Trojan Horse Downloader

L

Lance Cook

hello all,
I've recently had a trojan in my system that is really
confusing me. I shut-off system restore, and rebooted
into safe-mode. I deleted the file through my Anti-Virus,
but when i restarted my pc the next day the same Trojan
was there again. It doesnt actually excute itself, but
the file downloads itself somehow. I've looked for
information on it but i cant find away to get rid of it
for good. Please help me. The name of it is Trojan horse
Downloader.Agent.AL. It's always
in "C:\Temp\BDL74125.exe". Thanks
Lance Cook
 
J

Jerry

Found this in a news group. Try this....thanks to Tellco. The program he
mentions is Hijack This! which can be found at http://www.merijn.org/.
-------------------------------------------------------------

Ok, first disable the System Restore feature in Windows XP (you can
re-enable it again once your system is clean). Here's a link on how to do
this:

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Next, make sure all browser and all Windows Explorer windows are closed,
then run "Hijack This!" and have it fix these entries:

O4 - HKLM\..\Run: [SPELL32V] C:\WINDOWS\System32\SPELL32V.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_42.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
http://launch.gamespyarcade.com/sof...nch/alaunch.cab

When done, reboot your system and bring it up in "Safe Mode" (F5 or F8 when
starting Windows). At this point make sure Windows is configured to see
hidden files and folders. Here's a link on how to do this if needed:

http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=

While in "Safe Mode", find these files and delete them from your system:

C:\Windows\bdlj4126.exe
C:\WINDOWS\System32\SPELL32V.exe

When finished, reboot your system again and bring it back up in normal mode.
Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG,
click on Start -> Run -> type in MSCONFIG -> click OK. Once everything is
enabled, run "Hijack This!" and post a new log to this thread so I can
verify that we got everything.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

trojan horse downloader agent.ac 3
Trojan Horse or spyware? 1
trojan horse, 1165180233 5
Trojan horse downloader 1
TROJAN HORSE help 1
Trojan horse downloader 1
trojans Folder 1024 11
trojans Folder 1024 1

Top