TROJAN.KILLAV and the Downloader

  • Thread starter Thread starter b11_
  • Start date Start date
B

b11_

If Trojan.KillAv and a Downloader was installed, would deleteing the
partition after shutting-down the computer eliminate them?

The downloader was installed to temp/exe1cb.exe
The Trojan.KillAv was installed to temporary internet
files\content.IE5\ABIGUEF7\Explorer2(1).EXE
 
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org

b11_ wrote:
> If Trojan.KillAv and a Downloader was installed, would deleteing the
> partition after shutting-down the computer eliminate them?
>
> The downloader was installed to temp/exe1cb.exe
> The Trojan.KillAv was installed to temporary internet
> files\content.IE5\ABIGUEF7\Explorer2(1).EXE
 
B11,

View these pages as they tell you how to remove it:

http://www.symantec.com/security_response/writeup.jsp?docid=2002-090416-5038-99

http://www.symantec.com/security_response/writeup.jsp?docid=2002-071813-0943-99

--
Newbie Coder
(It's just a name)



"b11_" <b11@discussions.microsoft.com> wrote in message
news:16A8D29D-D66C-43E0-903E-EA6F04DF42B2@microsoft.com...
> If Trojan.KillAv and a Downloader was installed, would deleteing the
> partition after shutting-down the computer eliminate them?
>
> The downloader was installed to temp/exe1cb.exe
> The Trojan.KillAv was installed to temporary internet
> files\content.IE5\ABIGUEF7\Explorer2(1).EXE
>
 
"b11_" <b11@discussions.microsoft.com> wrote in message
news:16A8D29D-D66C-43E0-903E-EA6F04DF42B2@microsoft.com...
> If Trojan.KillAv and a Downloader was installed, would deleteing the
> partition after shutting-down the computer eliminate them?
>
> The downloader was installed to temp/exe1cb.exe
> The Trojan.KillAv was installed to temporary internet
> files\content.IE5\ABIGUEF7\Explorer2(1).EXE

Deleting the partition will likely fix this, yes, but it's a bit drastic.

better to restart in Safe Mode, then clear those folders. ccleaner
(www.ccleaner.com) will do this quickly, and do a better job than the XP
disk cleanup tools.

Then, scan the drive with up-to-date A/V software.

HTH
-pk
 
From: "b11_" <b11@discussions.microsoft.com>

| If Trojan.KillAv and a Downloader was installed, would deleteing the
| partition after shutting-down the computer eliminate them?
|
| The downloader was installed to temp/exe1cb.exe
| The Trojan.KillAv was installed to temporary internet
| files\content.IE5\ABIGUEF7\Explorer2(1).EXE

Yes but that's like killing a fly with a sledge hammer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
What does the TRojan do?
What does the downloader do?

Should I check every TEMP and Temporary Internet File folder in the
partitions that I will not erase?
____________________________________________________________
"b11_" wrote:

> If Trojan.KillAv and a Downloader was installed, would deleteing the
> partition after shutting-down the computer eliminate them?
>
> The downloader was installed to temp/exe1cb.exe
> The Trojan.KillAv was installed to temporary internet
> files\content.IE5\ABIGUEF7\Explorer2(1).EXE
>
 
Do you think only 1 partition got infected?
_________________________________________________________________
"b11_" wrote:

> What does the TRojan do?
> What does the downloader do?
>
> Should I check every TEMP and Temporary Internet File folder in the
> partitions that I will not erase?
> ____________________________________________________________
> "b11_" wrote:
>
> > If Trojan.KillAv and a Downloader was installed, would deleteing the
> > partition after shutting-down the computer eliminate them?
> >
> > The downloader was installed to temp/exe1cb.exe
> > The Trojan.KillAv was installed to temporary internet
> > files\content.IE5\ABIGUEF7\Explorer2(1).EXE
> >
 
From: "b11_" <b11@discussions.microsoft.com>

| Do you think only 1 partition got infected?

They are Trojans, not Boot Sector Infectors. Trojans do NOT infect partitions.

Downloader Trojans -- download files
KillAV Trojan -- Kills AV applications and stops them from running.

Without s[pecifics, the KillAV Trojan kills the anti virus application such that the
downloader is alowed to download more malware to really infect the PC and run its desired
payload. Such payload maybe a SpamBOT or proxy Service just turn your PC into a Ziombie.

Any other questions should be asked in an anti virus News Group such as;
microsoft.public.security.virus

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
=?Utf-8?B?YjExXw==?= wrote:
>
> If Trojan.KillAv and a Downloader was installed, would deleteing the
> partition after shutting-down the computer eliminate them?
>
> The downloader was installed to temp/exe1cb.exe
> The Trojan.KillAv was installed to temporary internet
> files\content.IE5\ABIGUEF7\Explorer2(1).EXE

All temp files may be deleted will no ill effect.


--
http://www.bootdisk.com/
 
Back
Top