Virus - testmy.net resource / tool
Home
Welcome, Guest. Please login or register.
Did you miss your activation email?

  



donations help testmy.net pay for the very high cost to run the site. Any amount is greatly appreciated.
Click to read why...

  spcr
    
News : uglystupid2 Don't look stupid, make sure you keep up-to-date with our rules, please read rules, click here  police December 01, 2008, 10:54:05 PM
testmy.net Broadband  |  Main Forum  |  PC Security  |  Antivirus & Firewalls  |  Topic: Virus Advanced search

Recommended Tests

Click here to run a free Performance Scan
   Test PC Performance:
     Click here to run a free Performance Scan		     Test PC Stability:
     Click here to run a free Registry Scan


Note: The links above are sponsored links
  0 Members and 1 Guest are viewing this topic. « previous next »
Topic Tools Search this topic
 Pages 1 Go Down
Author
Topic: Virus  (Read 3502 times)
†¤ CoW ¤†
Sr. Member
*
Offline Offline

Posts: 179

Cow! ^^


View Profile
« on: January 20, 2007, 07:20:55 PM »
Ok... this is odd...

Whenever I open an IE browser window, Norton realtime scanner detects a "Downloader" under the filename spmrgaat.exe  in the C:/WINDOWS/system32 folder. Each time, it just automatically quarantines it. I have to manually delete it from the quarantine. I've tried using Kaspersky to find the source of this, but it says my computer is clean...

Can anyone help me? Thanks.
Logged
God, why did you make me retarded?
mudmanc4
Global Moderator
TMN Sr. Veteran
*
Offline Offline

Gender: Male
Posts: 4507





View Profile
« Reply #1 on: January 20, 2007, 07:31:21 PM »
Try booting in safe mode and deleting, if that doesnt work , un-install all browsers and re-install, this virus has a hidden re-installer Very Happy Also associated w/ xpupdate.exe
Logged
Yea, it's a Mac

In confusion there is profit
dlewis23
Global Moderator
TMN Seasoned Veteran
*
Online Online

Gender: Male
Posts: 9769


HEY! ill put it down when im good and ready.


View Profile
« Reply #2 on: January 20, 2007, 07:40:48 PM »
so a virus scan in safemode.
Logged
Voltageman
Sophist Member
TMN Friend
*
Offline Offline

Gender: Male
Posts: 791



View Profile WWW
« Reply #3 on: January 20, 2007, 08:02:46 PM »
Yup, what they said..

you can use this tool to manually delete it as well...

Select delete on reboot, and it will rid it from your system.
* Kill_Box.zip (87.41 KB - downloaded 83 times.)
Logged
"Loyalty to the country always. Loyalty to the government when it deserves it.."--Mark Twain
mudmanc4
Global Moderator
TMN Sr. Veteran
*
Offline Offline

Gender: Male
Posts: 4507





View Profile
« Reply #4 on: January 20, 2007, 08:46:37 PM »
Quote from: Voltageman on January 20, 2007, 08:02:46 PM
Yup, what they said..

you can use this tool to manually delete it as well...

Select delete on reboot, and it will rid it from your system.

 Just curious, is this prog, virus specific?
Logged
Yea, it's a Mac

In confusion there is profit
jags4560
Jr. Member
*
Offline Offline

Gender: Male
Posts: 39


View Profile
« Reply #5 on: January 21, 2007, 02:36:04 AM »
Nope. It can be used to delete any in-use file.
Logged
I'm not anti-social, I'm just not real friendly
†¤ CoW ¤†
Sr. Member
*
Offline Offline

Posts: 179

Cow! ^^


View Profile
« Reply #6 on: February 23, 2007, 12:00:22 AM »
Hmm... Killbox didn't work >.< It's still there...

However, with the Norton Spyware Scan that comes with Yahoo! Toolbar, I detected something called "Trojan.Ghost" in 2 files, in the same folder of my registry. I've tried removing it through the spyware scanner, but it just keeps on coming back... I'm thinking that they're both the same thing, and that one might be causing the other.

Also, the location of this registry entry doesn't seem to exist, or maybe I just can't find it when I try to look for it through the registry editor...

