Re: got this trojan in a file called mscmsr.dll - don't know where it came from...

From: "David De" <daviddelaneyfilmdirector@xxxxxxxxx>

| Here is the log file :
|
| C:\Documents and Settings\David\Local Settings\Temporary Internet Files
| \Content.IE5\SA7E9WEY\appD[1].cab
| [0] Archive type: CAB (Microsoft)
| --> inapp5.exe
| [DETECTION] Is the Trojan horse TR/Agent.AHDK.1
| C:\Documents and Settings\David\Local Settings\Temporary Internet Files
| \Content.IE5\XPSAKWO4\appB[1].cab
| [0] Archive type: CAB (Microsoft)
| --> inapp4.exe
| [DETECTION] Is the Trojan horse TR/Drop.Agent.Exo.2
| [INFO] The file was deleted!
| C:\WINDOWS\system32\mscmsr.dll
| [DETECTION] Is the Trojan horse TR/Dldr.Agent.kdt
| [INFO] The file was deleted!
| Begin scan in 'H:\' <Summers>
| H:\backup of all C\Program Files\movie magic screenwriter\netpub.exe
| [DETECTION] Contains a detection pattern of the (dangerous)
| backdoor program BDS/Hupigon.Gen Backdoor server programs
| [INFO] The file was deleted!
|

Have Dave:

Besides the Trojans, you have BDS/Hupigon.Gen (assuming it isn't a False Positive).

Not Good :-(


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Create a HJT log file and post it in one of the below locations...
Include the Avira log you provided.

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages

  • Re: Start up problem. Hangs. No entry in sys tray except time
    ... I tried cleaning again using Avira Antivir. ... [DETECTION] ... Is the Trojan horse TR/Dldr.FFZ.33 ... suggest u to have windows defender installed. ...
    (microsoft.public.windowsxp.accessibility)
  • Re: ISP notification, with virus
    ... machine or not without knowing what Trojan horse was detected. ... Microsoft "MVP" - Windows Security ... then my virus detection detected a trojan ...
    (microsoft.public.security.virus)
  • Re: Nod32, Kaspersky,Norton,McAfee,F-Prot,AVG,Avast! Most effective?
    ... >It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is ... >second in detection, just behind Kaspersky. ... a bit to see what various av products name a malware that KAV alerts ... samples "Trojan Horse". ...
    (alt.comp.anti-virus)
  • Malicious Virus / Microsoft Updates warning
    ... from Microsoft. ... The actual email address is MS Customer ... a worm virus. ... virus scanning and detection. ...
    (microsoft.public.windows.server.sbs)
  • Re: SQL Injection
    ... How this may help to avoid SQL injection? ... Microsoft has recently released SQL injection defense and detection ... and Microsoft Source Code ...
    (microsoft.public.dotnet.framework.aspnet.security)
Loading