Trojan horse stampede

  grizzley 01:07 23 Nov 2007

i have encountered a serious threat to my computer. whilst trying to down load some updated software my firewall asked if i wanted to allow C:\windows\system32\rMa18yy\rMa18yy2328.exe to be installed due to not knowing what this was i told my firewall to block, that is when things started going wrong some of my programmes froze, then my anti-virus software activated telling me a threat had been detected,i deleted the threat and all hell broke loose. i lost all desktop icons, INTERNET connection,all other programmes failed to work including anti-virus. luckily i had backed up my system to an external hard drive, i reinstalled software that was needed and put AVG 7.5 anti-virus on system and ran it after about 1 minute it started scrolling threats found. i will put list in separate post due to amount.

  p;3 02:11 23 Nov 2007

to get a better picture of what may be going on one might ask which program(s)you were trying to update?and from which site you were updating to start with

is this an XP machine ? and is system restore enabled?

and this is the rest of your other thread;
after avg had done its scans there were 813 threats found and deleted.
generic 9.AOT 810
generic9.XIG 1
downloader generic 6=2.

all it took was less than a minute to get in. scan took over 2 hrs to complete. unable to post all found thr"General properties",""
"Report name","Complete Test"
"Start time","22/11/2007 22:38:53"
"End time","23/11/2007 00:46:13 (total: 2:07:19.4 hrs)"
"Launch method","Scanning launched manually"
"Scanning result","Threats found"
"Report status","Scanning completed successfully"
" ",""
"Object summary",""
"Threats Found","813"
"Moved to vault","0"
"Errors","0"eats due to character limits.

  grizzley 11:21 23 Nov 2007

p;3 thanks for your reply.
To answer your questions. what i was trying to update was glary utilities from free to pro and limewire from free to pro using lime wire. my system is windows xp home with all updates installed. i have system restore turned on but does not work most of the time giving the excuse no changes have been made to system. i use an external hard drive to keep back ups on and use them when needed. like early this morning. said Trojans got onto my computer by beating the anti-virus avast and my firewall. both these gave warnings but was overwhelmed. i have found is that the trojans which installed them selves were keys/crack codes from some well known software not asked for. going from A-Z

  Mac70 11:51 23 Nov 2007

Hello Grizzly

Ive come acroos that folder a few times recently. Usually with Vundo infections. I would advise you get instructions from p;3 on posting a HijackThis log at another forum.
That folder isnt Vundo itself though and deep look at your system is needed.
I am worried at the amount of infected files and the connection with keys/cracks.
That could point to Virut.

  p;3 13:50 23 Nov 2007

as requested; you need to register with the specialist forum that will examine a tool they use to see what IS going on on the computer and instructions on how to clean it click here
read the instructions on this thread on that forum which details how to register and what is expected from/ of you on that forum
click here

please also note the contents of these two threads on there
click here

click here

once you are registered there and have posted a log in a new thread 'WAIT for a helper to get back to you with instructions

  grizzley 17:20 23 Nov 2007

thanks for the replies i have registered and posted a log with hijack this and will await a response. thanks to all for advice it is appreciated.

  p;3 18:41 23 Nov 2007

well done so far; now await a helper over there to get to you and advise on a cleaning method

no matter HOW tempted you are , do NOT post anything to that thread until you get a reply from a helper please::))

  p;3 21:27 23 Nov 2007

you may notice your request on the other forum has now received a reply from a helper there

  skidzy 21:42 23 Nov 2007

Just to add here;

It also looks like your backup is infected somewhere.

Follow the advice given to the letter regarding HJT and MWR,do NOT load this backup again.

  p;3 09:05 24 Nov 2007

you need to go back to your thread on the MWR forum and follow their instructions to post a FULL log for them to analyse and some other items they need to see;it seems you did NOT put the full log on there and managed to miss off the vital 'header' bit!!

you need to go back there , see what they request from you and run the HJT tool again and copy and paste the WHOLE of the log as a reply to your thread plus the additional information your helper requested

ALL of it needs to be posted as a reply to your thread there

  grizzley 12:53 24 Nov 2007

thanks for the continuing support much appreciated.

my back up is not infected because the backup was made days before any infection came on my system.

my anti-virus has not found any more infections since dealing with the last one, normally if infection is apparent it is normally just 1 never had 813 Trojan's before. at the time of infection i was trying to get glarys utilities pro to replace free version, also i wanted limewire pro as well to replace my free version. normally i am careful because i have noticed lately that some posts are not what it claims they are. some software downloads as mp3 player which as soon as i see that i delete said file and clean up. latest threat happened so quickly it froze my system and then wiped out my desktop and Internet connection. avast home anti virus could not prevent it, it was overwhelmed by the threat and my firewall gave up the ghost on it. i will check hijack this website for any replies just in case i have missed some thing. cheers folks.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

Creative studio Omnibus' brand identity for We Said Enough fights back against sexual misconduct

WWDC history: Apple's product launches since 2005

Espace de stockage : comment libérer de la mémoire sur votre iPhone ?