Bizarre browser behavior after a Trojan cleanup

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I had my Windows XP desktop affected by a series of Trojans and Worms
last week. After a couple of days, i was able to get it mostly cleaned
using a mix of Avira, AVG, Adaware and a number of other tools. I am
having the following issue after the clean up though.

It i attempt to go to any anti-virus website using Firefox or IE, i
get a page not found. These pages are accessible using Safari. All
other non-security related websites are accessible from both Firefox
and IE. If i do a search on "Free online virus scan" and go through
the first few results, none of these are accessible through FF and IE,
but reachable through Safari. I removed FF and reinstalled a fresh
version just to make sure there was no proxy being used in the form of
an addon. The same behavior continues to exist with the new install of
FF. There is no proxy set on both browsers.

The following were the malware which were reported by Avira AntiVir,
which has all been cleaned.

[DETECTION] Contains HEUR/HTML.Malware suspicious code
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Is the TR/Dldr.Small.jer Trojan
[DETECTION] Is the TR/Dldr.Small.jer Trojan
[DETECTION] Is the TR/Agent.1421312.H Trojan
[DETECTION] Contains recognition pattern of the EXP/Flash.adi.2
exploit
[DETECTION] Is the TR/Agent.jyl Trojan
[DETECTION] Is the TR/Buzus.alnb Trojan
[DETECTION] Is the TR/Vundo.Gen Trojan
[DETECTION] Is the TR/Dldr.Injecter.ccy Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Is the TR/Dldr.Small.jer Trojan
[DETECTION] Is the TR/Agent.bhrg Trojan
[DETECTION] Contains HEUR/Crypted suspicious code
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[DETECTION] Is the TR/Agent.bhrg Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[DETECTION] Is the TR/Buzus.alnb Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm


Re: Bizarre browser behavior after a Trojan cleanup



| I had my Windows XP desktop affected by a series of Trojans and Worms
| last week. After a couple of days, i was able to get it mostly cleaned
| using a mix of Avira, AVG, Adaware and a number of other tools. I am
| having the following issue after the clean up though.

| It i attempt to go to any anti-virus website using Firefox or IE, i
| get a page not found. These pages are accessible using Safari. All
| other non-security related websites are accessible from both Firefox
| and IE. If i do a search on "Free online virus scan" and go through
| the first few results, none of these are accessible through FF and IE,
| but reachable through Safari. I removed FF and reinstalled a fresh
| version just to make sure there was no proxy being used in the form of
| an addon. The same behavior continues to exist with the new install of
| FF. There is no proxy set on both browsers.

| The following were the malware which were reported by Avira AntiVir,
| which has all been cleaned.

| [DETECTION] Contains HEUR/HTML.Malware suspicious code
| [DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Agent.1421312.H Trojan
| [DETECTION] Contains recognition pattern of the EXP/Flash.adi.2
| exploit
| [DETECTION] Is the TR/Agent.jyl Trojan
| [DETECTION] Is the TR/Buzus.alnb Trojan
| [DETECTION] Is the TR/Vundo.Gen Trojan
| [DETECTION] Is the TR/Dldr.Injecter.ccy Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Agent.bhrg Trojan
| [DETECTION] Contains HEUR/Crypted suspicious code
| [DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
| [DETECTION] Is the TR/Agent.bhrg Trojan
| [DETECTION] Is the TR/Spy.Gen Trojan
| [DETECTION] Is the TR/Buzus.alnb Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm


I'd say that you are still infected.

Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntiSpyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Bizarre browser behavior after a Trojan cleanup

Have you checked your 'hosts' file?
Quoted text here. Click to load it



Re: Bizarre browser behavior after a Trojan cleanup

says...
Quoted text here. Click to load it

Chris, Stalking on the internet is a crime, your signature indicates you
are a sick individual stalking myself as well as others, you have
warned, again.


--
Leythos - spam999free@rrohio.com (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief
http://tinyurl.com/4rruwd

Re: Bizarre browser behavior after a Trojan cleanup

Leythos, after much thought, came up with this jewel:
Quoted text here. Click to load it

I can't believe after all these years it is still going on. Seems that
every newsgroup has its trolls. I see that I didn't make the list this
round-oh well.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically setup for use in USENET

Re: Bizarre browser behavior after a Trojan cleanup

maxwachtel@nomail.afraid.org says...
Quoted text here. Click to load it

It stopped for a while and then he started it again.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Bizarre browser behavior after a Trojan cleanup

Leythos, after much thought, came up with this jewel:
Quoted text here. Click to load it
Between the mis-information and personal attacks from trolls, it is very
hard to just ignore them.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically setup for use in USENET

Re: Bizarre browser behavior after a Trojan cleanup

jCarver wrote:
Quoted text here. Click to load it


You could have the nasty tdsserv.sys rootkit. Try going to device manager,
show hidden devices, go to non plug and play devices, if you see tdsserv.sys
then disable it, reboot and rerun your anti spyware software.

Gaz



Site Timeline