20 replies to this topic

[Sandokan]

For some reason I was unable to acces my FTP with my FTP program. This isn't a problem at all,
I just use my File Manager in the CP. But when I want to upload a file it says: Virus Found Not Uploaded
(Trojan Downloader ect....) but when I scan it with my Virus Scanner it turn out negative. Is there a way
to shut this Virus control off?

[Jimmy]

If I were you I would not attempt to disable the scanner, On a couple of conditions:

1. Upload the file here - http://virusscan.jotti.org/ - This site will scan it with all the major and some not so major scanners (may take a long time as it did for me)
2. If the file is infected, I recommend deleting it from you're harddrive and recycle bin.
3. Note uploading a file which you know may be a virus might breach the TOS of you're hosting. I'm not sure but it's not fair to others anyway to distribute possible stuff around.
4. Grab yourself Kaspersky Internet security and do a full scan, I can highly recommend it! No I'm not paid to say that nor do I work for them :-)

Sorry if this seems complicated. It's 1:30 in the morning for me so I've treied to lay this out as simple as possible, for mine and your sakes!!!

James

Edited by Jimmy, 26 December 2007 - 01:32 AM.

[Sandokan]

Thanx I'll look into your suggestions

EDIT:
Ok it found a Trojan Downloader so it's really there. But how can I remove it because it's one of the HTML files
I need to upload to add a new page. I use a easy program and I just click "export HTML" and it's there. I have
created new ones twice allready but it keeps having a virus. What can I do??

Thanx

Edited by Sandokan, 26 December 2007 - 11:15 AM.

[jlhaslip]

What are the details of the virus? Name, etc...

Try the Norton Security site. http://www.symantec.com/norton/security_re...emovaltools.jsp
They offer some assistance there.

[Sandokan]

Thanx I looked it up but I didn't find anything about it. I downloaded a special Trojan Remover which didn't even find it!
On google I can't find much
I'll just keep looking

[hr=noshade] [/hr]
On suggestion of Jimmy I have got the complete version of one of the latest Kaspersky Internet security and not even that could find it!
How am I supposed to remove a virus which allmost no Virus scanner can find ????

What can I do This would mean I can never update my website again

[shadowx]

Quote

I use a easy program and I just click "export HTML" and it's there.

How long have you used this app and how many webpages have you made with it?

the fact the malware that has infected the files is a Trojan Downloader Suggests to me that other files in your system are infected as malware generally takes three steps, Infection, multiplication/delete files etc... and then finally distribution and it seems this malware is either distributing or copying itself which means that its likely your PC is infected. I know a lot of things have been suggested but i suggest one free AV, Avast anti-virus, every PC i can i install it on so far its about 4 or 5 and its perfect so give that shot, download it by searching google, you dont NEED to register for this but you can do if you want to keep it, again this is free. Now once installed schedule a Boot Time Scan and restart, your PC will be searched before that damned malware has a chance to open its eyelids and hide itself and hopefully this will catch it.

The other thing that you can try is a Hijackthis log, search google for that, download the app and run it then post the results here and if possible on their website and let the gurus see whats running. If neither of these find it then you must have a dormant infection, EG its infected the file but isnt doing anything else for the time being, or its brand new malware that hasnt been seen yet or its so small not many people have seen or registered it.

The thing that concerns me is that you say you use an app that makes your HTML files, is this app a well known piece of kit like Fronpage or something like that or is it something you found while searching the net and have never heard of? If its the second then this app could be what planted the seed in the HTML file and you should get rid of it pronto!

If nothing finds anything then delete the infected file and try again see if it happens again, it could simple be a bit of corruption during the upload that caused the error, on the other hand you could have been hit

[Saint_Michael]

Could you post a screen shot and give exact details as to what the trojan name is because your not giving the relevant information to help fix this problem. It also seems that the anti-viruses are not working for some reason or you haven't configured them properly or updated the virus list as well. Also try scanning for the trojan in safe mode and see if anything happens during that scan. I have to agree with shadowx that it seems that this program could be the cause of your files not getting uploaded properly, and you might have to look for something else to edit your files.

So if you can post more information on what this error says maybe we can find a solution to how to remove this trojan or file thats infecting everything.

[Sandokan]

I've been using this app for some time now it's called Web Page Maker, you can google it if you want.
I'll try all of your suggestions in the morning and I'm not giving much details because I don't have any
It's called: Trojan.Downloader-2388

[Saint_Michael]

Well thanks to that name I think I found a workable solution that makes the most sense to me, in a technical aspect:

Quote

Reply:

I have just removed this trojan from my computer using AVG free edition using the steps below.

Step 1 - Turn off System Restore - Control Panel, System, System restore tab, then check "Turn of system Resotre"

Step 2 - Restart computer in "Safe Mode" - Start, Run, type "msconfig", then OK, clik tab marked "BOOT.INI", then check /SAFEBOOT, then OK, then Restart.

Step 3 - while in safe mode, scan your entire computer with your updated antivirus software and remove infected files. My copy of Norton was out of date. I found a good, free antivirus called AVG Free Edition. It can be downloaded at:

http://free.grisoft....eweb.php/doc/2/

Step 4 - Repeat step 2, but this time un-check /SAFEBOOT and restart. After restart, turn system restore back on.

Hope it helps!

I knew before searching the topic that you would have to be working in safe mode in order to get this out, of course if your ready for some hardcore computing then check out this site as this person like so many others with this type of trojan has a good success rate.

Also here is some more info and another solution from the McAfee group.

So when your ready to try one of these methods either have another computer going with this info so you can read as you go through the steps, or have a print out of it.

[shadowx]

Well i googled the name along with many keywords and search symantec and similar security sites but i couldnt find a match, only similar malware EG Trojan.Downloader.something which could be related but thats not likely to yield many results...

Is there no other information you have on it?

Quote

Ok it found a Trojan Downloader so it's really there. But how can I remove it because it's one of the HTML files
I need to upload to add a new page

How did you confirm its there? If it was from a virus scan do you have a screenie of the scan results or something like that?

Another thing to consider is if its inside a HTML file the code should be human readable as to distribute itself the malware will most likely use Java or Javascript or other languages used to make websites which will then enable the attack on the unsuspecting user. Don't do this yet If nothing else works another option is to provide a screenie of the code of the HTML file if possible. I would want the mods/admins to check this thread first and make sure it isnt in violation of the ToS etc... and of course it could only be a screenie not a copy-paste of the actual code. But as i say, dont do this yet, let's see if anything comes up first.

Quote

I have created new ones twice allready but it keeps having a virus. What can I do??

well if the malware cant be removed ( which i think it can eventually) then you could try deleting Web Page Maker and re-installing it as its possible the EXE has been infected which is why it copied bad code into all the HTML files made with it, if you havent already (but it sounds like you have) then use every AV software you've got to scan the Web Page Maker program folder as methinks this EXE or partner EXE's have been infected.

[Sandokan]

Well, I found out that the virus is there when I wanted to upload it and confirmed it with this website : http://virusscan.jotti.org/
Jimmy gave, here is a screenshot:

http://i19.tinypic.com/8fcirli.jpg

I will try that last option of shadowx first because it really seems logic
If it doesn't work I will deffenitly try the rest, thanx

Update 1:
Uninstalling and Reinstalling Web Page Maker completely didn't solve the problem

Greetzz

[shadowx]

Ah thanks for the Screenie, i found a hit on the second malware mentioned there, Trojan.Downloader.JS.Small.dn Interestingly though the only result i could find was by using "Trojan" to start it rather than "Troj" so maybe the online scan shortened the name, either way it sounds like the right thing. A short description can be found here http://www.avira.com/en/threats/section/fu...s_small.dn.html

It is indeed a downloader as the name suggests, it seems to download an EXE which is then executed and thats the part to really worry about. Unfortunately it didnt have removal instructions but i have some suggestions now that we have a lead...

The first is to try this AV program http://www.avira.com...load/index.html download the home personal one as its free. The reason i suggest this is that symantec and other big names seem to be oblivious to this as was found by the AV's you tried and the fact their security response sites didnt even recognise the malware name. However this AV company seem to have recognised it so i think its definitely worth a shot with this AV, you can always uninstall all these AV progs afterwards.

If that doesnt work then i have another suggestion. The online scanner found two malware, possibly the same one just with a different name and one of the scanners that found it was the ClamAV scanner. Ive never heard of this scanner but ive done a google and found a windows download version of it: http://w32.clamav.net/ I know the website doesnt look much but its used by the online scan company and has been on *nix for years apparently so it seems legit and useful so give that a shot. Again i suggest this because it seems to be able to recognise the malware and hopefully remove it.

