Help Please! Trojan backdoor.win32.MSNMaker.ab

Cumbrian_Male

Have got this Trojan but don't know how to shift it.

DD clicked a link in a MSN window and it started spamming her contacts.

Windows defender keeps finding: toolbar888 and CheckSpring.PuritySCAN.Downloader

AVG virus vault has Trojan Horse Collected AF

While connected to the Internet there is a pop up window opening titled: C:\DOCUME~1\USER\usetup.exe

System is connected via a router.

Running win xp sp2
AVG 7.5
zonealarm
spywareblaster
spybot SD
AdAware SE
Ewido 3.5
CCleaner

Any help appreciated

albertross_2

Try wiping temp files with ccleaner, then run a scan with all your scanners in safe mode (F8 at startup), after making sure they are upto date. If anything is found in your system restore area, turn it off and back on again to clear it.

You might also want to try these scanners:

http://www.clamwin.com/

http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

for a bit of belt and braces.. (download them, update them, drop into safe mode and scan with them).

Don't attempt to launch messenger until all scans are negative. Check to see if c:\windows\system32\drivers\etc\hosts has any suspicious entries, and it may also have disabled the firewall, or added itself as an allowed application. If using zonealarm, delete all allowed applications from the list.

kittykirsty

So AVG has the trojan in it's vault be you're still getting the symptoms you describe? Are you using a different machine to the infected one cos you really shouldn't be on the net if you've got this thing on your computer? Do you have a firewall running as well in which case you might be ok staying on the net to try and fix it?

First thing i would try is to do a complete virus scan using AVG and seeing if it comes up with more infected files. There isn't a log on the net about this particular trojan unfortunately, but it sounds as though one of the things it's doing is trying to trick you into deleting usetup.exe, as far as i can tell that is a system file, so don't delete it, first see what AVG has to say when you do the really long complete deep virus scan.

kittykirsty

sorry albertross, didn't see your post cos i was writing mine at the time!

albertross_2

Don't apologise, I'm sure all help is welcome..

Cumbrian_Male

kittykirsty wrote:

So AVG has the trojan in it's vault be you're still getting the symptoms you describe? Are you using a different machine to the infected one cos you really shouldn't be on the net if you've got this thing on your computer? Do you have a firewall running as well in which case you might be ok staying on the net to try and fix it.

Posting from my laptop. zonealarm software firewall and hard firewall in router.

Looks like 2 trojans 1 trojan horse collected AF in avg virus vault. scan not showing other one.

backdoor.win32.msnmaker.ab was found with online scanner version of Kaspersky

Running ewido as we speak

Cumbrian_Male

Ewido turned up nothing.

Now running AVG in safe mode.

skiddy2k

Didnt Kaspersky online scanner tell you where the file was located? find the file and remove it manually.
Or
you can temporarily uninstall AVG and download Kaspersky trial version: http://www.kaspersky.com/uk/trials... once you deleted all the malware on your PC, delete Kaspersky and re-install AVG
OR
you can uninstall AVG and use AOL Active Virus Shield http://www.activevirusshield.com/ which uses Kaspersky's signatures and is also 100% free

Personaly, I'll opt for the last option... leave AVG and use AVS... up to you still.

Cumbrian_Male

Cumbrian_Male wrote:

Ewido turned up nothing.

Now running AVG in safe mode.

Avg scan missed it and only scan error was it didn't read boot partition.

Cumbrian_Male

Touch wood I seem to have sorted it. Following the instructions HERE.

I had to delete Ewido and reinstall the rebranded AVG anti-spyware or whatever they call it now. Found 6 trojans that the earlier Ewido 3.5 missed.

Also had to manually delete a couple of files, but seems ok.