure.

< Smitfraud-C. >
Troy wooden horse type computer virus.When you cannot turn off with Spybot turning off, if Ad-Aware you can turn off, is.

< SpySheriff >
Spy wear.Considerably, when the type whose character is bad it seems, camouflages during spy wear exterminating,installs the mass spy wearis.

< Vcodec.eMedia >
マルウェアit seems. Deletion.

< Win32.Qoologic >
Troy wooden horse type computer virus. Something it installs the variety, it seems.

< Winsoftware.WinAntiVirusPro2006 >
Camouflaging in the virus extermination software, to tell the truth the adding wear.Somehow, the っ it came and described "Your computer is infected! - "Root of the doubtful message where with you saywe would like to see, is. Same deletion.


The result which is searched with 0 Ad-Aware
< MRU List >
Information "of the file which recently was used" and "the folder which is retained lastly" etc..
The one which is turned off for privacy protection calls and seems, but as for the person who does not designate privacy as the air the one っ て putting, there is no problem, it seems.

< Win32.Trojan.Downloader >
Doing from name, the virus っ ぽ of Troy type although, but it is andwith the bug of Ad-Aware, it is not the virus, when there is also a possibility of being caught is. If plural it seems that comes out, there is a possibility of bug, it seems, is. (By the way I as many as 11 hit)
Without deleting once, the combining which will leave......

< Win32.Trojan.MatrisHasYou >
Those which do not understand well. (Yahoo! However with it searched, it did not come out)
Once deletion.

< Win32.TrojanDownloader.Agent >
Troy wooden horse type virus. Deletion.

< Tracking Cookie >
Simply cookie. Unless the not turning off て there is a problem, however it is thing, once deletion.

Such a place.
It came out rather, @ ω @;
Temporarily, however with Spybot and Ad-Aware it tried turning off from edge......

It does not move, (' 祉 the E リ silkworm `)

Still, "Your computer above is infected! - "Message being made, PC is dropped.
So, starting once more with safe mode, this time starting the trend micro virus bus tar online, content of the hard disk all checks. When it does......

TROJ_DELF.DDU (pattern file 3.917.00 2006/11/9 correspondences)
TROJ_DLOADER.EFJ (pattern file 3.869.00 2006/10/22 correspondences)
TROJ_GALAPOPE.CU (pattern file 3.917.00 2006/11/9 correspondences)
TROJ_RENOS.FK (pattern file 3.917.00 2006/11/9 correspondences)
TSPY_AGENT.IRZ (spy wear) (pattern file 3.889.00 2006/10/30 correspondences)
TSPY_LDPINCH.JY (spy wear) (pattern file 3.897.00 2006/11/1 correspondences)

So much, it was caught, @ p @;

Those where well, the pattern file has not been renewed for a while probably become the enemy with......
(Being troublesome, it had not renewed the pattern file from 10/20)
It probably is the virus & spy wear what which this entirely, about 1 and 2 weeks ago were made perhaps.
Furthermore, in Japanese edition of the trend micro official pageis not recorded information of this virus, @ p @;
Because there is no manner, while looking at those of English edition, being the excessiveness to try you will do and you will translate and you to have decided to process, it does, but......

How, treatment method by manual operation without being written on the trend micro official page, itself, and it is @ ω @;

Because there is no manner, in deletion tries doing the file which came out the virus bus tar online, has been infected to the virus normally (to the trash box).
Whether with this all right. When registry it is rewritten, but misery...... what being rewritten absolutely, the る.
At the time of Windows usual starting the virus is executed automatically, we would like to see it puts out, @ ω @;
Well, until it is placed in the Japanese official sight, it waits, the correction of registry, kana?
Because it seems like the virus spy wear which comes out recently, however you think that the 載 っ you do not drive to end of year beginning of the year in the official sight, @ @;

So, it deletes by hand. Below infection file.

< TSPY_AGENT.IRZ >
C: \Documents and Settings\ (user name) \Local Settings\Temp\31274\gm.exe

< TROJ_DELF.DDU >
C: \windows\system32\cmd32.exe
C: \windows\system32\z2394.exe

< TROJ_DLOADER.EFJ >
C: \windows\system32\kernels1118.exe
C: \windows\system32\z235.exe

< TROJ_GALAPOPE.CU >
C: \windows\system32\z2444.exe

< TROJ_RENOS.FK >
C: \windows\system32\z3151.dll

< TSPY_LDPINCH.JY >
C: \windows\csrss.exe
There is a file of the same name also in "the system32" folder, butbecause there it is the important system file, deleting, it is with useless.

It tried deleting the file which temporarily, is caught the virus bus tar online entirely.
When it does not move with this, it is hateful......



Posted by steere0112 at 21:24 │Comments (0) │TrackBack (0)
To the top of this Blog articlebefore the │
Track/truck back URL to this article

download this and post it in the malware forum

go to the malware forum

GO HERE NOW

http://www.geekstogo...a...amp;s=&f=37

Edited by rushin1nd, 18 November 2006 - 01:18 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP