Thread: can't get rid of trojan horse downloader
View Single Post
Old 06-17-2009, 01:04 AM   #4 (permalink)
sjb007
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,273
OS: Windows 7 Premium x64

My System

Re: can't get rid of trojan horse downloader
Hi there Jase

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Quote:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\QZ6oIcO.exe"
"C:\X8OyYhZB.bat"
"C:\N1NP5Q.bat"
"C:\pvNWoKyx.exe"
"C:\z8q.bat"
"C:\xLvEnh.bat"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please post the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

Post back with the resutls in your next reply, also update me on how things are running
__________________
If we have helped you then please consider donating

Proud Member of ASAP & UNITE Since 2007
sjb007 is offline   Reply With Quote