Solved: Difficult Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

recall383

Thread Starter
Joined
Oct 1, 2008
Messages
2
Hi there,

First, my apologies for a wall of text up front... Hopefully it's all useful information.

I've currently got some virus on my machine that creates other Trojans. The ultimate (noticeable) effect is that IExplorer.exe will randomly start up and go to an advertisement. More often than not, the process name is kBrp0553.exe, if that's of any use. At this point, I've disabled the IE application through Control Panel -> Add/Remove Programs -> Windows Components. However, I still see the process pop up, in the process tree emanating from "services.exe". Additionally, it's opening TCP connections to many IP addresses, which I'd be happy to share if it would provide any use. Most seem fairly random though spanning from "unknown.nscnap.net" to yahoo IP's, and they're fairly dynamic changing relatively quickly. I'm using Process Explorer to determine this.

After noticing this effect, I've begun trying to clean my system. I started using Trend Micro's Housecall, which found a Trojan and supposedly cleaned it. This had no effect, the popups continued. Next I moved to AdAware and a full (legal) installation of Symantec Antivirus. Symantec periodically finds new Win32.Agent.ahdb and Win32.BHO.pe (I've used the Kapersky names, the Symantec equivalent to Agent.ahdb is Trojan.Flush.G) viruses that didn't exist during the last scan, even while the computer's idle i.e. I leave the machine on overnight with nothing but background processes and then run a scan the next morning, boom new Trojan. Recently I've tried Kapersky Online Scan, which found my quarantined files from Symantec, but nothing else.

I've tried using HJT, and haven't noticed anything outstanding in the log, but I'm not an expert by any means. I've also used SDFix, Microsoft Windows Malicious Softare Removal Tool, Look2Me-Destroyer, XoftSpySE, ComboFix, and SpyZooka, all to no avail. I also ran Malwarebytes which found some Weatherbug registry keys in addition to another set of Trojan.BHO and Trojan.Agent, which were probably just new instances of what Symantec AV has been removing periodically. At this point, I'm still getting the popup processes.

I'm pretty frustrated and about to throw in the towl and just re-install Windows, but I was hoping maybe someone had an idea that might help save me that pain.

I've attached my HJT, ComboFix, and SDFix logs, since those are the ones I'm not sure I fully understand.

Sorry for the essay, but I figured most of this information might be useful.

Thanks in advance for any help you can render!
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya and welcome to Tech Support Guy :)

Are you still having this problem? If so, can you post a fresh HijackThis log as its been a few days :)

Regards

eddie
 

recall383

Thread Starter
Joined
Oct 1, 2008
Messages
2
Hi Eddie, and thanks for your response. Fortunately I did manage to get it figured out. Turns out it was a TrojanDownloader.Firu which all of the tests mentioned in my first post somehow missed.

I got it using http://www.eset.com/onlinescan/ which I found recommended to another user over on bleepingcomputer.com who was having similar issues.

I was quite surprised to find that none of the other Malware/Virus scanners found it.

Anyway, I'll mark this as solved. Thanks!
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Oki doki, glad its all working for you :)

Any problems in the future, just post.

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top