Trojan

jolynyk · Post by **jolynyk** » 30 Nov 2009 7:39 am

My AVG found a Trojan Horse Downloader Generic 9.VBL

How can I remove these Trojans.. What exactly does this Trojan do?

thanks in advance

Mitch Drumm · Post by **Mitch Drumm** » 30 Nov 2009 8:31 am

I would think that AVG would automatically quarantine or remove it, or give you an obvious means to do so, but maybe not.

Here is what I would do:

Identify where that file is on your hard drive.

Go to virustotal.com and browse to that file in their "upload a file" box. The file will then be scanned by about 40 different products. See if some of those scanners also ID it as bad news.

Regardless of the outcome at virustotal, go to malwarebytes.org and download their free scanning tool. Go to the update tab and update it. Go to the scanning tab and do a full scan. It might take 20 minutes to run.

It will presumably find the same threat and give you a chance to quarantine or delete it.

As for what it does, I googled the exact name and got no exact hits and only a few similar hits. But I wouldn't think it could be anything good, so I would quarantine it or delete it through malwarebytes scanning tool.

jolynyk · Post by **jolynyk** » 30 Nov 2009 8:45 am

Thanks Mitch, will go to their sites & see what happens, might also try Trend Microinstead of AVG

Wiz Feinberg · Post by **Wiz Feinberg** » 30 Nov 2009 9:44 am

Always treat "generic" Trojan detections with skepticism until you get a second opinion confirmation that it is a known malware. AVG Free has been known to produce numerous false positives, which is why I stopped using it a couple of years ago.

MalwareBytes Anti-Malware is better at identifying and removing Trojans, Bots and Rootkits than AVG will ever be.

BTW: Did you tell AVG to quarantine that file?

You can download a trial version of PC-cillin here

John Cipriano · Post by **John Cipriano** » 30 Nov 2009 3:32 pm

AVG caught a virus. That's a good thing! Not really a reason to switch your anti-virus. But yes, you should have MBAM as supplementary protection.

Anyway the best way to remove the virus is to do a full scan with AVG and in the scan settings tell it to quarantine infected files (which should be the default).

jolynyk · Post by **jolynyk** » 30 Nov 2009 4:07 pm

I di a scan with Micro Trend, it identified 38 threats 7 removed them.
I notice my comuter in the last couple of days has slowed to a crawl. When I try to get on the forum, takes a long time,& most times images come up like the computer was in safe mode, no colors..
another thing I get, a box comes up & says "C.exe has encountered a problem & needs to close, Sorry for the inconvenience" & asks if it should send a report to Microsoft..

Another box came up & said "thanks for submitting to the Web", but seems to have gone away..
Would a Restore to a week ago help???

Mitch Drumm · Post by **Mitch Drumm** » 30 Nov 2009 4:23 pm

Run malwarebytes as previously mentioned. Run it in safe mode.

It won't do you any good to restore to a week ago unless you know that whatever bugs you may have were not around a week ago.

A brief look at google says c.exe is an undesirable.

You are apparently infected with one or more critters and I would try to get rid of them rather than relying on a restore point--at least at this point.

jolynyk · Post by **jolynyk** » 30 Nov 2009 4:52 pm

OK I just got that other box again saying "Message from Webpage, Thanks for your submission" yellow triangle with a black exclamation mark in it. I don't remember submitting anything to a Webpage. My computer is extremely slow, for example when I click on computer in the forum here, takes a long time to get here..
How do I get rid of the undesirables. Is there a program I can download to do this for me??
Will the program you mentioned "Malware" do this?
thanks,
John

Mitch Drumm · Post by **Mitch Drumm** » 30 Nov 2009 5:08 pm

You would have to run it to find out. Don't run it if you don't want to run it.

jolynyk · Post by **jolynyk** » 30 Nov 2009 7:43 pm

Ran mbam got 1 Trojan & trend micro got 2 trojans, still got the message about C.EXE has encountered a problem. How can I remove that undesirable??

John Cipriano · Post by **John Cipriano** » 30 Nov 2009 7:51 pm

Did you run them in safe mode? You get to safe mode by hitting F8 before the Windows logo appears.

jolynyk · Post by **jolynyk** » 30 Nov 2009 8:20 pm

OOPS no, Should I run it again in safe mode??
And can I just start it & let it scan while I go for some shut eye???
Incidentally my computer is running considerably faster even now.. I did get something on the screen about automatic page reader is causing the screen to not show properly..
Thanks for everyones help, I may have my computer back yet..

jolynyk · Post by **jolynyk** » 1 Dec 2009 3:36 pm

Looks like I got my computer running close to normal, whatever normal is... Thanks to everybody for your help.. I ran mbam & it found & deleted 5 Trojan.kryptik, 6 Trojan.fakealert, 3 Trojan,downloader, & 1 Malware.trace
And yes I did send $25 & got a serial number for it..

Chip Fossa · Post by **Chip Fossa** » 1 Dec 2009 7:46 pm

Here's what I use: the full-payed version of Trend- Micro ($50/yr) and Malwarebytes.

"Trend" from Wiz's advise.

"Malwarebytes" from Mitch Drumm's advise.

That's it.

Along with MailwasherPro, I haven't had any major attacks. A few cookies and 2 medium (quaranteed) viruses picked up by Trend.

Trend Micro is the way to go, I feel.

You gotta get the pay-for program, however ($50/yr).

TM folks are world-wide anti virus, malware, trojan, you-name-it, round the clock vigilantes. Free "anti" software is losing ground, because, simply, it costs money to keep smart PC techs, especially 'anti' guys, working. Again: You pay for what you get.

