Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Register Members New Posts Donate Unanswered Posts Site Spy Search


Reply
 
Thread Tools
  #1  
Old 18-10-2007, 09:14 PM
No Avatar
CJ New Member
 
casselle is offline
 
Join Date: Jul 2007
Last Online: 20-10-2007 06:55 PM
Posts: 7
iTrader: (0)
casselle is on a distinguished road
Default Win32.Poison.k Trojan

Hi everyone,

The above Trojan has been picked up during my Spybot Search & Destroy scans. Despite repeatedly deleting it, it reappears again when I re-scan my PC.

I understand this is a particularly difficult trojan to eradicate. Does anyone have a solution to this problem please.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 18-10-2007, 09:27 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:24 AM
Posts: 4,512
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Win32.Poison.k Trojan

Try running Spybot in Safe Mode Guide To Starting In Safe Mode

If that does not work read This Thread
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 18-10-2007, 09:41 PM
No Avatar
CJ New Member
 
casselle is offline
 
Join Date: Jul 2007
Last Online: 20-10-2007 06:55 PM
Posts: 7
iTrader: (0)
casselle is on a distinguished road
Default Win32.Poison.k Trojan

Can you explain what running Spybot in safe mode actually does please?

Last edited by casselle : 18-10-2007 at 09:48 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 18-10-2007, 09:51 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:24 AM
Posts: 4,512
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Win32.Poison.k Trojan

It will be more likely that the service connected to Win32.Poison.k will not be running so Spybot will have a better chance of removing it.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 19-10-2007, 11:12 AM
No Avatar
CJ New Member
 
casselle is offline
 
Join Date: Jul 2007
Last Online: 20-10-2007 06:55 PM
Posts: 7
iTrader: (0)
casselle is on a distinguished road
Default Win32.Poison.k Trojan

Thanks for your advice. I put the PC into safe mode and re-scanned with Spybot - but it didn't pick up on the trojan. I then ran AVG and that picked up on it. Have run Spybot a number of times again and it still isn't showing up - yet before I put it into safe mode it found the trojan on each scan. Now I'm really confused as the trojan's obviously still there but I don't understand why Spybot has failed to find it?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 19-10-2007, 03:48 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:24 AM
Posts: 4,512
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Win32.Poison.k Trojan

Download and Install and Run CCleaner. (Crap Cleaner) this will help the next scan go faster.

Please follow these instructions carefully. The log is what I need to see.

Run the BitDefender Online Scanner.

[FONT=Arial][SIZE=2]Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
[/SIZE][/FONT]
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.
[SIZE=1]Thanks To Chaslang For The Bitdefender Guide!

[/SIZE] Guide For Attaching Logs To A Post
__________________
.
.

Last edited by evilfantasy : 19-10-2007 at 03:52 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 20-10-2007, 06:55 PM
No Avatar
CJ New Member
 
casselle is offline
 
Join Date: Jul 2007
Last Online: 20-10-2007 06:55 PM
Posts: 7
iTrader: (0)
casselle is on a distinguished road
Default Win32.Poison.k Trojan

Many thanks for all your replies. I put the PC into safe mode, ran the Spybot scan but it didn't pick the trojan up (despite having done so numerous time prior to that).

Ran an AVG scan - found 5 items (none with the above named trojan). Deleted those. Have since run a number of Spybot/AVG scans and nothing has been detected.

Could it be that one of the items located in AVG was the Win32.Poison.k trojan with a different name?

Many thank
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 22-10-2007, 08:28 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:24 AM
Posts: 4,512
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Win32.Poison.k Trojan

Can't tell without seeing the logs.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote

Please support this forum, donate towards our running costs.


Reply


Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Infected with Virus.Win32.Tenga.a; Please Help !! ruffryder2k7 Virus, Spyware & Security 17 20-05-2008 05:23 PM
win32/adware.virtumonde - bigmaq Toolbar delboy2028 Virus, Spyware & Security 1 01-05-2008 04:50 PM
New Win32 has disabled my computer - urgent help, please catmartin Virus, Spyware & Security 1 05-01-2008 01:06 AM
Re: c:\program files\common files\dllhost.exe infrected with Win32/Hupigon.MN trojan cjd666 Virus, Spyware & Security 3 21-11-2007 08:14 PM
c:\program files\common files\dllhost.exe infrected with Win32/Hupigon.MN trojan Ancodi Virus, Spyware & Security 13 17-11-2007 08:49 AM


Copyright ©2006 - 2008 Computer Juice.

Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc.