Trojan Horse Downloader

Discussion in 'Windows XP Security' started by Lance Cook, Jul 25, 2004.

  1. Lance Cook

    Lance Cook Guest

    hello all,
    I've recently had a trojan in my system that is really
    confusing me. I shut-off system restore, and rebooted
    into safe-mode. I deleted the file through my Anti-Virus,
    but when i restarted my pc the next day the same Trojan
    was there again. It doesnt actually excute itself, but
    the file downloads itself somehow. I've looked for
    information on it but i cant find away to get rid of it
    for good. Please help me. The name of it is Trojan horse
    Downloader.Agent.AL. It's always
    in "C:\Temp\BDL74125.exe". Thanks
    Lance Cook
     
    Lance Cook, Jul 25, 2004
    #1
    1. Advertisements

  2. Lance Cook

    Jerry Guest

    Found this in a news group. Try this....thanks to Tellco. The program he
    mentions is Hijack This! which can be found at http://www.merijn.org/.
    -------------------------------------------------------------

    Ok, first disable the System Restore feature in Windows XP (you can
    re-enable it again once your system is clean). Here's a link on how to do
    this:

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    Next, make sure all browser and all Windows Explorer windows are closed,
    then run "Hijack This!" and have it fix these entries:

    O4 - HKLM\..\Run: [SPELL32V] C:\WINDOWS\System32\SPELL32V.exe

    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_42.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
    http://launch.gamespyarcade.com/sof...nch/alaunch.cab

    When done, reboot your system and bring it up in "Safe Mode" (F5 or F8 when
    starting Windows). At this point make sure Windows is configured to see
    hidden files and folders. Here's a link on how to do this if needed:

    http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=

    While in "Safe Mode", find these files and delete them from your system:

    C:\Windows\bdlj4126.exe
    C:\WINDOWS\System32\SPELL32V.exe

    When finished, reboot your system again and bring it back up in normal mode.
    Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG,
    click on Start -> Run -> type in MSCONFIG -> click OK. Once everything is
    enabled, run "Hijack This!" and post a new log to this thread so I can
    verify that we got everything.

    "Lance Cook" <> wrote in message
    news:36cd01c471ec$f2ea7a10$...
    > hello all,
    > I've recently had a trojan in my system that is really
    > confusing me. I shut-off system restore, and rebooted
    > into safe-mode. I deleted the file through my Anti-Virus,
    > but when i restarted my pc the next day the same Trojan
    > was there again. It doesnt actually excute itself, but
    > the file downloads itself somehow. I've looked for
    > information on it but i cant find away to get rid of it
    > for good. Please help me. The name of it is Trojan horse
    > Downloader.Agent.AL. It's always
    > in "C:\Temp\BDL74125.exe". Thanks
    > Lance Cook
    >
     
    Jerry, Jul 25, 2004
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest

    Trojan horse downloader

    Guest, Jan 18, 2004, in forum: Windows XP Help
    Replies:
    4
    Views:
    544
    =?Utf-8?B?R3JpZmY=?=
    Jan 19, 2004
  2. Guest

    Trojan horse downloader.Swizzor.N

    Guest, Apr 10, 2004, in forum: Windows XP Help
    Replies:
    1
    Views:
    1,107
    Rick \Nutcase\ Rogers
    Apr 10, 2004
  3. gongie2

    trojan horse ' downloader'

    gongie2, Oct 22, 2004, in forum: Windows XP Help
    Replies:
    0
    Views:
    224
    gongie2
    Oct 22, 2004
  4. Guest
    Replies:
    2
    Views:
    212
    Guest
    Feb 1, 2004
  5. latebidz
    Replies:
    2
    Views:
    456
    madmax
    Oct 24, 2004
Loading...

Share This Page