Results 1 to 6 of 6

Thread: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

Hybrid View

  1. #1
    earlin Guest

    Default Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

    I have ZA Extreme Security V. 8.0.400.020 and a recent spyware scan turned up Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR. I deleted both of them from the Qurantine as ZA said they were infections and didn't serve any useful purpose. However I still have an infection. It's not always active but when it is I can't really use my computer because it executes arbitrary key strokes which interferes with what I am typing. It also activates menus since some of the keystrokes represent hotkeys in the programs I use.
    Since deleting these infections, ZA scans say my computer is clean - so now ZA doesn't seem to be able to find the infection.
    I am running Vista Hoem Premium (64 bit) SP2, pre-installed on a notebook I just bought.
    Can anyone help with this?
    Thanks.

    Operating System:Windows Vista Home Premium
    Software Version:8.0
    Product Name:ZoneAlarm Extreme Security

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

    Hi!please follow the standard procedure detailed herebelow, see also last point if you are not able to clean by yourself.http://forum.zonelabs.org/zonelabs/b...essage.id=3787Check under ZA browser security tab, is ZA virtualization ON9 (settings --> advanced --> Virtualization) ? If not, please turn it ON next time. Its off by default at install.If it is ON then please clean virtual data.Cheers,Fax

    Message Edited by fax on 06-27-2009 06:11 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    earlin Guest

    Default Re: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

    Fax - Thanks a lot for your help!

    I ran ZA AV/AS in Safe Mode but it didn't find any thing. MalwareBites Anti-Malware's scan
    returned a false positive.
    SuperAntiSpyware found and removed ROOTKIT.AGENT/GEN-DNS HACK. I hope this
    this takes care of the problem
    -
    I gues I'll keep an eye on things for a couple of days before I close the book on this one.
    Another minor problem I'm having is right after I boot up, I get a message from Windows saying that "ZoneAlarm ForceField stopped working and was closed." When I go the ZA's Browser Security in the Control Center, ForceField is set to ON so I assume it's running. I am curious about whether this has something to do with my getting infected in the first place....anyway thanks again for your help - it's greatly appreciated!

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR


    <BLOCKQUOTE><HR>earlin wrote:
    Another minor problem I'm having is right after I boot up, I get a message from Windows saying that "ZoneAlarm ForceField stopped working and was closed." When I go the ZA's Browser Security in the Control Center, ForceField is set to ON so I assume it's running. I am curious about whether this has something to do with my getting infected in the first place....anyway thanks again for your help - it's greatly appreciated!
    <HR></BLOCKQUOTE>You're welcome!Are you still getting this message at boot? It should not happen. It means a corruption or a conflicting application running at boot. I have seen this with ACER and TOSHIBA laptop or third party memory firewall.Open ZoneAlarm, click Browser Security and go to Settings -&gt; Advanced. Turn Virtualization on and see if you have the same issues.

    If the problem still happens, please follow these steps to troubleshoot.

    - Close all browsers
    - Open ZoneAlarm
    - Click Browser Security -&gt; Settings
    - Click Advanced tab
    - Clear virtual data and click okay
    - Now turn Browser Security off and follow these steps here

    - Click Start -&gt; Control Panel -&gt; Internet Options
    - Click Delete -&gt; Delete Temporary Internet Files
    - Security (Tab) -&gt; Default Level
    - Advanced (Tab) -&gt; Restore advanced settings

    Turn browser security back on and see if it works. If you have still problems try to boot the system only with ZA and standard OS services:1.) Click Start -&gt; Run
    2.) Type MSConfig in the run box and click OK
    3.) Once in MSConfig, click the Startup Tab
    4.) Remove the checks from everything except ZLClient
    5.) Click the Services Tab
    6.) Place a check in "Hide All Microsoft Services"
    7.) Now remove checks from everything other than TrueVector Internet
    Monitor and forcefield, and click OK.
    8.) Restart your computerHow does it work?
    NOTE: You can place your computer back into a normal startup process by
    going back into msconfig and choosing the Normal Startup option on the
    General tab.
    Cheers,Fax


    Message Edited by fax on 06-28-2009 06:17 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    earlin Guest

    Default Re: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

    Hi fax,
    Symptoms of my infection showed up again this morning. I started to repeat the process but when I booted in safe mode the virus seemed to be still at work (even though I was in safe mode.) I couldn't run the Dr. Web program because my system won't boot from the disk: it just hangs on the Dr. Web splash screen...and the CAPS LOCKS key light just keeps flashing. I made my CD/DVD drive the first boot drive from Windows Setup (right before the system actually boots up.) Well, nuff said - I posted my Hijackthis log to bleeping computer.com in the forum the administrator said that logs should be posted. Thanks in advance for your help.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Malware Win32.Downloader.Small.afwj and Win32.Trojan.Dropper.VB.TR

    You're welcome!Hope they will be able to clean you.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •