Jump to content


Photo

Problem with a trojan not being removed


  • Please log in to reply
1 reply to this topic

#1 gale

gale

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 March 2009 - 03:21 AM

I did a search and found nothing here about this trojan. However, google searches bring up a lot of hits. Unfortunately the fixes shown either don't work for me or else the trojan on my computer doesn't seem to affect or use the same file. So anyway the trojan is called daonol and seems to be redirecting google and yahoo searches (and maybe others) to spam sites. It happens in any browser. Also I am getting a lot of browser crashes which may or may not be related but it all started about the same time. I ran MBAM and it found the trojan and I directed it to remove but it is not removing it and every time I run a scan, it finds it again. Here are my latest logs:

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 2

3/13/2009 11:43:27 PM
mbam-log-2009-03-13 (23-43-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 303557
Time elapsed: 1 hour(s), 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Willy\Local Settings\tclhds.ksa (Trojan.Daonol) -> Quarantined and deleted successfully.


and the one before it which indicated that the daonol trojan was quarantined and deleted-either it was not or it just keeps coming back on.

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 2

3/13/2009 12:28:21 AM
mbam-log-2009-03-13 (00-28-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 314138
Time elapsed: 2 hour(s), 29 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Willy\Local Settings\tclhds.ksa (Trojan.Daonol) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.


Also since I've run the scans my spyware sweeper is popping up almost constant block messages so I don't know if that's related. One other thing is that during a google search I found a message board where someone posted a link to a site that supposedly helped but when I tried to open that link, my browser immediately shut down with no warning and no error message. I tried again with Flock and IE and they both did the same. The link was to a blogger blog so I tried just the blog's home address and it also crashed my browser so I don't know what that was about.

From my reading it appears that acrobat 7 may have been the method the trojan was put on my computer so I've uninstalled and am now downloading the newest version but I'd like to get rid of the one I have. thanks.

#2 Insomniac

Insomniac

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 200 posts
  • Gender:Male
  • Location:Australia

Posted 14 March 2009 - 04:25 AM

If you are still infected, follow these instructions and post your new topic here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users