5 replies to this topic

[web_designer]

trojan-gamethief.win32.magania the worst trojan i've ever see in my life. it attacked my computer and start blocking the hard disk, which that is mean i couldn't enter my hard disk drives, it also attacks the registry, my system stops, windows open and close by itself, when i make a scan in kaspersky internet security it affect the kaspersky internet security either but at that time i could find the virus locaton which it was in this path

C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds0.dll

or

C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds1.dll

or

C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe

i thought as long as i found the virus location then i can remove it manually, but the funny thing that i couldn't enter local setting at all, not by show the hidden folders or using explore, or even from the dos window command, in fact in dps i could enter and show the hidden folders but i couldn't deleted it.
so i decided to use my final option which is the format for c drive
but when i did that it return and affect my files in c drive again
at that point i really get mad , and didn't know what to do, but after a little bit of thinking i discovered that the virus is already infect the other drivers so it came back when i installed the system configuration
so the solution that i did and work for me is after i did format c drive i installed trendmicro antivirus and did scan for all my computer in this step i fixed or clean the other drivers from the virus but c drive is still infected so i reformat the c drive and installed system configurations and that's it
if you want more informations about this virus, these what i can collect

Quote

Name : Trojan-PSW:W32/Magania
Detection Names : trojan-gamethief.win32.magania
Category:[/size][size=3]Malware
Type: Trojan-PSW

Trojan-PSW:W32/Magania is a large family of login/password stealing trojans that are reportedly made in China. The main purpose of the trojan is to steal logons and passwords from users who play on-line games, provided by Gamania.

It should be noted that some on-line games allow users to sell their character's possessions for real cash, so the motivation behind the creation of such trojans is to steal virtual goods and to convert those goods into real-world cash.

These trojans are usually distributed in file attachments to e-mail messages spammed out to victims by hackers. The file attachment is typically a single executable program. In most cases such an attachment is a self-extracting RAR archive that contains at least one more embedded archive. In one of these archives there's always a Magania trojan.

Once the infectious attachment is run, it usually displays an image as a decoy. At the same time the trojan's payload is activated.

The trojan installs itself to the system by copying itself to one of the Windows subfolders or to the Windows System folder. It then drops a DLL file that represents the main spying component. The trojan registers the dropped DLL as a component of Internet Explorer, so it always has access to the Internet and can monitor URLs that are visited in the browser.

so be careful and start removing that virus or trojan as soon as possible.

[deadmad7]

To avoid the the Trojan 'PSW Magania' you might want to install Avast Anti virus for a free at the Avast website (Google it or Bing it Everything you download a file, make sure it goes to a single folder then right click on the file , choose scan my avast and then make sure its clean before you open it. Also update your avast virus list frequently so that new viruses or Trojans don't get through the scan and affect your computer. It's also safer to have 2 OS's in your computer. As you can't get to the Local Location, all you have to do is go into (for example) Windows XP and go to the local location and then remove it and then go back to (for example) Windows 7. This is way is way faster and much safer , easier. Then formatting and reformatting your hard drive and such.

[minimcmonkey]

I agree with deadmad7. I'm currently running avast and it seems to be keeping my system clean with no obvious performance drops. Another advantage is avast's ability to perform boot time scans - some viruses will infect system files, these cant be changed while windows is running, so avast scan the hard disk before windows starts and removes any viruses it finds.
A good antivirus (like avast) actively protects your computer, so if something tries to get in or tries to run, it will stop it, and tell you.

[Quatrux]

For some time now I use Microsoft Security Essentials and it works well, didn't have any problem with a virus or a trojan like that, besides it's FREE.

[index.html]

From Kaspersky forums:

Run this script, PC will reboot.
Code:

Quote

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('E:\xih9.cmd','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('C:\xih9.cmd','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\xih9.cmd');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\xih9.cmd');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Dont know whether it works for AVG though but might give a try.

[web_designer]

thanks for your advices, i am now thinking to change my anti virus from kasper sky to avast or microsoft security. even though kaspersky is good but i noticed that it can be hacked and the most problem in it is when it expired then i should wast my time searching for a free keys , it is really so annoying so i think i will change it.