PDA

View Full Version : infamous_downloader



oceana_
22-06-2004, 08:08 PM
Hi
My daughters pc is infected with the Infamous_downloader trojan - she runs win 98 has nortons and although nortons catches the trojan when it starts its work it cant get rid of it. She has run Adaware and it also finds the trojan and deletes it but as soon as she launcher IE6 she is bombarded with popups ( yes she has a popupstopper) and then places icons on her desktop and starts downloading god knows what to her pc
Can anyone tell me where to find a removal or how to remove this from her pc - She has run nortons and adaware6 in safe mode and the same thing happens as soon as she launches IE it all starts over.
cheers I hope someone has some advice as she lives in the middle of nowhere and her pc is her outside link

Murray P
22-06-2004, 08:41 PM
How up to date is Nortons.

If necessary do an onlind scan at Trend Micro House Call (http://housecall.trendmicro.com/)

Go and get Spybot S&E (http://www.safer-networking.org/) set it up to run in advanced mode, update it and immunise you system.

Have a look at the FAQ's top right of the Press F1 page.

Go to SpywareInfo (http://www.spywareinfo.com/~merijn/) and read up there. Get a copy of Hijackthis, follow the instructions precisely. Post a HijackThis log back here or at the SpywareInfo forums to interpret its contents.

Be aware that some puported ant-spyware programmes are in fact spyware so, be carefull what you download to fix it.

Post back if you need further advice

Cheers Murray P

Murray P
22-06-2004, 08:42 PM
Spyware Info's sever seems to be down at the mo. Check it periodically.

Cheers Murray P

godfather
22-06-2004, 08:55 PM
Apparently HiJackThis may have a problem removing that nasty thing as well, but it will show you the full path location of the file.

It looks as if you need to run killbox.exe, and use the path info from HijackThis to get the file located.

Its a very nasty and hard to remove trojan.

Killbox is located here:
http://download.broadbandmedic.com/

Click on "killbox.exe" to download it, then unzip it to its own directory and run it.

Tell it the file etc you want removed. You need the full path info that HijackThis will give you. Something like:
C:\WINDOWS\TEMPORARY INTERNET FILES\INFAMOUS_DOWNLOADER.EXE (will vary from computer to computer)
You can also try removing it in HiJackThis, but it may take both.



You may need to reboot the PC afterwards to complete the removal.

oceana_
22-06-2004, 09:14 PM
Nortons was up to date its set on autoupdate the latest virus definitions were the 19th june
The problem is that she cant launch IE to get these programs as her system completely jams up with the popups and downloads coming in
I downloaded hijackthis and tried to send it to her via yahoo but it was blocked by yahoo and she couldnt download it
Does she just try to persevere with trying to download while all this junk is pouring in ? will it cause more harm ?

Murray P
22-06-2004, 09:32 PM
Go to Mozilla org (http://www.mozilla.org/) and get Firefox 0.9. Great wee browser with few of the IE afflictions. Maybe not few enough for this nasty though, hope I'm wrong.

It might give here enough relief to get going. Does she have an account other than Yahoo?.

Can you get a CD to her quickish?

Cheers Murray P

oceana_
22-06-2004, 09:42 PM
thanks i will download the progs and burn onto cd and shoot them down to her thanks for the help - im sure i will be back with the log when the time comes
appreciate your input
cheers

Murray P
22-06-2004, 10:44 PM
Just another thought. Some viruses, trojans, worms, etc, now have the ability, or attempt to, disable your AV and firewall programmes. Also AV programmes lose their effectiveness as they get older, the scan and clean up engines aren't as effective at dealing with the newer threats as the newer models (upgrade cycle means more money for the AV vendors of course).

A visit to the House call may buy some respite. They or Symantic, MacAfee may have a specific tool for cleaning this beastie although, I'm sure Goddie checked that out before posting.

Good luck

Cheers Murray P

oceana_
24-06-2004, 09:06 PM
thanks for the advice guys - decided to pull the hard drive and send her another down by mail and i will reformat her drive
Just seems the easiest solution to this one
cheers

godfather
24-06-2004, 09:51 PM
If the HDD you are sending has not had the Windows operating system loaded on -exactly- the same hardware as she is using, and you expect it to boot and run OK, you are certainly an optomist!

Unless she is going to do a full format and install on the blank drive, which will be fine.