Before the lan yesterday, i virus and spyware checked my computer fully and everyhting was cool. Yesterday, at the lan, I was going to take a short break from gaming so i opened up my kazzaa folder and wanted to watch a video clip. Then AVG says that i have a trojan downloader and i dont have permission to view the clip. I think the torjan found its way onto my system via the cd key site i was on trying to get a cd key for COD. So i go into avg and test. It finds the trojan downloader and says that it healed it and removed it. Well next time i try to view the vid clip, it says i dont have permission and it says i have the trojan still. Its a virus thats not coming off and i need help getting rid of it.

Boot up Windows in safe mode and try running AVG again from that. Running anti-virus in normal mode is a bit like going up against Ender with an assault rifle. Occassionally it will work, but the majority of the time you're gunna be screwed.

So actually, I guess it's more like going against Ender...ever. In fact, maybe it's more like going against Ender when HE has the assault rifle.

when i try to run AVG in safe mode it says Driver(CORE) not found in winerr22


or something like that and it wont open avg. spybot S&D works, but not avg :(

i booted up in safe mode and tired sopme stuff and now im in normal mode and i angered it apparently and triggered it to attach itself to about 4 more files

and avg says it cant remove 3 of the 4 infected files


heres just one of the popups i get ever 5 minutes:

Errr...that's pretty lame, if the anti-virus program won't work in safe mode.

Did AVG give the trojan a name? We're gunna need to get a bit mroe information on what we're dealing with.

yes its a trojan horse downloader.VB.EC


take a look: (its a new pic with the same old name)

Sorry, didn't see the pic at first.

It looks like either SpyBot or AdAware will solve the problem.

ok. i got 2 more pics to post .

and after it says that message 2 more times it says this:

Download either Ad-Aware (http://www.snapfiles.com/get/adaware.html) or Spy-Bot (http://www.safer-networking.org/index.php?page=download) if you don't have one of them already.

If they don't fix your problem, then there are other steps we can take to try.

i have spybot and have ran tests and it says theres no spyware.

and ad aware found 70 infected objects are removed them. so appearently spybot doesent decect as muc has ad aware hmm.

i dunno if that will help or not. :\

I found this on google. looks like it infects media player and you will have to delete the trojan and reinstall media player.

Site 1 (http://forums.infomaticsonline.co.uk/thread.jsp?forum=5&thread=28675)


site 2 (http://www.computing.net/security/wwwboard/forum/10892.html)

Nice detective work Excessive. I think I'll call you Dick :D

ok. ill uninstall win media player and reinstall it. is pup.exe safe to delete though? its in the wwindows folder so i dont want to mess any critical files up.

Try deleting it, and if windows needs it it will tell you it can't be deleted.



I hope.


;)

I have never had It so I can't say. All I can Say is it helped the people in the forum threads I posted links to. :shrug: I hope it helps. Google is the first place I go to with problems, and it has never let me down yet.

Originally posted by Excessive
I have never had It so I can't say. All I can Say is it helped the people in the forum threads I posted links to. :shrug: I hope it helps. Google is the first place I go to with problems, and it has never let me down yet.

Ditto! :dance: Google rulez!!! :woot:

hmmm. when i try to look for it its not there anymore in my windows folderr. hmm. i think ad aware deleted it . as i said above, spybot didnt find any problems and ad aware found 70 and deleted all of them, and i bet pup.exe was one of them. no i just have to delete wmp.:rolleyes:

by the way thanks excessive for the links.:)

Ad aware is great. But just to warn you, if you are using the free version of Kazaa it might not work anymore. Its packed full of adware and spyware. removing those disables the program. But thats not a bad thing in my book. ;)

Originally posted by Excessive
Ad aware is great. But just to warn you, if you are using the free version of Kazaa it might not work anymore. Its packed full of adware and spyware. removing those disables the program. But thats not a bad thing in my book. ;)

Agreed. I only download from Napster for music now, and I buy games that I want :D

ok now pup.exe is gone and thats ok, but now im getting about 10 more popups saying the trojan downloader has infeced 2 different files in different folers. damnit. any ideas on how i totally get rid of this damn downloader for good and heal all the files its infected?

*edit*

ok its been about 2 hours and ive done everyhting from uninstalling windowsmedia player, to running literally 20 tests over and over with avg, spybot, and adaware, to running a scan with trends micro, to searching on countless forums, to resarting my computer, to deleteing everything in my AVG virus vault, and much, much more. But although it all started with the infection of pup.exe, every time i delete/move to VV/heal a file infected by the virus, it invects 2 new files. All of the files seem to be in my wondows and system32 folder but there are some outside of that. I just want to totallly get rid of this damn thing. please help!

Sorry. The only thing I can suggest is Google (http://www.google.com) . :( There is a massive ammount of info and experience out there. And most likely you are not the first person with this problem. Do a serch with names of the virus, or complete error messages in quotes.
If all else fails, reformat and stay away from Kazaa and Warez sites.

Go to Trendmicro.com and use their housecall anti virus. It should fix everything for you.

ok whew i think i got rid of it but im not completely sure.

as ive said before, ive done/installed/tired everything you can possibly imagine, so i cant say liek oh this did it, or when i did this that fixed it.

From my experience, the trojan downloader than i have is a virus. What it does is infect 2 files in my c/windows folder. when i heal/move2 VV/ somehow delete those two files, it infects 2 more, and so on and so on. Well the last two files it infected i could not delete or heal or do anything with. so i went into safe mode and manually ripped them off my computer. (i hope they werent important filed). now im in normal mode and apparently the trojan downloader decided not to infect the two new files liek it usually dows. now that could mean 2 things:

1.) somehow its gone (unlikely)

2.) it is just not infecting anything but is still dangerous and still on my computer (likely)

i just got done running tests with spybot, adaware , AND avg and if the downlaoder had infected something at least one of those programs would have caught it somehow. its amazing why the virus just stopped altogether, but maybe it did? i dont know. i have an undeasy feeling in my stomach that it is still on my computer and doing something bad/monitoring what i do/getting personal info or something like that :(

thats an update on whats going on. hopefully i can just get rid of this damn thing completely 100% for good!

I dunno Night, it sounds like you got it whupped! :woot:

run MSCONFIG (Start > Run) and click the startup tab. Look for suspicious looking entries and throw em at google and see what pops up, if it looks suspicious, uncheck the box next to it so it wont run when your computer starts.

what do you mean by suspicious? what should i be looking for?

and for another update i ran another test and found a virus that want connected to the trojan i dont think and i jsut healed it and it was fine. but all in all i think the whole ordeal is done. if spybot and avg dont detect any problems, its probably ok.

Well since you dont have judgement, put the name of each process in google and see what it comes up with, disable what isn't needed.

Best case scenario, you find a virii and a bunch of spyware exe's

Worst case secenario, you find programs that you dont need running, and save memory space.

Win win.

ok now im getting popups from avg saying the trojan downloader has infected a file in my System Volume Information folder on my C drive........ But when i run a test it doesent find anything. How retarted... ANy suggestions? Or any was i can get rid of this downloader for good?

Have you tried my method yet? Trojans cant run unless they are executed by startup...

I just dont want to search 1000000 different things on google. and other than that I dont know what to look for in that menu.

Originally posted by night3218
I just dont want to search 1000000 different things on google. and other than that I dont know what to look for in that menu.

So you want us to search 100000 things on google for you?

Originally posted by Excessive
So you want us to search 100000 things on google for you?

lol no im kool.

heres a message box that pops up at me evry hour or so.

And when i run tests with AVG it doesent find anything and i have all of the updates.

*bump*