Quote

Update 1:
Uninstalling and Reinstalling Web Page Maker completely didn't solve the problem

I see.. Bad times.. So in theory that application should be good which means something else is infected... The problem is that we only know you are infected because you tried to upload a HTML file and as no AV so far has detected it you never know how many files are infected already... If you havent already got a firewall install Comodo firewall (google it, very reputable i use it on every machine i touch) and set it to the custom security level and if you get alerts for things like IM clients or Web browsers accept them but dont check the "remember my decision" box. If anything comes up with a red alert (you can tell because the top of the alert box will be red) deny it and if any programs access the internet when they shouldnt be (such as text editors and programs that work when you arent connected to the net) Deny them also but remember dont check the remember box. If you've already got a firewall then keep a close eye on it just in case something tries to download something you dont want.

I have faith in the two AVs i suggested so give them a shot and see if they can catch it. If possible do all these scans in safe mode as Saint_Michael said. I've just seen his post and didnt realize it untill now... Seems odd how it got in there without me noticing! Anyway try his suggestions first as they seem to have more credibility and if they dont work then try mine

[Sandokan]

Ok, gonna try your suggestions, using AVG Free in safe mode didn't help BTW, it took 2.5 hours to scan 90000 files

Greetzz

[Jimmy]

Okay I have an idea, it may seem barmy at first, but would you be able to open with notepad or wordpad the .html file that is "infected", copy all the text and paste it in a "code" tag on here please? That may give a hint as to where the thing stems from or what it contacts etc etc... (Make sure you paste it in a code tag, we don't want infected stuff here on trap!!)

Good Luck

[shadowx]

Quote

copy all the text and paste it in a "code" tag on here please?

I sorta suggested that but using a screenie of the code rather than the actual code on T17 as a screenie is a lot safer than having mal-code on the forums as its always possible there would be a leak. So i would say use a screenie instead of the code itself just in case!

[Jimmy]

shadowx, on Dec 27 2007, 09:46 PM, said:

I sorta suggested that but using a screenie of the code rather than the actual code on T17 as a screenie is a lot safer than having mal-code on the forums as its always possible there would be a leak. So i would say use a screenie instead of the code itself just in case!

Ah yes you got me :-) Nice! How many screenshots can you fit the page onto?

[Saint_Michael]

Did you disable the windows recovery before scanning in safe mode? Also I found the solution since this Trojan goes by another name js.wonka. So do what this website says in order to remove the Trojan from your computer, and if that doesn't work wipe the hard drive and reinstall, because firewall is not going to be able to protect your computer since that Trojan is planted in nice and comfy into your computer. So any firewall or AV will think its a windows file such as it has been since you first posted this and no anti-virus software is picking it up, and so if you have to go with the re-installation make sure you have firewall and anti-virus software installed, and then update the software ASAP and you should be fine.

[Sandokan]

Well, I thought since reinstalling Web Page Maker didn't help it was the save file, and I was right. I will work from my last save file en remove the other one, I hope that with that the problem is solved, if not, I will inform you.

BIG THANX FOR EVERYBODY'S GREAT HELP!!!!!!!

Ok, it worked for this ones but now I wanted to upload another one and it was back, Ill just keep trying the suggestions

Greetzz

[Saint_Michael]

Well it seems that you have no other choice but to reinstall your computer because if this Trojan has affected you that much you have no other choice but to reinstall. For it seems that this Trojan has infected your whole computer and any files you put on it will get this tag and I don't want to remind you the bad effects of transferring files from an infected computer. So your down to your last resort if you couldn't remove the trojan from the computer and that is the reality of things.

[Sandokan]

I'm afraid so too, I think I will format my drive tomorrow...

Greetzz

[iGuest]

norton antivirus firewall inhibits downloading, slows down computer
Virus..

Although a quality tool, Norton Antivirus definitely inhibits and slows-down my computer, prevents me from accessing my paid-for on-line internet websites, and more importantly prevents me from accessing thousands of free nostalgia-movie download sites, via a Kosher accessing CD Rom.

They have very kindly refunded-in-full my recent Norton renewal, but I still have their controlling tool stuck on my computer, and - despite using Add/Remove, is is still stubbornly staying there, so I am at a loss as what to do.

Has anybody else experienced the same difficulties, and - if so - how did you manage to break-free from Norton and this all-time computer control freak ?

Cheers and thanks. Gerry George

-reply by Gerry George