Re: Bizarre browser behavior after a Trojan cleanup

From: "jCarver" <forusenet@xxxxxxxxx>


| I had my Windows XP desktop affected by a series of Trojans and Worms
| last week. After a couple of days, i was able to get it mostly cleaned
| using a mix of Avira, AVG, Adaware and a number of other tools. I am
| having the following issue after the clean up though.

| It i attempt to go to any anti-virus website using Firefox or IE, i
| get a page not found. These pages are accessible using Safari. All
| other non-security related websites are accessible from both Firefox
| and IE. If i do a search on "Free online virus scan" and go through
| the first few results, none of these are accessible through FF and IE,
| but reachable through Safari. I removed FF and reinstalled a fresh
| version just to make sure there was no proxy being used in the form of
| an addon. The same behavior continues to exist with the new install of
| FF. There is no proxy set on both browsers.

| The following were the malware which were reported by Avira AntiVir,
| which has all been cleaned.

| [DETECTION] Contains HEUR/HTML.Malware suspicious code
| [DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Agent.1421312.H Trojan
| [DETECTION] Contains recognition pattern of the EXP/Flash.adi.2
| exploit
| [DETECTION] Is the TR/Agent.jyl Trojan
| [DETECTION] Is the TR/Buzus.alnb Trojan
| [DETECTION] Is the TR/Vundo.Gen Trojan
| [DETECTION] Is the TR/Dldr.Injecter.ccy Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Dldr.Small.jer Trojan
| [DETECTION] Is the TR/Agent.bhrg Trojan
| [DETECTION] Contains HEUR/Crypted suspicious code
| [DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
| [DETECTION] Is the TR/Agent.bhrg Trojan
| [DETECTION] Is the TR/Spy.Gen Trojan
| [DETECTION] Is the TR/Buzus.alnb Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Is the TR/Downloader.Gen Trojan
| [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm


I'd say that you are still infected.

Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntiSpyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.