Trojans virus problem

[tshad]

I have been trying to clean my system for days now to get rid of various
trojans that infected my system and apparently got by TrendMicro
(Virtumonde, Spyware Guard, SmitFraud-c).

I finally got Vipre to get rid of most of it and did see a couple of dlls
that it marked as suspicious and was wondering if anyone knows if they are
problems?

ljnghe.dll, rqrhbatn.dll and grandpack2.dll are the ones I was curious about
and I can't seem to find anything on the net about them.

Thanks,

Tom

 

[Patrick Keenan]

I have been trying to clean my system for days now to get rid of various
trojans that infected my system and apparently got by TrendMicro
(Virtumonde, Spyware Guard, SmitFraud-c).

I finally got Vipre to get rid of most of it and did see a couple of dlls
that it marked as suspicious and was wondering if anyone knows if they are
problems?

ljnghe.dll, rqrhbatn.dll and grandpack2.dll are the ones I was curious
about and I can't seem to find anything on the net about them.

Thanks,

Tom

They do look suspicious. Rename them, to "filename.bad", reboot, and if
nothing breaks, delete them.

HTH
-pk

 

[tshad]

Sounds reasonable.

I'll try that.

Also, when I try to update Vipre, it tells me it can't connect to the
internet to get the updates. Yet IE connects fine and I can ping sites like
google and yahoo fine. Vipre works fine on my laptop on the same network.

Any idea what would cause that?

Thanks,

Tom

 

[Mick Murphy]

Download, install, update and scan with, in safe Mode if necessary, the 2
Programs below.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

 

[Malke]

Sounds reasonable.

I'll try that.

Also, when I try to update Vipre, it tells me it can't connect to the
internet to get the updates. Yet IE connects fine and I can ping sites
like
google and yahoo fine. Vipre works fine on my laptop on the same network.

Any idea what would cause that?

Yes. Your computer is still infected. At this point, you should either get
guided help at one of the specialty forums below OR back up your data and
do a clean install of Windows. It is your choice. If you are unsure how to
back up your data or how to do a clean install, you can take your machine
to a local computer professional. I don't recommend using
BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke

 

[Randem]

Generally files that semm to have a random sort of name are susicious and
are of the virus/malware kind. You can delete then to see if nothing
happens. Sincve they will be in you recycle bin you have nothing to worry
about you can always restore them. The first two files are really
suspicious. Use other remedies to receheck you system for infections. Here
are some steps to take that will help
htpp://www.randem.com/virusproblems.html

 

[Mick Murphy]

Get a Spell Checker, SPAMMER.
--
Mad Mike

Generally files that semm to have a random sort of name are susicious and
are of the virus/malware kind. You can delete then to see if nothing
happens. Sincve they will be in you recycle bin you have nothing to worry
about you can always restore them. The first two files are really
suspicious. Use other remedies to receheck you system for infections. Here
are some steps to take that will help
htpp://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html

 

[Randem]

Get a LIFE!!!

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html

 

[David H. Lipman]

From: "tshad" <[email protected]>

| I have been trying to clean my system for days now to get rid of various
| trojans that infected my system and apparently got by TrendMicro
| (Virtumonde, Spyware Guard, SmitFraud-c).

| I finally got Vipre to get rid of most of it and did see a couple of dlls
| that it marked as suspicious and was wondering if anyone knows if they are
| problems?

| ljnghe.dll, rqrhbatn.dll and grandpack2.dll are the ones I was curious about
| and I can't seem to find anything on the net about them.

| Thanks,

| Tom


The files ljnghe.dll and rqrhbatn.dll sound like Vundo Trojans. I don't know what
grandpack2.dll is.

To find out what grandpack2.dll is, please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

To deal with the possible Vundo Trojans (which are related to the Virtumonde adware) I
suggest Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

BTW: Nothing I see in your post indicates that you were infected with a virus.

 

[David H. Lipman]

From: "Mick Murphy" <[email protected]>

| Get a Spell Checker, SPAMMER.
| --
| Mad Mike

The news server admin must also think he is spamming as many of his posts are being
deleted off the server !