BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trying to remove win32:trojano-1079[Trj]
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Trying to remove win32:trojano-1079[Trj]  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Trying to remove win32:trojano-1079[Trj] Printable version of : Trying to remove win32:trojano-1079[Trj]
[ << Previous Thread | Next Thread >> ]

Jwest
New Member


Date Joined Mar 2005
Total Posts : 7
 
   Posted 3/28/2005 11:42 PM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
I just did a virus check with avast and it says I'm infected with Win32:Trojano-1079{TRj}I tried to delete with various spyware programs and trojan removal programs but nothing seems to work. Can someone please help me with this problem-----Please
Back to Top
 

EmilyB
New Member


Date Joined Mar 2005
Total Posts : 3
 
   Posted 3/30/2005 4:58 AM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
Hi, I want to let you know that I got the trojano also.  I doubt that it is fully gone, but, I haven't seen any alerts for 6 hours.    I downloaded all of the programs I am about to mention and then disconnected the internet.  TrojanHunter, TrojanRemover, a-Squared, AVG, Spyblaster, Spybot, Ad-Aware, and Avast, I think I am missing one or two.  But, I first ran Avast doing a boot time scan, then I ran a-Squared, AVG, Ad-Aware and Spybot all at once.  Then the others.  THe virus popped back up after my screaming fit, I chose delete on the Avast alert, then rebooted immediately and did another boot time scan using avast.  I currently have a-Squared, AVG, Avast and Torjan HUnter running in the system processes, and I also use Sygate firewall.  Maybe I am overdoing it, but it's not bugging me now...

Anyway, I'm not done yet, I also used a registry repair program I found on download.com.  Then finally, I inserted the Windows XP disc and typed sfc /purgecache.  It was a quick little blip, then I typed sfc /scannow.  That repairs the necessary Windows files that the trojano made me delete.  I hope this helps you.  Please let me know if it did.  Emilyb49@yahoo.com  or if you can still use AOL IM  emileeb49  BTW, I can't install a current version on AIM, I had to install an old one.  *pout*
 
 
Good luck!!
Back to Top
 

EmilyB
New Member


Date Joined Mar 2005
Total Posts : 3
 
   Posted 3/30/2005 6:54 AM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
Well, it is now 8 hours from the time I thought it was surely clean, and it came back.  I guess my method just keeps it from multiplying in the system until you run one of the programs it screwed with.  It got roboform, aim and java for me, I don't know how I'm gonna fix these, but I need to block java from connecting to the net.  and it seems to use aim somehow.  a-squared got me to realize that, it asked my permission and dummy me let lava connect.  So put your firewall on a stronger setting that you have to allow everything access.  Then I suggest waiting it out until the computer geniouses figure out a cure for this one. 
Back to Top
 

fizgig-tom
New Member


Date Joined Apr 2005
Total Posts : 1
 
   Posted 4/3/2005 1:16 PM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
I to was infected by trojano 1079, missed by Norton but uncovered by Avast - running these together meant that Norton was monitoring on line, and Avast was discovering the virus off line. Removed Norton and then logged on and Avast running as the main on-line monitor caught the trojan as it tried to download itself when accessing the web using Internet Explorer, and switched me off-line to protect, the virus not being downloaded. Using Firefox browser I could surf web normally with no virus alert.

Investigated further and noted that my Internet homepage setting had been changed to About:Blank - here I think lies the problem. Check if you have About:Blank here, if so the way I cleared (so far!) the problem of trojano 1079 appearing was by using CWShredder, a quick to download and free program. I found this info by searching web for "About:Blank" rather than "trojano 1079".

After running this small program 1 file was discovered - I think CWSAboutBlank and deleted using program, I also cleared temp internet files and cookies, before going back on line first using Firefox, then Internet Explorer - horray no trojano 1079 alert this time around! Would recommend that you run CWShredder before going on line using IE to ensure this nasty time-wasting trojan still remains 'shredded' (its wasted hours of my time to get this far!)

