ok i will!
but if this means anything to you please tell me. i found a forum thread on someone with the same problem, and how the fixed it?
here it is ....
Anyone out there know of the Clicker 6 Trojan Horse. I have it on my
computer found by AVG. It is destroyed each time I boot up by AVG but is
there again when I re-boot.
My operating system is XP Pro
I turned off roll back, exposed my hidden files and system files, I have
updated my microsoft spyware program and spybot search and destroy, Adaware
and I also have the latest spyblaster installed and up to date.
I rebooted my computer in safe mode and ran all of these programs, then I
re-ran AVG, it was nowhere to be found by any of them.
I shut down then rebooted as normal to find that Clicker 6 was still on my
computer which was now once again being found by AVG even though I was
congratulated by Spybot on having a clean machine.
I am now at the end of my ideas can anyone who has encountered this Trojan
horse please help.
Thanking you in anticipation
Enigma
David H. Lipman
2005-03-24, 9:15 pm
From: "Enigma" <
[email protected]>
| Anyone out there know of the Clicker 6 Trojan Horse. I have it on my
| computer found by AVG. It is destroyed each time I boot up by AVG but is
| there again when I re-boot.
|
| My operating system is XP Pro
|
| I turned off roll back, exposed my hidden files and system files, I have
| updated my microsoft spyware program and spybot search and destroy, Adaware
| and I also have the latest spyblaster installed and up to date.
|
| I rebooted my computer in safe mode and ran all of these programs, then I
| re-ran AVG, it was nowhere to be found by any of them.
|
| I shut down then rebooted as normal to find that Clicker 6 was still on my
| computer which was now once again being found by AVG even though I was
| congratulated by Spybot on having a clean machine.
|
| I am now at the end of my ideas can anyone who has encountered this Trojan
| horse please help.
|
| Thanking you in anticipation
|
| Enigma
1) Download the following two items...
Trend Sysclean Package
http://www.trendmicr...ownload/dcs.aspLatest Trend signature files.
http://www.trendmicr...oad/pattern.aspCreate a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt514.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .
2) Disable System Restore
http://vil.nai.com/v...eSysRestore.htm3) Reboot your PC into Safe Mode then shutdown as many applications as possible.
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
* * Please report back your results * *
--
Dave
http://www.claymania...jan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htmEnigma
2005-03-26, 6:17 pm
Thank you David, sorry for delay in replying but I have spent many hours
trying to destroy this blighter.
I gave your recomendation a go and repeated it about 6 times in different
ways, I did make sure that the latest database was downloaded along with the
program. I was well impressed and noticed that it runs in dos mode.
Unfortunately Clicker 6.0 Trojan is still with me as Trend Sysclean program,
like all the other well known ones, including the Microsoft Anti Spyware,
does not recognise it. Everything just thinks it is not there. Spybot
actually congratulated me for having a clean machine.
AVG is the only one to pick it up but unfortunateley can kill it but cannot
destroy it as it regenerates on boot up.
HELP I'M STUCK.
David H. Lipman
2005-03-26, 6:17 pm
From: "Enigma" <
[email protected]>
| Thank you David, sorry for delay in replying but I have spent many hours
| trying to destroy this blighter.
|
| I gave your recomendation a go and repeated it about 6 times in different
| ways, I did make sure that the latest database was downloaded along with the
| program. I was well impressed and noticed that it runs in dos mode.
|
| Unfortunately Clicker 6.0 Trojan is still with me as Trend Sysclean program,
| like all the other well known ones, including the Microsoft Anti Spyware,
| does not recognise it. Everything just thinks it is not there. Spybot
| actually congratulated me for having a clean machine.
|
| AVG is the only one to pick it up but unfortunateley can kill it but cannot
| destroy it as it regenerates on boot up.
|
| HELP I'M STUCK.
The TrendMicro Sysclean runs in a Commnad Prompt , it is NOT DOS.
If you send me email, I will send you information tool. I can't post it publicly due to
licensing.
In addition, AVG must be flagging a specific file as being infected with said Trojan.
Please submit the Isuspect file to Virus Total --
http://www.virustota...h/index_en.htmlThe submission will then be tested against several different AV vendor's scanners.
Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.
Please post back the EXACT results.
This way we can determine if it is a False Positive or if another tool is more suited to its
erradication.
--
Dave
http://www.claymania...jan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htmEnigma
2005-03-27, 6:18 pm
Hi David
I sent an email to you in order that you could send me the information tool
but I have received nothig yet.
While I have been waiting I have been extremly busy as follows:
GOOD NEWS
I HAVE SOLVED THE PROBLEM AT LAST.
AVG kept telling me when I booted up that Clicker 6 was detected writing to
c:\windows\system32\inetconnect.dll.
I went to
www.ScanSpyware. net who advised me to go into into the registry
and deleted {FD3A6ABA-5527-4B52-90AF-F90CD3270861} which I did. While I was
doing this I deleted all folders that had reference to the file
inetconnect.dll which was the one AVG kept telling me was a Trojan horse 6.
and it was being written to.
I then went into c:\windows\system32 and deleted the file inetconnect.dll. I
then copied an mp3 file into this folder and renamed it inetconnect.dll.
Next I went into the folder using the DOS window (command line) and changed
the file to a protected file unable to be written to by using the command
ATRIB +R INETCONNECT.DLL. This made it impossible for the virus to overwrite
the file and so it could not reproduce.
This may appear a clumsy method but it works. It will do until the virus
gurus learn about it.
Thank you and everyone else for all your help in trying to solve this
problem and may I wish you each and every one all the best. Keep up the good
work, it is a God send.
Erik
2005-03-27, 6:18 pm
Aldus sprak Enigma op 27-3-2005 18:37:
[vbcol=seagreen]
> Hi David
>
> I sent an email to you in order that you could send me the information tool
> but I have received nothig yet.
>
> While I have been waiting I have been extremly busy as follows:
>
> GOOD NEWS
>
> I HAVE SOLVED THE PROBLEM AT LAST.
>
> AVG kept telling me when I booted up that Clicker 6 was detected writing to
> c:\windows\system32\inetconnect.dll.
>
> I went to
www.ScanSpyware. net who advised me to go into into the registry
> and deleted {FD3A6ABA-5527-4B52-90AF-F90CD3270861} which I did. While I was
> doing this I deleted all folders that had reference to the file
> inetconnect.dll which was the one AVG kept telling me was a Trojan horse 6.
> and it was being written to.
>
> I then went into c:\windows\system32 and deleted the file inetconnect.dll. I
> then copied an mp3 file into this folder and renamed it inetconnect.dll.
>
> Next I went into the folder using the DOS window (command line) and changed
> the file to a protected file unable to be written to by using the command
> ATRIB +R INETCONNECT.DLL. This made it impossible for the virus to overwrite
> the file and so it could not reproduce.
>
> This may appear a clumsy method but it works. It will do until the virus
> gurus learn about it.
>
> Thank you and everyone else for all your help in trying to solve this
> problem and may I wish you each and every one all the best. Keep up the good
> work, it is a God send.
>[/vbcol]
Good thinking, Enigma!!
Erik.