Guest Reimar Posted August 24, 2007 Share Posted August 24, 2007 (edited) One of my computer is infected by: Trojan.Spambot.PBFRV2 since 11.23 this morning. I found 1 Explanation at the Internet but in polish language and I don't understand this. Anyone know this Trojan? Searches by Avast, Symante and so: No Results! Edited August 24, 2007 by Reimar Link to comment Share on other sites More sharing options...
crockett Posted August 24, 2007 Share Posted August 24, 2007 Must be quite fresh. Even Kaspersky does not have anything about it (and they update every couple of hours). Link to comment Share on other sites More sharing options...
RKASA Posted August 24, 2007 Share Posted August 24, 2007 Nothing on the one care site. Where do you think it may have come in from? We can stay away until we get the updates for it. Link to comment Share on other sites More sharing options...
Farma Posted August 24, 2007 Share Posted August 24, 2007 Try google for just PBFRV2 as it comes up with plenty of sites. The first page appears to be in french and my search shows 10 pages of hits. I don't know if it's the same trojan but it may point you in the right direction. Link to comment Share on other sites More sharing options...
stickyb Posted August 24, 2007 Share Posted August 24, 2007 One of my computer is infected by: Trojan.Spambot.PBFRV2 since 11.23 this morning. I found 1 Explanation at the Internet but in polish language and I don't understand this.Anyone know this Trojan? Searches by Avast, Symante and so: No Results! This sounds like the 2020search spyware. One of its' dropped files is pbfrv2.dll Quote from Spyware data Threat Name: 2020Search Downloads and installs software without user knowledge or permission. Displays advertisements when searching. Redirects all toolbar searches to go through search.shopnav.com Most antivirus software will not find it, it is not a virus. Get yourself a good spyware detector like SPYBOT and keep it up to date. Link to comment Share on other sites More sharing options...
colino Posted August 24, 2007 Share Posted August 24, 2007 FOUND THIS hope it helps Slagent, Trojan.Spambot.PBFRV2 and other detected on your computer! It’s highly recommended to scan the system immediately to remove all spyware and adware Logfile of HijackThis v1.99.1 Scan saved at 10:36:08, on 18.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avast\aswUpdSv.exe C:\Program Files\Avast\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Avast\ashDisp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\DOCUME~1\Ivan.P\LOCALS~1\Temp\frmwrk.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\center.exe C:\WINDOWS\system32\eror.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avast\ashMaiSv.exe C:\Program Files\Avast\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\center2.exe C:\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Programy\TRANSLAT\WEBIE.DLL O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\Ivan.P\LOCALS~1\Temp\frmwrk.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Programy\TRANSLAT\WEBIE.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 24, 2007 Share Posted August 24, 2007 Thanks for the replies! It is NOT the pbfrv2.dll file! This file didn't exist! At the same moment as the infection occurs I was getting a file named frmwrk.exe installed which I can't delete. Every time I delete this file it came back from some nowhere the only way to avoid the running of this file is to rename with different extension eg. .old An other problem is that the trojan was adding someting to the explorer.exe file! I'll try to copy the file from an other installation and replace the infected one. I get also a hidden Spyware program running which I couldn't find until now! It looks like it came from MS but didn't! Next time it starts up I'll make a screenshot from it. May this trojan was bundled with this software!! I checked the comp with 5 different Anti-Spy progs but didn't find anything! Same with Anti Virus even online scanning. I used the whole day for this actions. I'll attach a Picture of one screen he shows up many times. Link to comment Share on other sites More sharing options...
Farma Posted August 24, 2007 Share Posted August 24, 2007 (edited) Take a look at http://www.bleepingcomputer.com/startups/newentries.html Do a search for frmwrk.exe This leads to a sophos site http://www.sophos.com/security/analyses/trojdwnldrgwv.html The sophos site has a IDE file for download "Detected by All versions of Sophos Anti-Virus. Included in our products from September 2007 (4.21)" Edited August 24, 2007 by Farma Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 24, 2007 Share Posted August 24, 2007 Take a look at http://www.bleepingcomputer.com/startups/newentries.html Do a search for frmwrk.exeThis leads to a sophos site http://www.sophos.com/security/analyses/trojdwnldrgwv.html The sophos site has a IDE file for download "Detected by All versions of Sophos Anti-Virus. Included in our products from September 2007 (4.21)" Thanks Farma, will try Sophos! Unfortunate Sopghos didn't have any info about the Trojan. This looks like really a new "beast"! The only info I found was on an polish forum which I can't read!! Link to comment Share on other sites More sharing options...
