1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Trojan-Downloader.BAT.Ftp.ab--how to remove

Discussion in 'Malware and Virus Removal Archive' started by tamilseo, 2006/02/11.

  1. 2006/02/11
    tamilseo

    tamilseo Inactive Thread Starter

    Joined:
    2006/02/11
    Messages:
    4
    Likes Received:
    0
    My F- secure antivirus show this message every time i start my system.how to remove this trojan.I tried to format my system re installed win xp.My internet connection is very very slow .please guide me to remove this trojan.

     
    tamilseo,
    #1
  2. 2006/02/12
    HumBug

    HumBug Well-Known Member

    Joined:
    2002/06/20
    Messages:
    151
    Likes Received:
    0
    HumBug,
    #2


  3. to hide this advert.

  4. 2006/02/13
    tamilseo

    tamilseo Inactive Thread Starter

    Joined:
    2006/02/11
    Messages:
    4
    Likes Received:
    0
    thanks for the link.i tried all the steps but still i am facing the same problem.
     
    tamilseo,
    #3
  5. 2006/02/13
    tamilseo

    tamilseo Inactive Thread Starter

    Joined:
    2006/02/11
    Messages:
    4
    Likes Received:
    0
    i am getting this message also.how to compleately remove that trojan?
    some one please help me.
     
    tamilseo,
    #4
  6. 2006/02/19
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    You have more than one trojan on your system.

    Disable System Restore, then remove these from HJT.

    O4 - HKLM\..\Run: [kkmc] C:\WINDOWS\System32\kkmc.exe
    O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\cs.exe
    O4 - HKLM\..\Run: [Services] C:\mtaskmgr.exe
    O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
    O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
    O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
    O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
    O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)

    Reboot into Safe mode, and delete these files.
    C:\cs.exe
    C:\WINDOWS\System32\kkmc.exe
    C:\mtaskmgr.exe
    C:\WINDOWS\System32\oleupdate.exe
    C:\WINDOWS\MsLS32.exe
    C:\WINDOWS\shost.exe
    C:\WINDOWS\nvcr32.exe
    C:\WINDOWS\netconf32.exe
     
    markp62,
    #5
  7. 2006/02/19
    tamilseo

    tamilseo Inactive Thread Starter

    Joined:
    2006/02/11
    Messages:
    4
    Likes Received:
    0
    Thanks markp62.


    i disabled System Restore.then runned hjt and removed those you mention.Then i rebooted with safemode. but
    C:\cs.exe
    C:\WINDOWS\System32\kkmc.exe
    C:\mtaskmgr.exe
    C:\WINDOWS\System32\oleupdate.exe
    C:\WINDOWS\MsLS32.exe
    C:\WINDOWS\shost.exe
    C:\WINDOWS\nvcr32.exe
    C:\WINDOWS\netconf32.exe
    these files are missing.
    i again runned HJT.here is the log.

     
    tamilseo,
    #6
  8. 2006/02/20
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    The log looks clean, however those files may be marked as Hidden and/or System files.
    In Windows Explorer, go to the toolbar at Tools\Folder Options. Click on the View tab in the window that appears. Select to 'Show all Hidden files and folders', and then uncheck 'Hide protected operating system files', then Apply then OK. You will prompted that this is a dangerous thing to do, select Yes.

    System Restore should be disabled until those files are gone, else you just get them back.
     
    markp62,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...