New Trojan Horse Back Again

  puresun 06:54 11 Nov 07
Locked

With file Called Tazebama

Dear All
My pc infected in new trojan horse called salo.exe

I tried all the latest update of anti viurs ,macafee and kaspersky,and much more
no use
it infect the exe files
it make a copy of the origanl file
for example
winword.exe become winword.e xe

and it effect all operation of the pc,its operation become illogical

Any one have any information about it please tell me.thanks
log file of the Trojan


CutFile \\Alibrahim\C$\Program Files\Windows Media Player\wmplayer.exe bytes=0000025600_25600 read bytes = 10
WriteVInFolder G:\tazebama.exe
WriteVInFolder E:\tazebama.exe
WriteVInFolder D:\tazebama.exe
**************** begin delete autorun cd burning ****************
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\tazebama.exe
**************** end delete autorun cd burning ****************
WriteVInFolder C:\WINDOWS\system32\?
*******************cut file*************************
CutFile C:\WINDOWS\system32\salo.exe bytes=0000025600_25600 read bytes = 10
WriteVInFolder G:\tazebama.exe
WriteVInFolder E:\tazebama.exe
WriteVInFolder D:\tazebama.exe
**************** begin delete autorun cd burning ****************
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\tazebama.exe
**************** end delete autorun cd burning ****************
WriteVInFolder C:\WINDOWS\system32\?
*********** begin InfectFiles() *******************
C:\Program Files\Real
C:\Program Files\Microsoft Office\OFFICE11
C:\Program Files\Microsoft Office\OFFICE10
C:\Program Files\Microsoft Office\OFFICE
C:\Program Files\Windows Media Player
C:\Program Files\winzip
*********** end InfectFiles() *******************
WriteVInFolder G:\tazebama.exe
WriteVInFolder E:\tazebama.exe
WriteVInFolder D:\tazebama.exe
**************** begin delete autorun cd burning ****************
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf
C:\Documents and Settings\YAbushaib\Local Settings\Application Data\Microsoft\CD Burning\tazebama.exe
**************** end delete autorun cd burning ****************
Begin thread Z:
WriteVInFolder G:\My Documents .exe
Begin thread G:
Infecting \\AZORY
WriteVInFolder G:\iTunes\iTunes .exe
Begin thread E:
WriteVInFolder E:\\ALI JEHAD AL SALHI.doc .exe
Infect File E:\ALI JEHAD AL SALHI.doc .exe
********************************************************
WriteVInFolder E:\ANAS usb\ANAS usb . .
WriteVInFolder E:\Backup\Forms\anas cheques\anas
The problem still
your coorperation is highly appreciated

I suggest you register at
click here
and post a log with
click here
enlist help of the experts.

  johnnyrocker 08:27 11 Nov 07

i suggest click here and make sure you have good security cover.




johnny.

  johnnyrocker 08:31 11 Nov 07

little point in telling the story again about a problemm which has been cured,


johnny.

  puresun 08:34 11 Nov 07

Sophos didnt Solve the Problem,
what u mean by
little point in telling the story again about a problemm which has been cured?

  johnnyrocker 08:37 11 Nov 07

your post quotes a prev problem (salo) and now tazebama with the salo story?.




johnny,

  p;3 09:09 11 Nov 07

this is your previous thread for those who wish to read what has already been suggested

click here

if all the scans you have run in the previous thread have failed to remove it I suggest you need to take the good advise above and enlist the help of the experts there
in their pre-help instructions they suggest you run trojan hunter
click here; which you could do as that scan you have not already run
get the free trial version
then
read the malaware forum rules carefully

click here
INCLUDING

click here

and you have already run the others suggested by them

register here
click here

and when you have got the confirmation e mail you need to open the forum by logging in

then post a new thread with your Hijackthis log and an explanation of what has happened
here;
click here


I suggest you compose what you wish to say in a word document before you go on the forum as there is NO edit facility on there for a very good reason ; include ALL of the HJT log you create ; copy and paste what you wish to say into a new thread on there , then WAIT patiently for a helper/uni member to get to you .

of interest, do you use P2P programs? and or MSN messenger ?

  p;3 20:50 11 Nov 07

FYI

the malaware board has moved to


click here

  woodchip 21:32 11 Nov 07

You could try some of these online scanners click here

  PC52 07:55 12 Nov 07

mr puresun,


Could you tell me how has ur pc been infected by the virus?

and where you are working?

  p;3 09:45 12 Nov 07

I presume you have not yet heard anything ? I think you may need to reregister on the new board


click here
read this lot
click here

and these two

click here
click here
the site has changed format,so,once registered go here when logged in to post your log and a description of what is wrong

click here


you CAN preview your entry by pressing the prevew tab at the bottom of the post a new topic box, and make sure that the notify me of a reply box is ticked so you will get an email when a helper does get to you

are you registering under the same mane as on here?

This thread is now locked and can not be replied to.

Surface Pro 5 News - release date, UK price, features, specs

Microsoft Surface Studio hands-on review: the iMac killer is here

Best Mac antivirus 2017