1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need some help with trojans

Discussion in 'BlackHat Lounge' started by BenQs, Dec 4, 2009.

  1. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    I contracted with someone to build some software for me. It was delivered last night. I did a quick check on it with the paid version of AVG.

    He IMed me and said to first install the dll. I did, and then he mysteriously had to leave. I noticed problems right away with my computer. I then did a virustotal scan and got the following results.

    How can I find where this dll was installed and remove it and the trojans listed in the virus total? Thanks

    Code:
    http://www.virustotal.com/analisis/e5aaa63a7b19167f590f8b7b758726d5e7835f5c4f632fbd76fa866d82328ce3-1259929539
     
  2. proscale

    proscale Regular Member

    Joined:
    Mar 9, 2009
    Messages:
    319
    Likes Received:
    98
    What do you mean by install the dll? did he ask you to register it?
     
  3. theleadsource

    theleadsource BANNED BANNED

    Joined:
    Mar 3, 2009
    Messages:
    354
    Likes Received:
    170
    I thought this thread was about condoms.
     
  4. sysfailure

    sysfailure Junior Member

    Joined:
    Jul 24, 2009
    Messages:
    108
    Likes Received:
    55
    look for one of those and remove (when searching chek advanced->show hidden and show system folders)

    Code:
    2302.exe
    F4D350C66C78D01A4048860FF782E81A.exe
    ieupdater[1].exe
    Keygen.WinZip.12.Pro.Build.8252c3098.exe
    loghours32.dll
    mprdim32.dll
    odbc16gt32.dll
    ole232.dll
    oleacc32.dll
    out.exe
    realfoto4.exe
    swprv32.dll
    upd10935.dll
    
    pls post your task manager -> processes tab or hijackthis log to catch this "badboy" :)
    and/or
    you may download drweb cureit scanner for free and scan your sistem if your AV is deactivated

    sorry for my english
     
    • Thanks Thanks x 1
    Last edited: Dec 4, 2009
  5. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    One of the files in the package was called dll.exe. And he asked me to install that first. I don't know if that means it gets registered.

     
  6. SSL9000J

    SSL9000J Regular Member

    Joined:
    Oct 20, 2009
    Messages:
    295
    Likes Received:
    179
    Occupation:
    Audio Visual Technician, Audio Engineer, Graphic D
    Location:
    Atlanta, GA, USA
    [​IMG]
     
  7. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    sysfailure, here's my task mgr.

    One thing I notice when I re-start my computer I get a dialog that says "explorer.exe has encountered a problem and needs to close." The first time that happened there was also a dialog pop up that said "setting up personalized settings for c:/rootserver/explorer.exe" never seen that before.
     

    Attached Files:

  8. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    And here's the hijackthis log.
     

    Attached Files:

  9. orion_pt

    orion_pt Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 12, 2009
    Messages:
    127
    Likes Received:
    48
    I second this opinion, as you can find something and remove it thinking you're clean while the menace still remains on your system.

    Remember that any anti-virus/Trojan/spyware/rootkit is never 100% reliable, especially if it's a custom made piece of code, and the only thing you can be certain of at this time is that something is hidden in your system...

    Remember to always test unknown software in a separate machine (virtual or physical)!
     
  10. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    Yes, I should have sandboxed it first.
     
  11. BenQs

    BenQs Regular Member

    Joined:
    Jun 12, 2009
    Messages:
    265
    Likes Received:
    39
    Gender:
    Male
    I searched for those items listed by sysfailure and found none.
     
  12. Megalomaniac Midget

    Megalomaniac Midget Power Member Premium Member

    Joined:
    Oct 1, 2009
    Messages:
    688
    Likes Received:
    1,063
    Occupation:
    Bullshit Artist
    Home Page:
    I third that opinion. trojans now days are designed to beat sandboxie & all AV.
    virtual machines are the only safe option
     
  13. sysfailure

    sysfailure Junior Member

    Joined:
    Jul 24, 2009
    Messages:
    108
    Likes Received:
    55
    @OP seems you have variation of Trojan.Hijacker. Since DrWeb cannot remove it, try Kaspersky. Is the best AV solution. Hope will clean it.

    Regards.
     
  14. dogdog

    dogdog Regular Member

    Joined:
    Apr 17, 2008
    Messages:
    245
    Likes Received:
    54
    Location:
    Online
    Is Virtual Machines a general terms or referring to this http://www.microsoft.com/windows/virtual-pc/? If it is a general terms, can you please recommend some good product? Thanks.
     
  15. Megalomaniac Midget

    Megalomaniac Midget Power Member Premium Member

    Joined:
    Oct 1, 2009
    Messages:
    688
    Likes Received:
    1,063
    Occupation:
    Bullshit Artist
    Home Page:
    I run vmware with my laptop, but virtualbox is another option. Its does a operating system with all of its installed software in a special software environment, on top of your existing operating system. Have one box as your work horse & another for your financial/private stuff is even a better option.

    Do a clean install, set it up how you want with what you want & create a mirror image...then its no dramas to wipe harddrives when you get raped by warez or drive-bys when using autopligg, etc.
     
    • Thanks Thanks x 1