Farma Posted August 24, 2007 Share Posted August 24, 2007 I'm clutching at straws here. During my searches for pbfrv2 the cross in the red circle was mentioned a few times. This was in the results i found mentioning pbfrv2.dll and associated with temp files. I guess you have cleared your temp files. Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 24, 2007 Share Posted August 24, 2007 I'm clutching at straws here. During my searches for pbfrv2 the cross in the red circle was mentioned a few times. This was in the results i found mentioning pbfrv2.dll and associated with temp files. I guess you have cleared your temp files. All of them are cleared and nothing left. Just run a scan with Sophos but that will need app. 2 h!! Will see1 Thanks alot for your info and hopefully it helps! Link to comment Share on other sites More sharing options...
RKASA Posted August 24, 2007 Share Posted August 24, 2007 alot of this looks related to a problem I had with a scam install of spy-sheriff which demanded money to remove it. When it comes to the warning and the spoof spyware hidden. bells go off. solution for me was to clean the drive because it had cauht me right after an install so nothing lost everything to gain, but a program SmitfraudFix.exe and its mentioned at http://www.bleepingcomputer.com/ is the one that is used to remove that so it might work for you. Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 25, 2007 Share Posted August 25, 2007 alot of this looks related to a problem I had with a scam install of spy-sheriff which demanded money to remove it. When it comes to the warning and the spoof spyware hidden. bells go off. solution for me was to clean the drive because it had cauht me right after an install so nothing lost everything to gain, but a program SmitfraudFix.exe and its mentioned at http://www.bleepingcomputer.com/ is the one that is used to remove that so it might work for you. Thanks for your info but unfortunate SmtFraud isn't work with Windows Vista! Link to comment Share on other sites More sharing options...
Sunny Valentine Posted August 25, 2007 Share Posted August 25, 2007 I recently got r id of a very nasty Spyware with similar behaviour by running Dr. Web's Cureit. Might want to try it out, it's free: Cureit Hope it helps! Sunny Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 25, 2007 Share Posted August 25, 2007 I recently got r id of a very nasty Spyware with similar behaviour by running Dr. Web's Cureit. Might want to try it out, it's free:Cureit Hope it helps! Sunny That was the first one I've tried!! No luck and no luck with any other software until right now! If I don't find a way today, I'll reformat and install!! Thanks for you info. Cheers Link to comment Share on other sites More sharing options...
Rice_King Posted August 25, 2007 Share Posted August 25, 2007 If I don't find a way today, I'll reformat and install!! Do you have a restore point (that you can restore back to) PRIOR to the infection? Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 25, 2007 Share Posted August 25, 2007 If I don't find a way today, I'll reformat and install!! Do you have a restore point (that you can restore back to) PRIOR to the infection? Even that didn't works! was starting Vista from DVD and try to restore but not possible! Link to comment Share on other sites More sharing options...
Mycompbroke Posted August 27, 2007 Share Posted August 27, 2007 About twenty minutes ago, I also got hit by this same virus (with all the same symptoms). It pops up with a symbol in my taskbar, a white X in a red circle, and opens up a fake Windows security message that "Trojan.Spambot.PBFRV2" is on my computer, yada yada. It also pops up with a program when you click on the taskbar icon that SCANS YOUR COMPUTER automatically (I right clicked to possibly remove). The program is called SpywareSoftStop, complete bullshit that I did obviously not download. The virus also stops me from accessing Windows Task Manager (admin disabled rights) and stops me from running system restores. I also have a "frmwrk" file in my Temporary Files that automatically copies itself when changed. For me, this popped up when I was running Windows Blinds (right after downloading a skin from WinCustomize.com). I had the same WindowsBlinds on my comptuer prior to this occurance. That's right. Prior. Did I fail to mention I had a similar problem, with a virus that did most of these, prior to me removing Windows XP and reformating and repairing three times already? My computer originally had this occur when I was downloading a file off of another site (I don't recall the site). It stopped me from accessing the internet, and revoked admin rights (when you restart the computer, you can't even open up explorer.exe). The obvious answer to this would be that I transferred over the virus when I put files back on the computer, but I made sure I knew what I was transferring over when I did... nothing was there. The only files I copied over were my music (which has been running on two different computers with no problem, no new downloads- have had all the files for months to years), two videos (same, nothing wrong with them, have had them for months), and a few installation files (that I again have run on two computers, both even since this has happened). I really am at a loss to what could be happening, the only answer I can derive is that I need to get a new hard drive. Help! Link to comment Share on other sites More sharing options...