What should I do?
Logged
God, why did you make me retarded?
tommie gorman
Sophist Member
TMN Seasoned Veteran
*
Online Online

Gender: Male
Posts: 10207


"OLD GLORY"


View Profile
« Reply #7 on: February 23, 2007, 12:15:51 AM »
Quote from: †¤ CoW ¤† on February 23, 2007, 12:00:22 AM
Hmm... Killbox didn't work >.< It's still there...

However, with the Norton Spyware Scan that comes with Yahoo! Toolbar, I detected something called "Trojan.Ghost" in 2 files, in the same folder of my registry. I've tried removing it through the spyware scanner, but it just keeps on coming back... I'm thinking that they're both the same thing, and that one might be causing the other.

Also, the location of this registry entry doesn't seem to exist, or maybe I just can't find it when I try to look for it through the registry editor...

What should I do?
Did you scan in safe mode?
Logged
IF YOU DON'T STAND BEHIND OUR TROOPS, PLEASE, FEEL FREE TO STAND IN FRONT OF THEM !!!

"an old country hick from america"

Sprint EVDO Rev. A * AMD 64 3500+ 2.2 GHz cpu Ram 2GB/XP Home * TCP Optimizer
†¤ CoW ¤†
Sr. Member
*
Offline Offline

Posts: 179

Cow! ^^


View Profile
« Reply #8 on: March 12, 2007, 09:24:03 PM »
I tried scanning in safe mode. However, the results are the same. It doesnt detect a threat on my system.
Logged
God, why did you make me retarded?
kamil234
News Anchor
Expert
*
Offline Offline

Gender: Male
Posts: 1043



View Profile
« Reply #9 on: March 12, 2007, 09:30:20 PM »
try safe mode with networking, than use a online scanner which uses multiple AV's, it should tell you where the source is.

plus, when youre in safe mode the file shouldnt be in memory so you can delete it by hand
Logged


SOCOM 3 CLAN ^^
DJ VaGGo
Trance <~> Energy
Global Moderator
TMN Veteran
*
Offline Offline

Gender: Male
Posts: 2202


Earthlink 10000/512


View Profile
« Reply #10 on: March 12, 2007, 09:30:24 PM »
Go back to safe mode...but instead of scanning..do a search for files and folders and search for all the names that are used by the virus
Logged


My CPU: http://valid.x86-secret.com/show_oc?id=192303
kamil234
News Anchor
Expert
*
Offline Offline

Gender: Male
Posts: 1043



View Profile
« Reply #11 on: March 12, 2007, 09:32:16 PM »
Quote from: DjVaGGo on March 12, 2007, 09:30:24 PM
Go back to safe mode...but instead of scanning..do a search for files and folders and search for all the names that are used by the virus

that's waht i do if file can't found by AV's.

make sure you tick the "hidden files" box also.
Logged


SOCOM 3 CLAN ^^
DJ VaGGo
Trance <~> Energy
Global Moderator
TMN Veteran
*
Offline Offline

Gender: Male
Posts: 2202


Earthlink 10000/512


View Profile
« Reply #12 on: March 12, 2007, 09:34:44 PM »
Quote from: kamil234 on March 12, 2007, 09:32:16 PM
that's waht i do if file can't found by AV's.

make sure you tick the "hidden files" box also.

Yup smiley
Logged


My CPU: http://valid.x86-secret.com/show_oc?id=192303
†¤ CoW ¤†
Sr. Member
*
Offline Offline

Posts: 179

Cow! ^^


View Profile
« Reply #13 on: March 24, 2007, 09:27:29 PM »
Nevermind, got it fixed with windows update malicious software detection tool >.<

Apparently it was something called "Trojan.Alureon.A" >.< It's gone now..
Thanks for all of your help, everyone. =)
Logged
God, why did you make me retarded?
Print  Pages 1 Go Up
testmy.net Broadband  |  Main Forum  |  PC Security  |  Antivirus & Firewalls  |  Topic: Virus « previous next »
Jump to:  

 
    
testmy.net's forum is proudly Powered by SMF | SMF © 2006-2007, Simple Machines LLC
Bookmark: Del.icio.us    StumbleUpon
 		  

 

 © 1999-2008 testmy.net - Contact - Legal - Facts & FAQs
Page Loading Stats: This forum Page created in 0.115 seconds with 52 queries.