Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Trogan-gen (Other) infection [RESOLVED]


  • This topic is locked This topic is locked

#16
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

i have ininstalled firefox 3, and gone back to firefox 2.0.0.16. The program seems to have stopped crashing, however i would prefer to move back to firefox 3 if possible.

If you want you should be able to move back to Firefox 3.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Dan\My Documents\Docs\PSP\psx to psp\IceTea\icetea1.3_win\icetea.exe
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

Advertisements


#17
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Jimmy,

I ran the OTMoveIT program as instructed, please see the log below:

Explorer killed successfully
C:\Documents and Settings\Dan\My Documents\Docs\PSP\psx to psp\IceTea\icetea1.3_win\icetea.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Dan\LOCALS~1\Temp\fla1D9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dan\LOCALS~1\Temp\~DF52FE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dan\LOCALS~1\Temp\~DFF82.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6a0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_QC3ApO3piqrxUEa scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_211102

Files moved on Reboot...
File C:\DOCUME~1\Dan\LOCALS~1\Temp\fla1D9.tmp not found!
C:\DOCUME~1\Dan\LOCALS~1\Temp\~DF52FE.tmp moved successfully.
C:\DOCUME~1\Dan\LOCALS~1\Temp\~DFF82.tmp moved successfully.
C:\WINDOWS\temp\CLML_AGENT_LOG1.txt moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6a0.dat not found!
File C:\WINDOWS\temp\sqlite_QC3ApO3piqrxUEa not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!


Thanks again for your help,
Dan
  • 0

#18
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,
Your logs look clean. :)
Just a few more things to do.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.




You are using a old version of Adobe Acrobat Reader, please update it here.




  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Please delete any leftover tools used to clean your computer.



Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#19
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Jimmy

Thank you for your help! i have followed your recommended steps, and all completed fine.

However, when i updated Adobe reader, Spyware Blaster came up saying that the program had altered the settings for internet explorer (in the registry?). is this normal?

Thank you for confirming my logs are now clear, and thanks for all of your help with this. You really have been a massive help, i wish everyone on the net was as helpful as you!

One last question, about a week ago i bought something from the internet using my credit card. Will the malware that was on my PC cause any trouble with this? i am unsure what the malware was, i am just wondering if it will have passed my details onto anyone or anything like that?

Thanks again for all your help with this, you have been amazing!

Dan
  • 0

#20
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

However, when i updated Adobe reader, Spyware Blaster came up saying that the program had altered the settings for internet explorer (in the registry?). is this normal?

Adobe reader might need to change a few things, so there should be no problem with that.

One last question, about a week ago i bought something from the internet using my credit card. Will the malware that was on my PC cause any trouble with this? i am unsure what the malware was, i am just wondering if it will have passed my details onto anyone or anything like that?

I did not see any signs of malware that would steal any of your info, so you should be safe on that.
  • 0

#21
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thats great, thanks Jimmy!

You really have been a massive help with all this, so thanks again!

I will definitely be making a donation for all your help as soon as i get my paypal account registered.

thank you,
Dan
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP