Trojan BackDoor.Ruledor.D

AVG scan revealed subject trojan in C:\Program Files\Clear Search|Loader.EXE. It was not removed or isolated and status is reflected as "Still Infected ". When I searched the AVG database, I got no results. Same on Symantec.

I did a Google search but didn't find any sites that I trusted enough to use. Does anyone have any information on this trojan and where or how I can get a removal tool? Thaks a lot.

 

Hi Virginia...

There is an online trojan scanner site called Trojan Scan. Give it a go.

 

Thanks Kent,

I ran the online scan you suggested and it eiter found no trojan or found it and cleaned it - hard to tell from how the results were posted. Will run AVG again now and see if it still finds it.

If it's still there I will be back - no, I will be back in any case to let you know.

 

Hi Virgina...

EDIT: What version (how old) is your AVG? The version on their web site for download (AVG 6.0 free version) is 732. If your running an older version re-download a newer version from => http://free.grisoft.com/freeweb.php/doc/2/. Make sure you update it right away.

I would also advise you run some more checks...

If you are not running the latest versions of Ad-aware SE and Spybot 1.3 you should do so. You can download the latest versions from the following links below and make sure you update before running programs...
Ad-Aware SE Personal
Sptbot 1.3 - Tutorial can be found here. Only put checkmark on entries highlighted in RED.

You should also run an "Online" virus and Trojan scan...I have added some links for those also...
RAV - AV Scanner
Panda - AV Scanner
Trojan Scan - Trojan scanner

Download and run the latest version of CWShredder from this link. Make sure you have closed all windows before runing program. Start program...Click Fix.

After completing all scans download HijackThis to a folder on your hard drive. Call the folder, for example, C:\HJT. To post a log => Run the program => Click on "Scan" button => After scan complete click on "Save log" button = > Choose the C:\HJT folder for the save location => Notepad should open => Copy and paste contents into a new post. NOTE: Do not fix anything until someone experienced with the logs advises you to.

 

ClearSearch is a drive-by install, that you don't want. Make sure the Loader.exe process is not running in task manager and then delete the ClearSearch folder in Program Files.

 

You da man, Dave.

I have learned quite a lot reading your posts. Thanks.

How new is this "ClearSearch "? I just googled it and came up with a few hits for removal. Looks interesting...

 

Well Thank You, Kent. Glad my posts have been helpful.

virginia,

Still a good idea to follow Kent's suggestions. If ClearSearch got in,other nasties likely did too.

 

I have 6.0.747 Ver AVG. Don't know how that relates to 632. I ran Housecall and it found the BackDoor.Ruledor.D trojan but said it couldn't be fixed. I then stopped the Loader.EXE process and tried to delete the C:\Program\Clear.... folder in Windoes Explorer but it wouldn't let me delete the folder.

I'm not on my home computer now - visiting relatives and trying to clean this off. Will download all the tools - Spybot, AdAware, HiJack This, etc as I have time and post back. Also I didn't run Clear Search in my first Google search so I may give that a try as well. Will post back as I progress.

 

Your version of AVG is a little out of date.

 

Hi Robert from Virginia...

- http://www.viruslist.com/eng/viruslist.html?id=815202
- http://www.doxdesk.com/parasite/ClearSearch.html

There is also 2 Trojan scanner programs that you can download and install. The first is SwatIT which is a free download and the other is Trojan Hunter. Trojan Hunter is not free but you can download the free 30 day evaluation. Try these programs. Please make sure you update them after installig either program(s)

- SwatIT => Manual => How to Update near bottom of page
- TrojanHunter => Manually Updating Your TrojanHunter Rule Files

 

Just a quick update to those of you who are giving me all these tips, we have had a death in the family so my attention has been elsewhere.

However, I will update the AVG shortly and rerun it. I ran the old version last night and it didn't find any problems - however I think it/they are still there. I downloaded AdAware, installed it, and tried to run it. However, something halts it shortly into the process, warns me that it is stopping the process, and then restarts the computer.

I will post back as I get some of the suggestions addressed. Thanks so much to all of you and for your patience.

 

Final Note - SwatIt downloaded, installed, updated, and run. Didn't find anything. Recent AVG scans don't reveal anything. But I stil have my doubts. The Clear Search folder is still in Programs and I cant delete it. However, no problems have been noticed. I will not be at this computer after today so thanks to all who have offered up suggestions.

Side Comment - Early on, I downloaded, installed, and ran the NoAdaware removal tool. It found a number of items that needed to be repaired, and when I clicked on the "Repair" button, a pop-up appeared and wanted $29.95 before it would do the repair action - so much for the "free" download.