[M2 Carbine]

AVG keeps popping up with multiple copies of
Trojan Horse Back Door Generic12 GOG.dropper

I've run AVG,
Spywearfighter
SuperAnti Spywear,
Spy Bot,
and
Malwearbytes in and out of safe mode

No luck, AVG continues to poop up every few minutes with the virus.
AVG says,
C;\Windows\system32\316716.exe
is infected.

The last couple numbers change. Now 32\974590.exe just popped up.

Any ideas?

[Dalton Wayne]

When was the last time you upgraded AVG? you moved it to the vault and it didn't clear it, You may have to start over by cleaning the drive writing zeros to it then reinstall everything that's the worst case.
Sorry I wasn't much help
Regards
DW

[MavsX]

can you log into mutiple user accounts on that computer or do you just have 1 log on. If you have multiple accounts, try and log out and then log into another account, and see if the pop ups still appear. I got a feeling that you getting these pop ups in safe mode..you might be SOL.

let us know.

usually whenever i get a virus..i say..thats it. and i format and reinstall. you just can never trust the virus or the virus software...of course i haven't gotten a virus in probably 10 years..but i mean here at my office..if someone gets one, i usually just image the computer.

[M2 Carbine]

AVG is up to date.

Only one account.

Best I can tell AVG doesn't work in safe mode, I tried it this morning.
I wasn't getting the AVG popups in safe mode.

Malwearbytes does work in safe mode.


Got a line of thunderstorms moving in in about 20 minutes. Have to shut down but when I start up I'll see if I'm getting the pop ups in safe mode.

[D-E-F-E-N-S-E!]

Before doing something drastic like reformatting, try a program called Combofix.

It is a little hardcore, a little scary to use, and might be overkill, but should work as a last resort.

http://www.bleepingcomputer.com/comb...o-use-combofix

I was forced to use it once. It knocked out the virus...but had unfortunate side effects.
This program kills everything associated with the virus, and it seems that this virus had hijacked my login ID. When the virus was killed, so was any chance of logging in through normal channels.

User beware.

[Linux3]

Sorry but I just don't understand why people keep with Windows. An O.S. that is this vulnerable is so 1990.
There are better ways.
I'm not slamming you. It's your choice, I just don't understand the mind set. I like to do Internet banking and browse where ever I choose without worring about bad guys hijacking my identity or making the system I paid for part of a botnet.
Is it because you like to play games?

[Patrick Graham]

Quote:

Originally Posted by Linux3

Sorry but I just don't understand why people keep with Windows. An O.S. that is this vulnerable is so 1990.
There are better ways.
I'm not slamming you. It's your choice, I just don't understand the mind set. I like to do Internet banking and browse where ever I choose without worring about bad guys hijacking my identity or making the system I paid for part of a botnet.
Is it because you like to play games?

Adobe CS4 and Roland VersaCAMM for starters.

Linux is fine if you are just surfing the net.

[JohnBT]

"Sorry but I just don't understand why people keep with Windows."

Because it works just fine if you have half a clue about running a pc. I've had half a clue since 1987 when I got my first pc and I get along with Vista okay. I've thought about taking my first computer class and seeing about that other half a clue, but I've made it this far without any formal training.

John

[Pierre!]

DID YOU SCAN IN SAFE MODE????

If you do NOT scan in safe mode, most viruses/malware/trojans will stealth themselves and YOU WILL NEVER CLEAN THE SYSTEM.

I have seen veteran techs blow this off regularly. Stealth technology came into play 7 to 8 years ago, and it works, and it's gotten better.

Safe Mode removes the opportunity to stealth program loads.

YOU ARE WASTING YOUR TIME ATTEMPTING TO CLEAN IN ANY STATUS BUT SAFE MODE.

PERIOD.

So try again!

The rest of you can prevent a future visit from the "Safe Mode Gremlin" by stating that you are scanning in safe mode somewhere in your post...

Regarding which ever operating system you should use... I think that it is certain that whoever wins the operating system war will be attacked, probed, reverse engineered, and exploited at every point possible. Some systems just aren't worth the effort yet, and because of this appear to be rock solid...