I got convinced that paying a really cheap fee to keep my PC very-well protected, was the way to go.

Some free (shareware) is OK; but nowadays, free PROTECTION downloads, is really not the way to go.

IMHO....and check this..

TM actually is annoying. Every time I boot-up, TM is doing some kind of update or scan; and always butts-in and lets you know what they are up to. But how can you hate this? Just like mom; always tucking you in and making sure you got enough blankets.

TM covers many things we used to individually install to cover the known issues.

TM is not foolproof, but pretty close to it.

Here's a snap of their main page:

Wiz Feinberg · Post by **Wiz Feinberg** » 1 Dec 2009 10:08 pm

Chip;
Thanks for explaining your conclusions regarding using paid for security, rather than freebies. I have been promoting this as a best practice for a couple of years, but, it's always good to have backup from somebody else.

I am affiliated with both Trend Micro and MalwareBytes. I believe in these programs and the people running them and keeping them updated. If anybody is interested in learning more details, or trying these security programs, here are links to my affiliate pages:

MalwareBytes Anti-Malware

Trend Micro Internet Security, et, al

Right now there is a holiday discount code for annual subscriptions for the three major Trend Micro programs, listed on the above page. MBAM is a pay-once-for-life license, under $25.

Chip Fossa · Post by **Chip Fossa** » 2 Dec 2009 1:50 am

Wizzer...absolutely, brother.

I would like to say, here and now, that I have no 'interests' in Trend Micro.

To my way of thinking, as a member of this great Forum, I am simply conveying my experiences with these products.

Take it for what you read. No more, or less.

....but Trend Micro is so FATHERLY....

....I have to leave some mystery here...NO?

Do yourself some justice.

Go with Trend-Micro.
Support yourself; the Forum; and our master wizard...
WIZ.

Did I get all the necessary aspects of this promo in here, WIZ?

Chure hope soap.

FOSSA

jolynyk · Post by **jolynyk** » 2 Dec 2009 6:40 am

Thanks guys, I have paid the subscription to MalwareBytes Anti Malware, & am in the process of getting MT.. The trial versions have done a great job, so I want the full versions,..

Wiz Feinberg · Post by **Wiz Feinberg** » 2 Dec 2009 2:53 pm

Chip Fossa wrote: Do yourself some justice.

Go with Trend-Micro.
Support yourself; the Forum; and our master wizard...
WIZ.

Did I get all the necessary aspects of this promo in here, WIZ?

Your check is in the mail ;-)

ebb · Post by **ebb** » 4 Dec 2009 7:07 pm

are these programs still necessary with win7

Mitch Drumm · Post by **Mitch Drumm** » 4 Dec 2009 7:21 pm

Ebb:

Yes. Or programs similar to them. Windows 7 has a pretty good built-in firewall, but nothing built-in for spyware, malware, viruses, etc.

ebb · Post by **ebb** » 4 Dec 2009 7:24 pm

thanks. so those mac commercials are right

jolynyk · Post by **jolynyk** » 5 Dec 2009 6:33 am

Well I finally took my computer in to a Puter shop.. He cleaned it up & the speed is great.. Works fantastic with surfing & emails, BUT, I now have a new problem... I have several programs that worked well before & now don't..
Nero... I boot it up, comes on screen, & when I choose Copy disc, & hit the button.. it freezes, CAD won't terminate the program,(it freezes as well) I have to physically turn the computer off..

Roxio... any version.. boots up, & I can do slideshow with it or anything else, except when I hit copy disc, I click on Copy button, & it freezes same as Nero,
2 other programs (Magic Jack, Video Piggy, & these worked well before),with the same results. I took it back, & he can't figure out why it's doing this & apologised for not being able to fix this issue. He did initially turn off a few things in the start menu, but then turned them on again with no results..& suggested formatting the computer.
It seems that there is something that is preventing these programs from doing a full boot. & formatting will be a last resort..

Any suggestions as to where I can look or do??
Oh I'm running Windows XP Proffessional. My computer has a 3.2 gig processor, 4 gigs ram, Pentium 4.

When he first cleaned the computer I asked him to install a G-Force 1 gig Video card, & thought that might be the problem, but he took out the video card again, & still the same..
John

Wiz Feinberg · Post by **Wiz Feinberg** » 5 Dec 2009 8:08 am

Roxio and Nero are like oil and water. They should not be used on the same OS installation. They fight for control of your CD/DVD. Choose one and uninstall the other and the freezes will probably stop.

If you have installed the CD-RW modules for either or both, those modules will fight as they are .sys files that load at startup.

I personally use Nero, on XP Pro, SP3, with no problems at all. I dumped Roxio years ago.

jolynyk · Post by **jolynyk** » 5 Dec 2009 8:36 am

Thanks Wiz..The reason I had them both, (& they both worked well)is I like Nero for copying discs etc, but I found their Slide show maker not user friendly, plus not much fo transitions. On the other hand I don't like Roxio for their copy features, but I do like their slide show maker & transitions .. I will dump Roxio & see if Nero smartens up..
John

Wiz Feinberg · Post by **Wiz Feinberg** » 5 Dec 2009 9:45 am

Ask your computer tech if he ran a Registry cleaner to "fix" all problems it found. If so, that is how the trouble began. A repair installation might help. A System Restore might help.

A reinstallation of Windows will require re-activation of your licenses for all programs and Windows itself. If you have not saved all setup files and license keys onto a safe drive location and he reformats your C drive, all registered programs will be lost and will need to be re-downloaded and licenses renewed or recovered from their companies.