Good luck and happy surfing again, Tom
cool
Back to Top
 

EmilyB
New Member


Date Joined Mar 2005
Total Posts : 3
 
   Posted 4/5/2005 4:41 AM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
Here I am again, and my computer has been clean for about 2 days now.  AVG Free has the complete fix for the Trojano1079.  I just had it somewhat contained before when I posted.
Back to Top
 

NeilS
New Member


Date Joined Apr 2005
Total Posts : 1
 
   Posted 4/9/2005 9:25 PM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
I, too, had the Trojano 1079 virus.  I may have also had some other problems because I was unable to access any Windows programs such as Control Panel and Windows Explorer.  I could surf the Net, use email and even use my other programs like Quicken and even MS Word.  My homepage was hijacked to "about:blank". 
I first tried Symantec's on-line scanning tool.  It pointed me to several adware files on my PC but did not mention Trojano 1079 (avast! told me I had the Trojano 1079).  When I actually tried using Symantec's "kill" programs for the specific adware files, Symantec told me those files were not on my PC.
 
I disconnected the internet connection.  Tried CWShredder - found nothing.  Tried SpySubtract - found nothing.  Using Hijack This!, noticed and removed a line that contained "about:blank".  Then ran AdAware and found one file.  I deleted cookies, temp files and history.  Ran avast! and it did not find any infected files. 
 
On reboot, Win32:Trojano 1179 (not a typo) came up in avast!.  IE still tried auto opening as it did w/ "about:blank". 
 
Rebooted again.  No virus or trojan horse notices came up.
 
Reconnected to the Net and downloaded AVG and ran a scan.  It found viruses.  I healed them, and ran AVG again.  AVG came back clean.  So far, no further problems.
 
In my "Favorites", I did find several "odd" bookmarks.  The addresses were very strange and ended in things like ".cc"  Even found a folder that was not mine.  I had tried deleting those over the past week but was unsuccessful (they would come back after I closed "Favorites").  After AVG gave me a clean bill of health, I was successful in permanently removing these bookmarks and folder.
 
Thanks to all for posting your experiences.  AVG is my new best friend!
 
  
 
 
Back to Top
 

Crockett
New Member


Date Joined Apr 2005
Total Posts : 2
 
   Posted 4/11/2005 3:03 AM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
I also found that at system turn-on, windows messanger loaded its self and then my virus alarms would stsrt going off. I had manually gone in and removed messenger from my system months ago. I have now blocked messenger from being hijack and loaded by other programs or viruses.


Good Luck;  Crockett
Back to Top
 

atducati
New Member


Date Joined Aug 2008
Total Posts : 2
 
   Posted 8/2/2008 6:09 PM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
I have run hijack this and this is what i have come up with please HELP!!!!


Logfile of HijackThis v1.99.1
Scan saved at 10:51:02 AM, on 8/2/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\lexbces.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantatriumphducati.com/
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [1c0a076d] rundll32.exe "C:\WINNT\system32\tbqquovq.dll",b
O4 - HKLM\..\Run: [BM1f3934f1] Rundll32.exe "C:\WINNT\system32\xiqnvaqx.dll",s
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atlantatriumphducati.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = atlantatriumphducati.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = atlantatriumphducati.prv
O20 - AppInit_DLLs: yrwwqi.dll ijnnpf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\lexbces.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
 
Plus whenever im running the hijack this i am getting an Application Error
 
The instruction at "0x1233293" referenced memory at "0x00000000". The memory could not be "read".
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 8/3/2008 7:51 AM (GMT +3)    Quote: Trying to remove win32:trojano-1079[Trj]Alert an admin about: Trying to remove win32:trojano-1079[Trj]
Hello atducati
 
 

 
 
After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, C: combofix TXT  in this topic
 
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.
 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 


Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
You cannot post new topics in this forum. Post reply to : Trying to remove win32:trojano-1079[Trj] Printable version of : Trying to remove win32:trojano-1079[Trj]
 
Forum Information
Currently it is Wednesday, September 24, 2014 5:24 AM (GMT +3)
There are a total of 60,617 posts in 13,321 threads.
In the last 3 days there were 2 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 36391 registered members. Please welcome our newest member, Briank10.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Two Questions - Changelog & License (3)9/23/2014 9:13:34 AM (NorthPole)
I definitely have Malware, I've tried everything I know how to do (2)9/23/2014 4:11:08 AM (AllPhillyFan)
Unable to access the internet after updating Trusteer (0)9/22/2014 6:49:37 PM (Robert Mateescu)
SPAM and The Bat (1)9/22/2014 4:02:39 PM (Robert Mateescu)
Crackling Audio With Bullguard (9)9/21/2014 7:57:44 PM (Chris.B)