stickyb Posted August 28, 2007 Share Posted August 28, 2007 One of my computer is infected by: Trojan.Spambot.PBFRV2 since 11.23 this morning. I found 1 Explanation at the Internet but in polish language and I don't understand this.Anyone know this Trojan? Searches by Avast, Symante and so: No Results! Now things become clearer. It seems the OP is not infected at all by the virus he quoted, but has got hold of a piece of software which (falsely) claims to have detected the virus, etc. Hijack this is probably the best place to start, but they can be to get rid of. Link to comment Share on other sites More sharing options...
Farma Posted August 28, 2007 Share Posted August 28, 2007 I hope this helps Information found on http://www.extradisambiguator.co.uk/scanakbs.php?m=R0 (X)R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop . com/ Rogue/Suspect software. Aggressive, deceptive advertising Fix using: HijackThis Information from http://www.spywarewarrior.com/rogue_anti-spyware.htm Product - Spyware Soft Stop Domain - spywaresoftstop . com Comments - spywaresoftstop-cash . com app plants the very files it falsely detects as malware (1); aggressive, deceptive advertising (1); false positives work as goad to purchase [A: 4-17-06 / U: 4-17-06] Link to comment Share on other sites More sharing options...
Oleg_Rus Posted August 28, 2007 Share Posted August 28, 2007 Nice folks that writes trojans surely check them up with all antivirus s/w before dropping them into the Net stream. Once you caught something new - your PC is officaly infected, works as a bot, or whatever, and the only cure is to reformat, or leave it closed for a few weeks until some AV company will come up with solution. The only way is to prevent infection. Congatulations with new trojan, don't waste time and re-install W$ Link to comment Share on other sites More sharing options...
Mycompbroke Posted August 28, 2007 Share Posted August 28, 2007 What is strange is that this allows me to still access the internet (I have three computers, this one is fine), but it caps it out at .05 kb/s... could they be any meaner? It also doesn't allow me to run installation programs or use discs, so I can't install Nero to burn my non infected files to a DVD... Link to comment Share on other sites More sharing options...
RKASA Posted August 28, 2007 Share Posted August 28, 2007 (edited) To kill and prevent spread you may want to run nuke an option in the eraser program. http://heidi.ie/eraser/ In will overwrite everything on the drive 3 times it leaves nothing and nowhere for anything to hide. drive will be clean. Then get out OEM stuff, and hope that none of your backed up data has been infected. May want to keep some of your newer downloads in Isolation for awhile and not put them back on right away. Not seeing any other options out there. edit forgot to add. You can download the eraser on other PC and then put the nuke on a flash or floppy and boot into it. Once it starts it can not be stopped it runs in ram and cleans the drive. (nuked) Edited August 28, 2007 by RKASA Link to comment Share on other sites More sharing options...
Mighty Mouse Posted August 29, 2007 Share Posted August 29, 2007 Have you used the computer 'search' option to locate the trojan file? Would it be hiding somewhere in your Sun Java folder? If you can see the file and it replicates itself after deleting it, you could try deleting it again, then go into your System Restore Settings and turn it off, reboot your system. (this will remove all restore points but refreshes the folder, hopefully without the trojan file.) Then, return to the folder where you found the trojan to see whether it is still there. If not there, turn on your System Restore and create another restore point. If it is still there, then go to plan B. Link to comment Share on other sites More sharing options...
Guest Reimar Posted August 29, 2007 Share Posted August 29, 2007 Dear all. Thanks for all of your replies. Unfortunate there was nothin which worked! Even the info I was getting from the Internet wasn't help in any point. In the meantime I was able to stop the working of this trojan. This I done by renaming the file frmwrk.exe to frmwrk.old because by changing the main name frmwrk to something else or deleting the file replicating itself again and I didn't found the sourcefile until now. All on the system back to normal except I can't open the Taskmanger of Windows Vista but I use a different Taskmanager anyway. Hopefully there will be a remove tool in the near future. For the next time I'll keep that system alive and will try to find out where the source file is hiding himself. Again thanks to all! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now