|
-
Jul 18th, 2009, 05:02 PM
#41
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
Full name: Keylogger.W32/Vlogger.U
Type: [Keylogger] - Trojan that uses various methods to capture the keystrokes made by the user at the keyboard.
Platform: [W32] - PE Executable (. EXE,. SCR. DLL) that runs on Windows 32 bits: 95, 98, Me, NT, 2000, XP, 2003
Size (bytes): 28,672
Alias: TrojanSpy: Win32/Vlogger.U (Microsoft), PWS-Redneck (McAfee)
When the trojan is run for the first time, it creates the following files:
% system% \ regWindowsupdatexptovista.bat
% system% \ SYSTEMTIME-5474596193354
% system% \ SYSTEMTIME-5474596193354 \ csrs.exe
% system% \ SYSTEMTIME-5474596193354 \ security.dat
% system% \ SYSTEMTIME-5474596193354 \ securityreference.dat
Note:% System% is a variable that refers to the Windows system directory.
The default is C: \ Windows \ System (Windows 95/98/Me), C: \ Winnt \ System32 (Windows NT/2000), or C: \ Windows \ System32 (Windows XP).
It also creates the following entries in the Windows registry:
Key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ currentversion \ run \
Value: client server runtime process = c: \ windows \ system32 \ SYSTEMTIME -
5474596193354 \ csrs.exe
Solution
If you use Windows Me, XP or Vista, and knows when the infection occurred, you can use the feature of 'System Restore' to eliminate the virus back to a restore point prior to infection (note that the changes are undone Windows Setup and remove all the executable files you created or downloaded from the date of the restore point). If you have any questions or problems regarding this option please see our guides on Restore in Windows XP or Windows Vista Restoration.
If you are unable to return to a previous restore point or do not work, we recommend that you temporarily turn off System Restore before removing the virus through other means, as it could have created a backup copy of the virus. If you need help see the Disable System Restore in Vista, XP and Me. Then follow these steps to eliminate the virus:
Restart your computer in Safe Mode or Safe Mode. If you do not know how to do this follow the instructions in this manual How to Start your computer in Safe Mode.
With an updated antivirus, locate all copies of the virus on the hard drive of your PC. If you do not have antivirus, visit our Free Antivirus.
Delete the following files:
% system% \ regWindowsupdatexptovista.bat
% system% \ SYSTEMTIME-5474596193354
% system% \ SYSTEMTIME-5474596193354 \ csrs.exe
% system% \ SYSTEMTIME-5474596193354 \ security.dat
% system% \ SYSTEMTIME-5474596193354 \ securityreference.dat
Note:% System% is a variable that refers to the Windows system directory.
The default is C: \ Windows \ System (Windows 95/98/Me), C: \ Winnt \ System32 (Windows NT/2000), or C: \ Windows \ System32 (Windows XP).
Note: Often the antivirus report that 'it can not repair a file' in the case of worms or Trojan horses because there's nothing to fix, simply delete the file.
If you can not repair or delete infected files, it might be because the file is in use by the virus are in progress (based on memory).
In case you can not remove the virus file, you must manually complete the process in execution of the virus. Open Task Manager (press Control + Shift + Esc). In Windows 98 / Me select the name of the process and stop. Windows 2000/XP/Vista, the tab 'Processes' right-click on the process and select' End Process'. Then try deleting or repair the files that were created by the action of the virus. You can get more information in the "Task Manager" on page Delete libraries. DLL or. EXE.
Then we must edit the registry to undo the changes made by the virus. For information about editing the registry can view this guide editing registry. Be very careful when handling the registration. If you modify some keys in the wrong way can leave the system unusable.
Delete the following registry entries:
Key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ currentversion \ run \
Value: client server runtime process = c: \ windows \ system32 \ SYSTEMTIME -
5474596193354 \ csrs.exe
Delete all temporary files from your computer, including the browser's temporary files, empty the Recycle Bin.
Restart your computer and browse the entire hard drive with an antivirus to ensure the elimination of the virus. If you disable the system restore, remember to re-activate it. Create a restore point, it will be useful to him in case of possible infections or problems in the future.
... in this way the malware is executed at each Windows start.
-
Jul 18th, 2009, 05:17 PM
#42
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
Not sure if anyone mentioned this yet however best way to get rid of that virus is to reinstall OS.
-
Jul 18th, 2009, 05:25 PM
#43
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
@RhinoBull:
My system will take 1 week to come back to present state, if I reinstall OS 
First clean all the virus and then observe the OS behaviour. Later on reinstall OS.
-
Jul 18th, 2009, 05:33 PM
#44
Hyperactive Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
well i brought up the fact it could be a virus, but i didnt say it was. the conversation has moved to looking to clean something that we arent really sure exists on his machine. before trying to remove something that possibly doesnt exist, i have to ask.. has anyone scanned one of his compiled vb exe's yet to confirm it is infected?
-
Jul 18th, 2009, 05:40 PM
#45
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by Billy Conner
has anyone scanned one of his compiled vb exe's yet to confirm it is infected?
Don't want to take a risk. I agree that we must conclude there was a virus, before cleaning it.
-
Jul 18th, 2009, 05:42 PM
#46
Thread Starter
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
Ok after an exhausting effort I removed VB6, Onecare, and all the shared librarys. UGH!
I reinstalled Windows Onecare and VB6 and it automatically installed the libraries and It works fine.
I don't exactly know what went wrong but it works now.
I did a scan and it found nothing so I guess it was just buggy. :-/
I guess thats what I get for giving up Linux and going back to Windows. :-(
Thanks!
Last edited by David2010; Jul 18th, 2009 at 05:47 PM.
-
Jul 18th, 2009, 05:48 PM
#47
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by soorya
@RhinoBull:
My system will take 1 week to come back to present state, if I reinstall OS 
First clean all the virus and then observe the OS behaviour. Later on reinstall OS.
Cleaning the virus may take much longer, though...
Don't waste your time - reinstall OS, install all of your programs and ghost it when you done is so you'll have a solid recovery disk.
That's what I would do - I haven't seen any cleanup procedures or utility that actually work 100%, they always leave something behind...
-
Jul 18th, 2009, 05:51 PM
#48
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by David2010
That's great news !
Wait and watch after many reboots.
If its buggy, what about this screen shot ?
Did you see the log from your AV SW after full scan ?
-
Jul 18th, 2009, 05:52 PM
#49
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by RhinoBull
Cleaning the virus may take much longer, though...
Don't waste your time - reinstall OS, install all of your programs and ghost it when you done is so you'll have a solid recovery disk.
That's what I would do - I haven't seen any cleanup procedures or utility that actually work 100%, they always leave something behind...
I agree !
-
Jul 18th, 2009, 06:40 PM
#50
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by David2010
...I guess thats what I get for giving up Linux and going back to Windows. :-(
Thanks!
I didn't mention it since I didn't think it would apply to you, but most of the references for Vlogger refer to it as a Linux trojan. So there
-
Jul 18th, 2009, 09:13 PM
#51
Thread Starter
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by MartinLiss
I didn't mention it since I didn't think it would apply to you, but most of the references for Vlogger refer to it as a Linux trojan. So there 
Yeah but if it was a linux trojan then it wouldn't work on windows. lol
-
Jul 18th, 2009, 09:14 PM
#52
Thread Starter
Member
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by soorya
That's great news !
Wait and watch after many reboots.
If its buggy, what about this screen shot ?
Did you see the log from your AV SW after full scan ?
No I mean I think the two programs were buggy not the OS.
The Antivirus says the machine is clean.
-
Jul 19th, 2009, 07:06 AM
#53
Re: Why does my antivirus pick up anything VB6 compiles as a trojan?
 Originally Posted by David2010
The Antivirus says the machine is clean.
Get yourself a new AV then.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|