Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG found back door trojan generic 9.NHL [RESOLVED]

Started by Red panda , Feb 02 2008 02:21 PM

  • This topic is locked This topic is locked

#1
Red panda
Posted 02 February 2008 - 02:21 PM

Red panda

    New Member

  • Member
  • Pip
  • 4 posts
Hi there,

Not sure if I've posted in the correct place, if I'm wrong please accept my sincerest apologies.

I don't actually want to post an HJT log as I think every thing is ok, now that AVG found and quarantined the Trojan. What I'd like to know is, where is C:\RECYCLERS? (See below attachment for full details of where it was.)
I did have another one but I could see where that one had been - C:\Documents and Settings etc etc and I know how it got there. This "RECYCLERS" one, well I haven't a clue. :)

Hopefully someone can shed some light on this for me.

Kind regards, Red panda :)
BackdoorTrojan.jpg
  • 0

Advertisements

#2
JSntgRvr
Posted 08 February 2008 - 06:20 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Red panda :)

Welcome.

C:\RECYCLER is part of your Recycle Bin. It is a Windows Protected folder, thus superhidden. You can delete this folder and Windows will recreate the folder when needed.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\RECYCLER


  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#3
Red panda
Posted 09 February 2008 - 09:41 AM

Red panda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you JSntgRvr,

I hope I've done this right :)


Kind regards, Linda :)



C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1004 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc98 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc97\Ulead FantasyWarp.Plugin moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc97\Ulead ArtTexture.Plugin moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc97 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc94\ULEADGA50121 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc94 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc92\Ulead GIF Animator 5 Trial\opas moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc92\Ulead GIF Animator 5 Trial moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc92 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc48\setup moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc48\crack moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc48 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc2 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc128 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc120 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003\Dc109 moved successfully.
C:\RECYCLER\S-1-5-21-725345543-2049760794-2147238677-1003 moved successfully.
C:\RECYCLER\S-1-5-21-1409082233-1644491937-1417001333-1005 moved successfully.
C:\RECYCLER\S-1-5-21-1409082233-1644491937-1417001333-1004 moved successfully.
C:\RECYCLER moved successfully.

OTMoveIt2 v1.0.19 log created on 02092008_153513
  • 0

#4
JSntgRvr
Posted 09 February 2008 - 10:47 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Red panda :)

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

Re-Scan with AVG. Let me know the outcome.
  • 0

#5
Red panda
Posted 09 February 2008 - 03:21 PM

Red panda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Okay did all that and scanned with AVG. My scan was clear. The thing is it's been clear all the time anyway except for finding this Trojan in C:\RECYCLERS. I remember now downloading something and scanning the file with AVG, it detected a Trojan and I just deleted the file. This then must have went into C:\RECYCLERS and been detected there again, I think :) Will it be okay to delete the Trojan from my virus vault?

Many thanks for all your help it's much appreciated :)

Kind regards, Linda x
  • 0

#6
JSntgRvr
Posted 09 February 2008 - 05:58 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I think will it be okay to delete the Trojan from my virus vault?


Yes.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Edited by JSntgRvr, 09 February 2008 - 05:59 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP