corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » Help re Trojan Downloader Win32.Small


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author Help re Trojan Downloader Win32.Small
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 15:35   View User's Profile U2U Member Reply With Quote

Ive got Malware on my C drive, it makes my computer go slow & keeps bringing up popups of gambling/poker adverts etc.... I dont know whether or not to go into my bank website/buy things as I'm scared it will get my card details

My anti-virus software cant delete it, and it says I dont have permission to delete it myself

F-Secure (my AVS) spyware search keeps bringing up one file, opmijh.dll which is in the System32 file, but when I go to delete it it says I cant rename/delete etc as the program is in use.

Help me pls
Marc
Member

Registered: 11th Aug 02
Location: York
User status: Offline
28th Dec 07 at 15:50   View User's Profile U2U Member Reply With Quote

Format c

and stop viewing porn
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 15:51   View User's Profile U2U Member Reply With Quote

Its not porn



F-Secure can't delete the file either

[Edited on 28-12-2007 by Natalie]
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 15:53   View User's Profile U2U Member Reply With Quote

Scanning Report
28 December 2007 15:19:22 - 15:25:38
Computer name: HOME
Scanning type: Scan system for spyware
Target: System


--------------------------------------------------------------------------------

Result: 2 malware found
ClickSpring (Malware)
REGKEY:HKLM\software\clickspring
Action: deleted
Win32.TrojanDownloader.Small (Malware)
FILE:C:\WINDOWS\system32\opnmjih.dll
Action: deleted FAILED


--------------------------------------------------------------------------------

Statistics
Files:
Scanned: 0
System: 12308
Not scanned: 1
Result:
Viruses: 0
Spyware: 2
Suspected: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 2
Quarantined: 0
Failed: 1
Boot Sectors:
Scanned: 0
Infected: 0
Suspected: 0
Disinfected: 0
Files not scanned:
An error occurred while scanning (error code 60002)


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2007-12-28_03
Spyware: 2007-12-03_05
Scanning Engines:
F-Secure AVP: 6.00.169, 2007-12-28
F-Secure Libra: 2.03.06, 2007-12-26
F-Secure Orion: 1.02.37, 2007-12-28
F-Secure Draco: 1.00.35, 2007-11-28
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Scan inside archives
Actions:
Viruses: Ask after scan
Spyware: Ask after scan
Marc
Member

Registered: 11th Aug 02
Location: York
User status: Offline
28th Dec 07 at 15:57   View User's Profile U2U Member Reply With Quote

You could try deleting in Add Remove Programs but chances are it will keep coming back.
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 16:02   View User's Profile U2U Member Reply With Quote

It doesnt show up in there
Liam
Member

Registered: 19th Jan 06
Location: Stafford
User status: Offline
28th Dec 07 at 16:04   View User's Profile U2U Member Reply With Quote

Boot up in safe mode, then scan your pc and it should be able to delete it. I think.
Dom
Member

Registered: 13th Sep 03
User status: Offline
28th Dec 07 at 16:05   View User's Profile U2U Member Reply With Quote

you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.

Personally i would download AVG (another anti-virus) and see if you can get rid of it using that or atleast get the name of the trojan - as Win32.TrojanDownloader.Small is just the type. Tthen google for a program to get rid of that virus - usually symantec (on their website) usually do programs to get rid of specific virus'
Aaron
Member

Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
28th Dec 07 at 16:08   View User's Profile U2U Member Reply With Quote

Run, your computer is about to explode!
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 16:16   View User's Profile U2U Member Reply With Quote

OK cheers lads, ill try those
Andrew
Member

Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
28th Dec 07 at 17:46   View User's Profile U2U Member Reply With Quote

I have a system at work with this same virus.

Tried Norton and AVG to shift it but will not remove. Also tried Safe Mode.

Needs flatening and rebuilding but for the cost of doing that they may as well as buy a new PC.

It's a new company we are supporting. I personally think we should charge them half the price to get into there good books. Not down to me though, it's the managers decision.
Natalie
Member

Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
28th Dec 07 at 18:09   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Dom
you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.

Tried doing that and it kept creating a fatal error

Cant run an F-Secure scan in safe mode as it wont open F-secure in safe mode :S

Andrew - so are you saying that im a bit fucked?

I can live with the popups etc but I just want to make sure that it cant spy my account numbers etc and that I will be safe to make payments etc

Tiger
Member

Registered: 12th Jun 01
Location: Leicestershire Drives:Astra VXR
User status: Offline
28th Dec 07 at 18:12   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Natalie
quote:
Originally posted by Dom
you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.

Tried doing that and it kept creating a fatal error

Cant run an F-Secure scan in safe mode as it wont open F-secure in safe mode :S

Andrew - so are you saying that im a bit fucked?

I can live with the popups etc but I just want to make sure that it cant spy my account numbers etc and that I will be safe to make payments etc




As far as i'm aware, unless its a keylogger your computer doesnt store any bank numbers on it anyway for security reasons?
Robbo
Member

Registered: 6th Aug 02
Location: London
User status: Offline
28th Dec 07 at 19:49   View User's Profile U2U Member Reply With Quote

D'oh
Dom
Member

Registered: 13th Sep 03
User status: Offline
28th Dec 07 at 19:54   View User's Profile U2U Member Reply With Quote

download spybot - search & destroy, make sure you update it then go into safe mode and do a check - that might sort it
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
28th Dec 07 at 19:58   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Natalie
Its not porn
you mainly get this stuff from visiting dodgy sites like porn though
Robbo
Member

Registered: 6th Aug 02
Location: London
User status: Offline
28th Dec 07 at 20:04   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Dom
download spybot - search & destroy, make sure you update it then go into safe mode and do a check - that might sort it
Think she tried that
Andrew
Member

Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
28th Dec 07 at 20:07   View User's Profile U2U Member Reply With Quote

Bank details will be encrypted.

You probably just need to format.
Robbo
Member

Registered: 6th Aug 02
Location: London
User status: Offline
29th Dec 07 at 14:08   View User's Profile U2U Member Reply With Quote

Try Spybot Natalie, Im sure I downloaded that on the computer once so u shud still have it

 
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
Virus Help Andrew Geek Day 2 882
11th Jul 04 at 00:23
by Andrew
 
Help with spyware EtHi Geek Day 5 525
11th May 06 at 21:45
by EtHi
 
Help Win32 Chris F Geek Day 7 741
15th Aug 06 at 19:06
by CorsaCF
 
Spyware removal mav Geek Day 62 1647
23rd Nov 06 at 22:37
by mav
 
what torrent downloader Kurt Geek Day 26 1763
7th Aug 07 at 10:35
by Rob_Quads
 

Corsa Sport » Message Board » Off Day » Geek Day » Help re Trojan Downloader Win32.Small 29 database queries in 0.0152121 seconds