Trojan Flush.M


B

Belprice

HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.

Thanks in advance.
Ta
 
Ad

Advertisements

G

Gerry

Are you just running Norton Anti-Virus? What anti-spyware programme are
you running?

Trojan Flush M from the Norton report sounds to relatively minor but it
could be a symptom of other malware. Some will change passwords.

I would download and run Spybot S & D (freeware version) and see if it
finds anything like a Trojan. If Spybot S & D finds anything significant
( other than cookies) you need to be wary. If it removes something and
it returns or another nasty pops up it can be an indication that there
is another hidden nasty not being detected by Norton or Spybot.
Spybot S & D. There is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

If you still have problems you might try Malwarebytes. This is currently
making a considerable impact, although I have not tried it myself. I
believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html--Hope this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote:> HI there,>> I am running Norton Anti - Virus and it has reported that i have a> virus called Trojan Flush M and no matter what I try I can not remove> this virus. I tried to follow the instructions for manual removal of> this virus, however it instructed me to restart windows in safe mode> and then a full scan. When I tried to do this I was asked for a> administration password , but I bought this computer second hand and> have no idea what this pasword is!>>> Also my computer is now acting very strange , programs are> disappearing when I re start the computer and when I try to view the> c drive I get an error message which states " WINDOWS CANNOT FIND> RESYDED /BOOT.COM OR RESYCLED/BOOT.COM>> I am desperate not to lose the many important family files on this> computer, such as photos and videos, can someone please help me with> this very annoying problem.>> Thanks in advance.> Ta
 
D

Daave

Belprice said:
HI there,

I am running Norton Anti - Virus and it has reported that i have a
virus
called Trojan Flush M and no matter what I try I can not remove this
virus. I
tried to follow the instructions for manual removal of this virus,
however it
instructed me to restart windows in safe mode and then a full scan.
When I
tried to do this I was asked for a administration password , but I
bought
this computer second hand and have no idea what this pasword is!

Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.

The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you have
to reinstall Windows? Hopefully, if there is a disk, you obtained it
along with the PC! Otherwise, you was robbed.
 
G

Gerry

Daave

That's strong language! It does depend on what was paid for the computer
and whether the lack of a Windows XP CD ( if the new owner does not have
one ) was covered in negotiations before purchase?

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
D

Daave

Good point. Still, it's good practice to include the proper way to
return a PC to its original state. Many people have been burned and I
suspect they didn't factor that inconvenience into the negotiations
because they were simply unaware that they are normally entitled to it.
 
K

Ken Blake, MVP

When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


If I acquired a used computer, the first thing I would do with it
would be to reinstall the operating system cleanly. You have no idea
how the computer has been maintained, what has been installed
incorrectly, what is missing, what viruses and spyware there may be,
etc. I wouldn't want to live with somebody else's mistakes and
problems, possibility of kiddy porn, etc., and I wouldn't recommend
that anyone else do either.
 
Ad

Advertisements

G

Gerry

Daave

True.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
M

Mick Murphy

Install the 2 programs below, and scan with them in Safe mode, as well as
with your Anti-virus.
When you go to Safe Mode, you don't need to be in the Admin account; just
sign in with your User Account.
If there is no option for that, usually the Admin account password is left
blank.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.
 
T

Touch Base

"Also my computer is now acting very strange , programs are disappearing
when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM"

[TB] This file is part of the trojan and it is usually located in the root
of the 'C' drive. There is also an autorun file [which is hidden], that is
part of this problem and it interacts with the boot.com file which allows it
to propagate on the next start of windows.

=========================================================

[TB] This site talks about removing the problem with boot.com file. Read
through and see how others handled this problem. Malwarebytes is mentioned
in some of the responses.

http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/


==========================================================


"I believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes."

A visit to their website before posting the comment would have been prudent.

Malwarebytes is not an anti-virus product and it is not a purchase after
trial product.

It has a free version and a pay for version.

The pay for version has real-time protection, scheduled scanning, and
scheduled updating.

The free version does not have resident protection, it only allows for after
the fact scanning and you have to download the updates manually.

Apart from that they do exactly the same job, it is not limited in any
regard.

It's still a good idea to turn off Norton during a scan because it will pop
up and attempt to quarantine the trojan while Malwarebytes is doing it's
scan and it can only confuse the user as to which product do I use to try
and remove it. If Nortons hasn't been successful handling the trojan then
let Malwarebytes do it's job unhindered and quarantine and attempt to remove
it.
 
B

Belprice

Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.
 
G

Gerry

Belprice

You don't need to know a domain name to boot to safe mode. In safe mode
you have no internet connection.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Ad

Advertisements

T

Touch Base

Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer
in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.

=========================================
Hi "Belprice"

You should be able to start the computer in safe mode. If you can start it
in normal mode and log in with a password then it's exactly the same thing
in safe mode. Click on the same name and use the same password when safe
mode starts up, it should offer you the same log on name.

Failing that I suggest if you have a second computer and you're up to it, or
you have a friend or relative that has a computer running XP or even windows
2000. Take your hard drive out of your computer and connect it up to the
other computer as a slave drive. Start that computer in safe mode with
networking (internet support), and download Malwarebytes or download it
before you connect the drive, update the program then run it on your hard
drive. To do this once the computer has started and Malwarebytes has been
installed and updated, open My Computer and right click on your hard drive
which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main hard
drive. The reason is, as I mentioned in my previous post, this is an
insidious trojan and it will quite possibly infect any hard drive connected
to it. It happened to me when I was repairing someone else's computer. I
connected my USB drive (which had my copy of Malwarebytes on it) and it was
infected with the same trojan. The USB drive was easy to clean because I
knew what to look for but the likelihood is there. So if you scan both
drives it should be ok.

