Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Downloader.popuper help needed


  • Please log in to reply

#1
shadow06031992

shadow06031992

    New Member

  • Member
  • Pip
  • 1 posts
hi guys.. im new here, so if i did something wrong in creating this topic, let me know, but right now im desperate. My girlfriend has had various problems with Trojans the 6 months or so. So far, I've been able to help her get rid of them.. or so i thought. Recently she found a .exe file for the Trojan-Downloader.popuper, which i thought i had gotten rid of back in February. That and she also had the Vundo Trojan that took me quite a while to "get rid of" but she had a scan that told her it was still there. She tried to delete that file, but Windows Defender wouldn't let her because it has the file quarantined. She does use vista. Here is a screen shot of the spyware doctor program that she has installed, showing the Trojans.

Posted Image

I am going to quote a message she sent me this morning about it. Hopefully you cna answer some of her questions, as well as find a way to remove it. If you need anymore information, i would be glad to tell you.

I went through the registry and backed up the file that was supposedly in collaboration with the Vundo Trojan i had..
Then i deleted it out of the registry._.

but in the C drive i still find a file related to Vundo that i was trying to kill in the first place and it wont let me delete it because of windows defenders quarantine guard against it...

I deleted the exact registry key for that file location..Doesn't that mean the file under the C drive shouldn't exist anymore?Or have a rendered that file useless by destroying the registry key?._. or have a released it to wreck possible and unrepairable damage upon my comp?!




New info:

She found a file called kdcoo.exe on her comp. Windows Defender, says that it is the Vundo Trojan shown here:
Posted Image

she looked up the file and it says the file was added in September of last year, but she did buy the comp until October 31st.

Here is a shot of the file in explorer, and also Windows Defender showing that the file cannot be removed.
Posted Image

Just recently, she told me about some random messages that have popped up on her comp in the last 2-3 days. This one she said popped up 4 times 3 days ago, and she just clicked the "X" and then later it would come up later. This is the message:
Posted Image

Also, yesterday, she got a message about he computer maybe having counterfeit software:
Posted Image

Hopefully all of this is relevant to help solve the problem. i will be posting more information as i receive it.

Also at this point, she is reluctant to download anything, as that is how she got the Trojan in the first place. so if you can solve the problem without having to make a hijacker log or anything, that would be appreciated, as she is leary about getting another virus or making the current one worse than it already is. I'm not quite sure on to the extent of what the Vundo Trojan does, but form what she has said and what i have read, it isn't system threating.

Also something that might be relevant, is that she gets knocked offline every once in a while, and he modem is still on, but her computer says it is off.

Edited by shadow06031992, 11 August 2008 - 12:26 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP