Genealogy Chat

I have had a problem with a Trojan this last couple of weeks. I am not sure what harm it does, but it appears to go under the name of Win32:Trojano-1730 [Trj] It manifests itself as 12 k .exe files appearing in Windows and Windows/system32 I also supect that there are .dll files connected with it as well. The files then try to attach themselves into Startup I use the usual Spyware programs Microsoft / Adaware / Spybot / Spywareblaster. non of these seem to have any effect except Microsoft which will stop it going into startup, but does not delete it. My antivirus is Avast. This seems to trap the trojan 50% of the time, but not always. When new files appear in the Windows Windows/system32 folders I delete them, but obvoiusly whilst this treats the symptoms, the real source its still present. Any help in eradicating this little blighter once and for all would be appreciated. thanks Peter

Try disabling system restore and then reboot in safe mode run your anti virus program you should be able to get rid of it then. next reboot your comp and reable system restore I hope this helps though I dont garrantee it John

John, thanks for the tip I will try this now.

this is the nearest I can find........Bob Trojan Name Risk Assessment PWS-IX Corporate User : Low Home User : Low Trojan Information Discovery Date: 05/30/2005 Origin: Asia Length: 45056 , 24576 Type: Trojan SubType: Password Stealer Minimum DAT: 4502 (05/30/2005) Updated DAT: 4502 (05/30/2005) Minimum Engine: 4.3.20 Description Added: 05/30/2005 Description Modified: 06/06/2005 4:19 AM (PT) Description Menu Trojan Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend Trojan Characteristics: Detection was added to cover for a malicious 32 bit PE file originally called 'tjppdd.exe ' , having a filesize of 45056 bytes. Upon execution of this file, it drops an embedded file that's in the resource directory called 'tj_pp.dll ', having a filesize of 24576 bytes. The files are not internally compressed with packers. The 2 files are being copied to the %windows\%system directory, for example on a win2k test system: c:\WINNT\system32\tj_pp.dll (size: 24576 bytes) c:\WINNT\system32\tjppdd.exe (size: 45056 bytes) To automatically launch itself upon system start it makes a registry entry under: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'tjpp' The tj_pp.dll file tries to install a systemhook and may capture information from key-type sequences. It then calls a mail routine to send the captured info out by e-mail. Top of Page Symptoms Presence of the files/filesizes as mentioned above Presence of the registry key as mentioned above Top of Page Method Of Infection Manual execution of the binary, there's no known exploit associated with the file. Top of Page Removal Instructions All Users : Use current engine and DAT files for detection and removal. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). Additional Windows ME/XP removal considerations Top of Page Variants Name Type Sub Type Differences Top of Page Aliases Name TR/Spy.Small.CQ (H+BEDV) Trojan Horse (Symantec) Trojan-Spy.Win32.Small.cq (Kaspersky) Trojan.PWS.QQSender (DrWeb) Trojan.Spy.Small.Cq (MkS) Win32:Trojano-1322 [Trj] (Alwil) Top of Page