As I have heard said "We just haven't played Cowboys and Macs, or Cowboys and Linux yet"... Know what I mean?

Suggesting a wholesale change of OS into an environment you have never seen or evaluated... *PRICELESS*

[Swiper]

Quote:

Originally Posted by JohnBT

"Sorry but I just don't understand why people keep with Windows."

Because it works just fine if you have half a clue about running a pc. I've had half a clue since 1987 when I got my first pc and I get along with Vista okay. I've thought about taking my first computer class and seeing about that other half a clue, but I've made it this far without any formal training.

John

I have used Windows since 1995. Only had 2-3 harmless viruses through the years despite being not overly protective. However, I have always had an up-to-date antivirus software and have never clicked on those maleware-popups that litters the Internet.

[M2 Carbine]

Quote:

DID YOU SCAN IN SAFE MODE????
If you do NOT scan in safe mode, most viruses/malware/Trojans will stealth themselves and YOU WILL NEVER CLEAN THE SYSTEM.
I have seen veteran techs blow this off regularly. Stealth technology came into play 7 to 8 years ago, and it works, and it's gotten better.
Safe Mode removes the opportunity to stealth program loads.
YOU ARE WASTING YOUR TIME ATTEMPTING TO CLEAN IN ANY STATUS BUT SAFE MODE.
PERIOD.
So try again!

Yes, I have run Megabytes in Safe Mode a number of times .
Megabytes is the only one of the anti virus programs I have been able to get to run in safe mode.

It, and all the other anti-virus programs find the virus, or at least the results of the virus. They appear to do their thing, quarantine, etc, but then within a minute a anti-virus program will show there's infected files again.
Apparently the virus has hidden itself somewhere and the anti-virus programs keep working on what the virus is doing but can't get rid of the virus.

Quote:

Before doing something drastic like reformatting, try a program called Combofix.

Thanks. I'll save this as a last resort. I suspect it may cause big problems since the virus is screwing up system32 files.

Quote:

Sorry but I just don't understand why people keep with Windows.

Because that's what comes with the computer. Most people that buy a new computer don't want to, and haven't a clue about installing another operating system.

Quote:

Suggesting a wholesale change of OS into an environment you have never seen or evaluated... *PRICELESS*

[Slug71]

Install Ubuntu.

[750SpiritRdr]

SuperAnti Spy ware will run in Safe mode, make sure it's updated and run it in safe mode. If you have to then put it on a jump drive and run it from there in safe mode

[750SpiritRdr]

by the way i work at a hospital in the IT Dept. and this is the best way to get rid of this. Run a scan more than once also.

[Linux3]

Quote:

Originally Posted by Patrick Graham

Adobe CS4 and Roland VersaCAMM for starters.
Linux is fine if you are just surfing the net.

Or if you are a scientist or mathematician or a researcher. Almost all of the 500 most powerful computers run Linux.
http://www.top500.org/stats/list/34/osfam
If you want to work on Digital Cinema, digital projection of feature films, then the O.S. is required by the Digital Cinema Initiative
http://www.dcimovies.com/
How about movie special effects artist, aka migrant pixel worker? Not home movies, professionals.
http://www.linuxmovies.org/
Security? If it's good enough for the NSA I guess it's good enough for me.
http://www.nsa.gov/research/selinux/index.shtml

And lets not forget people who just want to surf the web, write a few letters, do their banking and taxes show pictures and home videos and just don't want to have to worry about getting infected.

[M2 Carbine]

Quote:

SuperAnti Spy ware will run in Safe mode, make sure it's updated and run it in safe mode. If you have to then put it on a jump drive and run it from there in safe mode

I'll try it again.
I have a desktop icon for SuperAnti Spyware in safe mode but unlike Malwearbytes, SAS wouldn't open.
Thanks, I'll try and get SAS working in safe mode.


Now, in normal mode, as I'm typing SPYWAERfighter has popped up four times showing,

Infected file has been found,
Trojan.DR.Mudrop.CDO

every few minutes now.


I'd like to get my hands on the POS that created this virus. SOB would never touch a computer keyboard again.

