Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Trojan - ContraVirus 2.0

  1. #1
    thecdog Guest

    Default Trojan - ContraVirus 2.0

    I'm new to this group and not very techie so please bear with me.
    Despite its name - ContraVirus 2.0 - appears to be a Trojan. ZoneAlarm Pro pops-up asking if I want to allow an Anti-Spyware program access. I always respond in the negative and check the box that ZoneAlarm Pro remember the answer. ContraVirus 2.0 then proceeds to load itself. It's easily uninstalled, but it continually returns.
    Has anyone else had this problem? Why does ZoneAlarm Pro allow it to load anyway? How can I prevent it?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005

    Default Re: Trojan - ContraVirus 2.0

    "ContraVirus may have infected your PC by through one of those methods. Trojans are some of the most sophisticated and dangerous type of malware, capable of controlling your system. Because of this, it may be best if ContraVirus and Trojans are removed from your computer immediately."

    See for quote page and removal instructions of ContrVirus:

    It is the opinion of Eric Burger at spywarewarrior that ContraVirus is a rogue application:

    Also see his self help page for general removal instructions:

    Also it is listed at spywareguide:

    Best regards.

  3. #3
    thecdog Guest

    Default Re: Trojan - ContraVirus 2.0

    Oldsod - Thanks for the info and spywarewarrior links. I have an anti-spyware program on my computer already - Spysweeper - that so far has been unable to prevent ContraVirus 2.0 from loading. I have contacted Spysweeper's support group for assistance as well. If Spysweeper support is unable to assist, I'll use whatever help I can from spywareworrior.

  4. #4
    oddjob Guest

    Default Re: Trojan - ContraVirus 2.0

    Hi thecdog .... if this thing won't go away we may need to pull it off your machine manually.

    Lets' have a look at a HJT log.

    Download a self-extracting copy of HijackThis from here .

    Save it to your Desktop.

    Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder

    C:\Program Files\HijackThis

    Go to this folder and run the hijackthis.exe file.

    From the menu click on "Do a system scan and save a logfile".

    Copy and paste the HJT logfile to this thread. More specific removal instructions will follow.


    Message Edited by oddjob on 06-04-200708:50 AM

  5. #5
    forum_moderator Guest

    Default Re: Trojan - ContraVirus 2.0

    It's probably best to go to the Forums where there is official support for HJT.Forum ModeratorMarcus

  6. #6
    katandkj Guest

    Default Re: Trojan - ContraVirus 2.0

    I am having the EXACT same problem and I also have SpySweeper.
    I too have emailed them but have yet to get a response on what can be done.
    Have you heard from them?
    Any suggestions?
    This thing is driving me nuts!

  7. #7
    Join Date
    Dec 2005

    Default Re: Trojan - ContraVirus 2.0

    See for quote page and removal instructions of ContrVirus:

    These are manual instructions and that works fine.

    If you wish to use and trust scanners then try these freeware (all of them!), but no guarantees:

    Rogue Remover:

    A Squared:


    AVG AntiSpyware:

    Lavasoft Ad-Aware:

    McAfee AVERT Stinger;

    Just download, install and update and then scan with the regular AV and AS turned off. Try these in the Safe Mode as well, to get good detections and removals. You may have to disable the System Restore, to get the PC clean. But remember that the manual removal instructions are more precise and effective.

    Best regards.

  8. #8
    omahaslim Guest

    Default Re: Trojan - ContraVirus 2.0 A FIX !!!!

    This is wild ... everyone seems to have gotten tContraVirus (CV)
    on same day as I did ... I think a modified and more virulent form.
    After days of "ARRRGGGGGHHHHH!!"
    I seem to have hit on the problem.
    I had found and tried all the fixes listed and don't work.
    Apparently here's why >>>>>>
    I'll detail later (with post I made elsewhere quoted here) .... but going back to the HJT file posted above look at the list at the file windows\system\XPuupdate ... I think it was windows 32 for you.
    THAT is (in my case) the bogus file that is causing all the CV downloads.
    Do Ctrl/alt/del and look for this file (or other suspicious file).
    Do "end task".

    That should stop the **bleep** flashing CV icon in systray (for me, Win98 SE) and stop the downloads.
    Wish I had more
    time, but I was trying to find a hot water heater online to replace the one that just flooded my house when this **bleep** thing hit!
    Here's more detail, but from post in another forum (trying to help as many people as I can ... with no time).
    GOOD LUCK!!!!
    MODERATOR ... please copy this to wherever you think it will help if need be.
    Contravirus (hereinafter CV) seems to have made a big push in the last few days. Perhaps it has mutated and grown more infectious. My experience seems to point to that. On 6/2/07 I became infected with this beast. It appears that it may have come to me via a download of a picture (JPEG file). I am on dialup running Win98 SE and Internet Explorer six (IE6) on an ancient machine ... waaaay to slow to run antivirus or firewall, yet this is my first infection and have been on internet since 1995.
    I tried S&D but, though it detected CV, it failed to eliminate it. Every time I connected to the Internet, new downloads of the 7.68 MB executable would begin. I searched the WEB for answers but found none. Closest I found was at they try to sell you a fix, but do offer instructions to "manually remove" CV. That process is 1+ hours of tedious work, including the dreaded registry edit ... and still it doesn't work, not for me. When I finished and got back online, shortly afterward the downloads started again. AAAAAGGGGHHH!!! As far as I can tell no one has a solution to my (and perhaps your) new infection.
    I wondered if perhaps my browser, IE6, had been modified to cause the downloads. To investigate I decided to restart and do nothing but dialup a connection. I reasoned that, then, there should be no downloads ... but low and behold in a few minutes the downloads began again (of the CV 7.68 Mb executable). THAT was the needed clue ... it meant there was some independent program, like a mini-browser, running and doing all this.
    So I did "ctrl, alt, delete" (to look for running programs) and in the list of running programs was one I did not recognize ... "XPuupdate". Funny thing is, I'm running Win 98 SE!. Then I did "end task" from "Ctrl, Alt Delete" for "XPuupdate" and immediately the blinking Contravirus icon in Systray that I hadn't been able to get rid of (using "411's" instructions or any other) disappeared! THAT appears to be IT! No more downloads in the several hours online since. Had one freezup ... maybe registry problem. Hope S&D will "catch up" on CV now and maybe fix my registry later.
    I then used windows explorer to "find files or folders" named "XPuupdate" and found it in my windows\system folder. Deleted it and then went back to search for "residue" of CV. These are mainly copies of the contravirus ".exe" file, and they were all named in the format "saXXXX.exe", for example, "sa21E2.exe" ... all EXCEPT ONE, which was called merely "1759134.exe". The tipoff about "1759134.exe" was its size ... 7.68 Mb, the same as all the "sa" files. In my case all these were in the windows\temp folder (and NOT "temporary internet" folders ... so they can't be "flushed" by emptying the browser cache). One can use windows explorer advanced search and look on the C drive for recent files exceeding 6 Mb., say. Any exe with a size the same as the (completely downloaded) "sa" files ... 7.68 Mb or so right now apparently, should be suspect. "Delete" them to "trash" and should be no problem if found in "windows\temp". If you lose something, restore it (but unlikely).
    OK, briefly do "Ctrl, Alt Del" and "end task" for suspicious running programs ... like mine "XPuupdate.exe" (note: the "PTsnoop" program sounds suspicious but is aparently a Microsoft program).Then use windows explorer "find files or folders" to find that file on your C drive (XPuupdate.exe for me). Then clean out any CV executable (.exe) files you can find, all about 7.68 Mb right now apparently, and most of them start with "sa". Look in "windows\temp" first (Win 98 SE anyway). Anything else abou 7.68 Mb should be suspect. You may have copies that are smaller because you interrupted download if on dialup like me, but I presume they won't function and just take up room. I think if you get rid of the systray icon for CV you've got it made.
    Hopefully SBS&D will catch up on this and clean out any other junk after a while. I will be glad to help SBS&D in any way I can ... let me know. please post this as reply to other inquiries about CV if you like. Thanks again for your work and programs.
    I am going to try switcing to Firefox browser (instead of IE6) ... it appears to be more secure, and I suspect the XPuupdate file squeezed thru IE6. Even if you get something like this, it appears Firefox may enable one to stop the downloads. We'll see.
    If I have anything new to report I'll post more.
    Gotta go ... my house is flooded from hot water heater! Good luck to all !! Pray for **bleep** for all the CV people in the world.

  9. #9
    Join Date
    Dec 2005

    Default Re: Trojan - ContraVirus 2.0 A FIX !!!!

    Thanks for your help!

    I had mentiioned the 411 site, but I was sure they had the right files and keys involved.

    It maybe wise to run a file/reg cleaner such as CCleaner (freeware) to remove some left over files and registry keys from the ContraVirus. Just to get rid of any remaining pieces.

    Hiow true about the other browsers- once I stopped using the IE and switched to FireFox and Opera, the PC has always been always free of CWS, adware and malware.

    Cheers and thank you once again for your advice and tale.

    Best regards.

  10. #10
    thecdog Guest

    Default Re: Trojan - ContraVirus 2.0 A FIX !!!!

    Thanks to all who have offered manual removal suggestions, URLs, free software, etc. Since I'm not much of a techie, I'm holding off attempting those for the moment. The other/primary reason for my waiting is that Spysweeper support is actively working on solving the problem and they may have come up with a solution.
    katandkj - Inasmuch as I appear to be having some luck with Spysweeper support, I suggest you keep trying. They may (I'm really guessing here.) not responded to you yet while they are trying to help me.
    Speak of "the devil" - ContraVirus 2.0 just loaded as I was typing. I removed it immediately. What I also do not understand is why ZoneAlarm Pro asks if I want to allow it to load and then it loads anyway even though I have responded negatively to ZoneAlarm Pro's inquiry.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts