Trojan-downloader.win32, P2P-worm.win32

**brjones** · 24.04.2010, 17:05

2 simultaneous attacks found, each on separate user profiles of same WinXP system. Root cause from infected patch.exe. Various malicious .tmp files being created. Random redirect of IE7 pages. Norton and Kaspersky innefective (removed NIS and replaced with Kas2010). Malwarebytes finds traces but can't resolve root issue. Kaspersky actually blocking most outgoing IE page access too. AV and AVZ programs being auto minimized.
Thanks in advance.

**Aleksandra** · 24.04.2010, 18:22

1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:

Код:

begin
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
 DelBHO('{054A3872-B4BE-4747-ABEF-DCF033DD66Cf}');
 QuarantineFile('C:\WINDOWS\system32\deImg40432.dll','');
 QuarantineFile('C:\DOCUME~1\Brian\LOCALS~1\Temp\F1.tmp','');
 QuarantineFile('C:\WINDOWS\System32\d3dx10_3332.dll','');
 DeleteFile('C:\WINDOWS\System32\d3dx10_3332.dll');
 DeleteFile('C:\DOCUME~1\Brian\LOCALS~1\Temp\F1.tmp');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','RTHDBPL');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a4742495879','DLLName');
 DeleteFile('C:\WINDOWS\system32\deImg40432.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

3. After reboot execute this script in AVZ:

Код:

begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.

Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=76947

4. Fix in HijackThis:

O20 - Winlogon Notify: a4742495879 - C:\WINDOWS\System32\d3dx10_3332.dll

5. Make new logs.

**brjones** · 24.04.2010, 21:21

All steps complete incl Quarantine.zip upload and new logs which are attached in post#1 of this thread.

**Aleksandra** · 25.04.2010, 11:28

Make a new log of HijackThis.

**brjones** · 25.04.2010, 17:18

Sorry, here's the new one.

**Aleksandra** · 25.04.2010, 19:05

I could not find any malware in your log.

**CyberHelper** · 26.04.2010, 19:05

Статистика проведенного лечения:

Получено карантинов: 1
Обработано файлов: 3
В ходе лечения обнаружены вредоносные программы:
1. c:\docume~1\brian\locals~1\temp\f1.tmp - HEUR:Trojan.Win32.Generic ( AVAST4: Win32:Dracur-B [Cryp] )
2. c:\windows\system32\deimg40432.dll - Trojan-Downloader.Win32.Agent.dqjc ( DrWEB: Trojan.Searcher.102, AVAST4: Win32:Dracur-B [Cryp] )

Trojan-downloader.win32, P2P-worm.win32

Опции темы

Trojan-downloader.win32, P2P-worm.win32

Итог лечения

Похожие темы

Последствия rojan.Win32.Agent.buqf, Trojan-Downloader.Win32.Kido.k, Trojan.Win32.Hosts.gen и т.д.

Последствия вирусов: Backdoor.Win32.Shiz.vp, Packed.Win32.Krap.h, Trojan-Downloader.Win32.Agent.esao, Trojan.JS.Redirector.nf

KIS 2010 обнаружил Trojan.Win32.Swisyn.yxx, Trojan-Downloader.Win32.AutoIt.x, Trojan.Win32.VB.ahcz

Набор: Virus.Win32.Sality.q , Worm.Win32.Delf.Ir , Trojan-Dropper win32 agent.ahlx подробнее в теме

Worm.VBS.Agent + Trojan-Downloader.Win32.Small.zwh

Ваши права в разделе