Hi there. I was searching the web for virus removal programs to Trojans, when I came across this board in a search for specific trojans. I was wondering if anyone could help me figure out how to remove the ones on my system? There seem to be alot of them, my AntiVir likes to go off with warnings many times in a row, although I think some of the warnings are for the exact same virus over and over.

I've been writing down the different ones I see, here's the 2 I have right now, I'll edit in some more in awhile as I see them.

TR/Buddy F
TR/Dldr.Spybi.2
TR/Agent.AY.4
TR/Click.Small-EZ
TR/Stervice.C
TR/Dldr.Qoologi.P.2
TR/Dldr.Small.abd
TR/Drop.Qoologi.O.2
TR/Dldr.Spybi.1

I also seem to have a case of spyware on my system, as Internet Explorer occassionally pops up with ads, but I use Firefox :-\ I suck

EDIT: Oh right, the warnings most frequently occur at startup and when I run an ad-aware scan. The list has been updated after the scan I just ran with ad-aware.

It's insane...I got 1 originally when I stupidly went to a crack site, a small crack site at that which hadn't given me problems before. I didn't even download anything, it came in through cookies or temp internet files. Then it just multiplied quickly...I only got that first one alittle over a day ago >(

Hi there ZacKT,

Looks like you've picked up a nasty spyware infection, which may require the submission of a HJT log to sort out. Before we get to that though, there are some basic cleaning procedures you should go through.

To start with you should disable system restore, if applicable to your system, as per here (for XP):- http://www.bleepingcomputer.com/forums/tutorial56.html

Then clear out all your temp files, and the easy way to do that is by downloading CCleaner from here:- http://www.ccleaner.com/
Before running CCleaner you should configure it by clicking 'Options'/'Advanced' and unticking the box 'Only delete files in Windows Temp folders older than 48 hours'.

Now you should go into Safe Mode; see here:- http://www.bleepingcomputer.com/forums/tutorial61.html

and do a full system scan with your AV (which you should update beforehand to ensure you are using the latest definitions).

For this scan it would be better to configure AntiVir to search 'All files' (rather than just 'Program and macro files'). You do this by clicking 'Scan Settings'/'Search' and selecting 'All files'. Also ensure that it is set to search 'Archives'.

Allow AntiVir to delete anything it finds.

Finally you should D/L and install a trial version of Ewido from here:- http://www.ewido.net/en/download/
You should update the sigs, then go into 'safe' to run it.

Please note that Ewido is only suitable for Windows 2000 or XP, unfortunately you do not state your system, but if it is older you could try A2 from here:- http://www.emsisoft.com/en/software/free/

When you have done all that please post the relevant sections of log from AntiVir and Ewido so that we can see exactly what is being found.

PS - I note you are using AdAware, it would be a good idea to use this in 'safe', for a full system scan, immediately after running Ewido.

Yes, I am on Windows XP, sorry for not mentioning that.

Ok thank you for the help, I'll get right on that after work today and let you know how it went.

Sorry to double reply to myself, but I am just ensuring that you come back to the topic, if you've already read my reply.

I did what you said to do, and lo and behold, it got rid of most of the viruses. It detected 6 last I saw (It might've gotten a couple more, I was taking a shower and it finished before I got out). Some spyware seems to still be around, but ad-aware and Ewido and AntiVir seem to be keeping it in check.

Thanks so much for your help.

Good to hear things are improving, you might also try installing the VX2 Cleaner Add-on into AdAware and running it from the Tools tab of Add-ons, if you have not already done so. It is only looking for one variant of VX2, which you may not have, but it can do no harm trying it. You can get it from here:- http://www.lavasoft.de/software/addons/vx2cleaner.shtml

If there are still things you cannot shift, please post the full and exact file path, together with the precise name given by the scanner that found it.

It is quite possible this malware has made adverse changes to your Registry, the only way to tackle that would be to post in the HijackThis section and hope that someone there will know what Registry keys need to be ammended.

It would be a good idea to save the relevant logfiles from AntiVir to a separate location, in case they are required later, because they are soon overwritten. You can find them at C:\Program Files\AVPersonal\Logfiles\AVWIN#.log. The same thing applies to saving Ewido logs.

It is also a good idea to do an online scan, here are some suggestions, though I recommend the Kaspersky one first and foremost:-

http://www.kaspersky.com/downloads/kws/kavwebscan.html

http://www.bitdefender.com/scan8/ie.html

http://uk.trendmicro-europe.com/consumer/housecall/housecall_launch.php