[750SpiritRdr]

Quote:

Originally Posted by M2 Carbine

I'll try it again.
I have a desktop icon for SuperAnti Spyware in safe mode but unlike Malwearbytes, SAS wouldn't open.
Thanks, I'll try and get SAS working in safe mode.


Now, in normal mode, as I'm typing SPYWAERfighter has popped up four times showing,

Infected file has been found,
Trojan.DR.Mudrop.CDO

every few minutes now.


I'd like to get my hands on the POS that created this virus. SOB would never touch a computer keyboard again.

Have you been playing online games? That seems to be an online game hack

[M2 Carbine]

Quote:

Have you been playing online games? That seems to be an on line game hack

No games but I'm bad for looking at stuff to see if might be something I can use.
I don't remember what I was doing before this popped up, so I could have got the virus anywhere.


I got SuperAntiSpyware working in safe mode. All it came up with is 20 tracking cookies. I'm running a full scan now.
Lucky I've got a couple computers to use but the infected one is the main one with everything on it. I've started to make sure I've got everything backed up in case it comes down to formatting the HD. I'm almost tempted to buy a new computer. All mine are several years old. How's Win 7 working out?


The hell with this aggravation, I'm going shooting.

[IndyGunFreak]

Quote:

Originally Posted by Patrick Graham

Adobe CS4 and Roland VersaCAMM for starters.

Linux is fine if you are just surfing the net.

Hogwash...

There's plenty of programs that you can use that will do what those programs do.... The problem is, idiots install Linux and the first thing they say is "How do I make my Windows software run"... Well if you're gonna do that, just keep running Windows.

Learn to use Linux alternatives, and only use emulators/WINE when you have to. Makes life far easier.

IGF

[TnGlocker12]

I don't know much about computers, but a few months back I got a virus. I stumbled on the safe mode and then I did a "Restore" for a few weeks back and have not had any problems since.

[M2 Carbine]

Quote:

Originally Posted by TnGlocker12

I don't know much about computers, but a few months back I got a virus. I stumbled on the safe mode and then I did a "Restore" for a few weeks back and have not had any problems since.

In the past with some problems this has worked but has had no effect in this case.

As I'm typing now,

"Infected file has been found
Trogan.DR.Mudrop.CDO
C:\WINDOWS\system32\52489.exe"

still keeps popping up ever couple minutes.



If you Linux fans can say that Linux will run ALL the programs that Windows will run and is as easy to use as Windows, then I might consider it. If not, save your breath. I don't need more agrivation screwing with an operating system that it takes a computer geek to operate.

One day I might install Linux on a spare computer to see what it is,
but in the mean time Linux is doing nothing to help get rid of this virus.

[Patrick Graham]

Quote:

Originally Posted by IndyGunFreak

Hogwash...

There's plenty of programs that you can use that will do what those programs do.... The problem is, idiots install Linux and the first thing they say is "How do I make my Windows software run"... Well if you're gonna do that, just keep running Windows.

Learn to use Linux alternatives, and only use emulators/WINE when you have to. Makes life far easier.

IGF

LOL!!

I'll tell that to the Graphics arts shops I support.

[failedreality]

Quote:

Originally Posted by M2 Carbine

In the past with some problems this has worked but has had no effect in this case.

As I'm typing now,

"Infected file has been found
Trogan.DR.Mudrop.CDO
C:\WINDOWS\system32\52489.exe"

still keeps popping up ever couple minutes.

Have you tried to manually remove this file under safe mode?
Have you tried hijack this? If you do, save a log and pm me, i will look at it..

[DSMonsta]

Quote:

Originally Posted by M2 Carbine

If you Linux fans can say that Linux will run ALL the programs that Windows will run and is as easy to use as Windows, then I might consider it. If not, save your breath. I don't need more agrivation screwing with an operating system that it takes a computer geek to operate.

One day I might install Linux on a spare computer to see what it is,
but in the mean time Linux is doing nothing to help get rid of this virus.

Reformat your computer with Windows as the primary partition and a small partition of Ubuntu for web browsing. That is of course if you're unable to solve the current problem.

[gwalchmai]

Buck, if you can remove the HD from your PC and put it into an external HD enclosure you can connect the HD to a friend's clean PC and scan it from there. That works even better than safe mode.