If the above is too hard for you and don't be embarrassed by that, I suggest
you take it to a computer shop for repair. Of course it would be good if you
had a backup of all your personal files beforehand and you probably haven't
done this so ask the computer shop to back up your files before they start
repairs on your computer. Warn them that the trojan can infect other
connected drives so they are prepared to handle it.
 
B

Belprice

Hi Everyone,

I had some issues with malware and viruses and ran Norton Anti Virus, Super
Anti Spy and a program called Remove it, which someone suggested I use in
another newsgroup. I now think I have got ride of all my viruses and spyware,
however now when I restart my computer it freezes at the windows screen and
the blue status bar just keeps running and running. I can start the computer
in safe mode; hence this post, but I don’t know how to resolve the problem of
the computer freezing on start up.

I would be grateful for any help on this matter.

Thanks a million in advance.

TA
JC
 
G

Gerry

Belprice

My suspicion is that you still have malware.

What errors appear in Event Viewer for the last 24 hours?

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
K

Ken Blake, MVP

Hi Everyone,

I had some issues with malware and viruses and ran Norton Anti Virus, Super
Anti Spy and a program called Remove it, which someone suggested I use in
another newsgroup. I now think I have got ride of all my viruses and spyware,


My guess is that you didn't, or if you did, you still have remaining
some of the damage that they caused.

How many infections did you have? If you had many, it's usually
necessary to do a clean reinstallation of Windows than to try to clean
the computer.

Moreover, it's important to note that viruses can do damage and are
not things that you want to remove after you get infected. Rather, you
want to prevent your getting infected in the first place.

And finally, in my view, Norton Anti-Virus is the *worst* anti-virus
program available. I recommend NOD32, or if you want a free program,
Avast.

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
 
D

Daave

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.

I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.

Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:

C:\WINDOWS\system32\drivers\etc

If you wish, you may replace it with a *good* Hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

SUPERAntiSpyware
http://www.superantispyware.com/

The freeware versions are fine.

If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):

NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!
 
Ad

Advertisements

K

Ken Blake, MVP

I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days.


Ahh, thanks for that info. Then it's a clearly one to stay far away
from.
 
Ad

Advertisements

S

samantha fox

How to remove resycled/boot.com

http://www.tips29.com/2009/01/how-to-remove-resycledbootcom.html
HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.

Thanks in advance.
Ta
On Friday, December 12, 2008 9:30 AM Gerry wrote:
Are you just running Norton Anti-Virus? What anti-spyware programme are
you running?

Trojan Flush M from the Norton report sounds to relatively minor but it
could be a symptom of other malware. Some will change passwords.

I would download and run Spybot S & D (freeware version) and see if it
finds anything like a Trojan. If Spybot S & D finds anything significant
( other than cookies) you need to be wary. If it removes something and
it returns or another nasty pops up it can be an indication that there
is another hidden nasty not being detected by Norton or Spybot.
Spybot S & D. There is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

If you still have problems you might try Malwarebytes. This is currently
making a considerable impact, although I have not tried it myself. I
believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html--Hope this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote:> HI there,>> I am running Norton Anti - Virus and it has reported that i have a> virus called Trojan Flush M and no matter what I try I can not remove> this virus. I tried to follow the instructions for manual removal of> this virus, however it instructed me to restart windows in safe mode> and then a full scan. When I tried to do this I was asked for a> administration password , but I bought this computer second hand and> have no idea what this pasword is!>>> Also my computer is now acting very strange , programs are> disappearing when I re start the computer and when I try to view the> c drive I get an error message which states " WINDOWS CANNOT FIND> RESYDED /BOOT.COM OR RESYCLED/BOOT.COM>> I am desperate not to lose the many important family files on this> computer, such as photos and videos, can someone please help me with> this very annoying problem.>> Thanks in advance.> Ta
On Friday, December 12, 2008 7:35 PM Touch Base wrote:

"Also my computer is now acting very strange , programs are disappearing
when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM"

[TB] This file is part of the trojan and it is usually located in the root
of the 'C' drive. There is also an autorun file [which is hidden], that is
part of this problem and it interacts with the boot.com file which allows it
to propagate on the next start of windows.

=========================================================

[TB] This site talks about removing the problem with boot.com file. Read
through and see how others handled this problem. Malwarebytes is mentioned
in some of the responses.

http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/


==========================================================


"I believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes."

A visit to their website before posting the comment would have been prudent.

Malwarebytes is not an anti-virus product and it is not a purchase after
trial product.

It has a free version and a pay for version.

The pay for version has real-time protection, scheduled scanning, and
scheduled updating.

The free version does not have resident protection, it only allows for after
the fact scanning and you have to download the updates manually.

Apart from that they do exactly the same job, it is not limited in any
regard.

It's still a good idea to turn off Norton during a scan because it will pop
up and attempt to quarantine the trojan while Malwarebytes is doing it's
scan and it can only confuse the user as to which product do I use to try
and remove it. If Nortons hasn't been successful handling the trojan then
let Malwarebytes do it's job unhindered and quarantine and attempt to remove
it.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top