Re: Is there a tools to clean Trojan-psw ?



Hello Dave!

I have another infected PC (win XP) and I ran your tool with the followin'
scanrporte. I trunked donw the long list.

************************KAV under safe
mode*****************************************
Version 3.0 build 135
Last update: 29.05.2007, 333325 records.

c:\WINDOWS\AVP.EXE infected: Trojan-PSW.Win32.Maran.et
c:\WINDOWS\AVP.EXE deleted: Trojan-PSW.Win32.Maran.et
c:\WINDOWS\AVP.RAR archive: RAR
c:\WINDOWS\AVP.RAR/avp.exe infected: Trojan-PSW.Win32.Maran.et
c:\WINDOWS\AVP.RAR/avp.exe disinfection failed: Trojan-PSW.Win32.Maran.et
c:\WINDOWS\AVP.RAR disinfection failed: Trojan-PSW.Win32.Maran.et
c:\WINDOWS\HPQ1280H.BMP archive: Tar
c:\WINDOWS\HPQ1280H.BMP Tar: unknown format.
c:\WINDOWS\ZAPOTEC.BMP packed: Edit


c:\WINDOWS\SYSTEM32\NETSETUP.EXE/data0000.cab archive: CAB
c:\WINDOWS\SYSTEM32\NLSFUNC.EXE packed: ExePack
c:\WINDOWS\SYSTEM32\OD10ME~1.DLL infected: Trojan-PSW.Win32.Maran.eu
c:\WINDOWS\SYSTEM32\OD6MEDIA.DLL infected: Trojan-PSW.Win32.Maran.dy
c:\WINDOWS\SYSTEM32\OD6MEDIA.DLL deleted: Trojan-PSW.Win32.Maran.dy
c:\WINDOWS\SYSTEM32\SEASID~1.SCR infected:
not-a-virus:AdWare.Win32.GAINNetwork.b
c:\WINDOWS\SYSTEM32\SEASID~1.SCR deleted:
not-a-virus:AdWare.Win32.GAINNetwork.b
c:\WINDOWS\SYSTEM32\SHARE.EXE packed: ExePack
c:\WINDOWS\SYSTEM32\SHARE.EXE packed: Com2Exe
c:\WINDOWS\SYSTEM32\SHDOCLC.DLL archive: Embedded HTML
c:\WINDOWS\SYSTEM32\SQLSODBC.CHM archive: CHM
c:\WINDOWS\SYSTEM32\SYSPRINT.SEP archive: Mail
c:\WINDOWS\SYSTEM32\SYSPRTJ.SEP archive: Mail
c:\WINDOWS\SYSTEM32\UDHISAPI.DLL archive: Mail
c:\WINDOWS\SYSTEM32\WEBFLDRS.MSI archive: Embedded
c:\WINDOWS\SYSTEM32\WEBFLDRS.MSI/Cabinet.1.CAB archive: CAB
c:\WINDOWS\SYSTEM32\WMPLOC.DLL archive: Embedded HTML
c:\WINDOWS\SYSTEM32\XPSP2RES.DLL archive: Embedded HTML
c:\WINDOWS\SYSTEM32\XPSP3RES.DLL archive: Embedded HTML

Scan process completed.
Result for all objects:
Sector Objects : 0 Known viruses : 4
Files : 139859 Virus bodies : 5
Folders : 2434 Disinfected : 0
Archives : 10319 Deleted : 3
Packed : 176 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 1710 Corrupted : 0
Scan time : 01:12:11 I/O Errors : 0

**************************Sophos under safe
mode***********************************

Full Scanning

Password protected file C:\compaq\Acrobat_Reader\Data1.cab\RdrMsgENU.pdf
Password protected file C:\Documents and Settings\Administrator\Application
Data\Adobe\Acrobat\7.0\Messages\CHT\read0700win_CHTadbe0700.pdf
Could not open C:\Documents and Settings\Administrator\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open C:\Documents and Settings\Administrator\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Could not open C:\Documents and Settings\NetworkService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open C:\Documents and Settings\NetworkService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Password protected file C:\Program Files\Adobe\Acrobat
7.0\Reader\Messages\CHT\RdrMsgCHT.pdf
Password protected file C:\Program Files\Adobe\Acrobat
7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Program Files\Adobe\Acrobat
7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Program Files\Adobe\Acrobat
7.0\Reader\WebSearch\WebSearchENU.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Setup
Files\RdrBig709\CHT\Data1.cab\WebSearchENU.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Setup
Files\RdrBig709\CHT_\Data1.cab\WebSearchENU.pdf
Virus 'Troj/Maran-Gen' found in file C:\WINDOWS\avp.rar\avp.exe
Removal successful
Could not check
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4adf2c552e920168522e0231bd1f2f39\BIT2.tmp\SfxArchiveData\mrt.exe._p
(virus scan failed)
Could not open C:\WINDOWS\system32\config\system.LOG
Virus 'Mal/Maran-A' found in file C:\WINDOWS\system32\od10media.dll
Removal failed

1 master boot record swept.
28623 files swept in 1 hour, 0 minutes and 28 seconds.
14 errors were encountered.
2 viruses were discovered.
2 files out of 28623 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@xxxxxxxxxx
or telephone +44 1235 559933
8 encrypted files were not checked.
Ending Sophos Anti-Virus.
************************************************************************

The problem is the both AV cannot remove this file (Virus 'Mal/Maran-A'
found in file C:\WINDOWS\system32\od10media.dll) and it won't let me delete
manually.

Also, the PC will not reboot or shutdown properly, it freeze at shutdown
screen. Is this problem related to the virus?

Thank you again for your time & help!

Regards,
Mingo


"David H. Lipman" <DLipman~nospam~@Verizon.Net> ¼¶¼g©ó¶l¥ó·s»D:ueVxCFToHHA.4428@xxxxxxxxxxxxxxxxxxxxxxx
| From: "Mingo" <sly_007_2007_remove_@xxxxxxxxx>
|
|| Thx Dave for the tool!
||
|
| < snip >
|
| >>>> Virus 'Troj/Lineag-Gen' found in file C:\WINDOWS\SYSTEM32\PDLL.dll
| < snip >
||
|| My Pc is back to normal. Thanks again dave!
||
|| Best regards,
||
|| Mingo
||
|
|
| Hi Mingo:
|
| Don't know what Kaspersky found but Soophos found the Lineage Trojan.
|
| I'm glad that my tool worked for you and thanx for updating the thread.
|
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|


.