Page 2 of 2 FirstFirst 12
Results 41 to 53 of 53

Thread: [RESOLVED] Why does my antivirus pick up anything VB6 compiles as a trojan?

  1. #41
    Member
    Join Date
    Feb 2006
    Posts
    42

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Full name: Keylogger.W32/Vlogger.U
    Type: [Keylogger] - Trojan that uses various methods to capture the keystrokes made by the user at the keyboard.
    Platform: [W32] - PE Executable (. EXE,. SCR. DLL) that runs on Windows 32 bits: 95, 98, Me, NT, 2000, XP, 2003
    Size (bytes): 28,672
    Alias: TrojanSpy: Win32/Vlogger.U (Microsoft), PWS-Redneck (McAfee)

    When the trojan is run for the first time, it creates the following files:

    % system% \ regWindowsupdatexptovista.bat
    % system% \ SYSTEMTIME-5474596193354
    % system% \ SYSTEMTIME-5474596193354 \ csrs.exe
    % system% \ SYSTEMTIME-5474596193354 \ security.dat
    % system% \ SYSTEMTIME-5474596193354 \ securityreference.dat
    Note:% System% is a variable that refers to the Windows system directory.
    The default is C: \ Windows \ System (Windows 95/98/Me), C: \ Winnt \ System32 (Windows NT/2000), or C: \ Windows \ System32 (Windows XP).

    It also creates the following entries in the Windows registry:

    Key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ currentversion \ run \

    Value: client server runtime process = c: \ windows \ system32 \ SYSTEMTIME -
    5474596193354 \ csrs.exe


    Solution
    If you use Windows Me, XP or Vista, and knows when the infection occurred, you can use the feature of 'System Restore' to eliminate the virus back to a restore point prior to infection (note that the changes are undone Windows Setup and remove all the executable files you created or downloaded from the date of the restore point). If you have any questions or problems regarding this option please see our guides on Restore in Windows XP or Windows Vista Restoration.

    If you are unable to return to a previous restore point or do not work, we recommend that you temporarily turn off System Restore before removing the virus through other means, as it could have created a backup copy of the virus. If you need help see the Disable System Restore in Vista, XP and Me. Then follow these steps to eliminate the virus:

    Restart your computer in Safe Mode or Safe Mode. If you do not know how to do this follow the instructions in this manual How to Start your computer in Safe Mode.

    With an updated antivirus, locate all copies of the virus on the hard drive of your PC. If you do not have antivirus, visit our Free Antivirus.

    Delete the following files:

    % system% \ regWindowsupdatexptovista.bat
    % system% \ SYSTEMTIME-5474596193354
    % system% \ SYSTEMTIME-5474596193354 \ csrs.exe
    % system% \ SYSTEMTIME-5474596193354 \ security.dat
    % system% \ SYSTEMTIME-5474596193354 \ securityreference.dat
    Note:% System% is a variable that refers to the Windows system directory.
    The default is C: \ Windows \ System (Windows 95/98/Me), C: \ Winnt \ System32 (Windows NT/2000), or C: \ Windows \ System32 (Windows XP).

    Note: Often the antivirus report that 'it can not repair a file' in the case of worms or Trojan horses because there's nothing to fix, simply delete the file.

    If you can not repair or delete infected files, it might be because the file is in use by the virus are in progress (based on memory).
    In case you can not remove the virus file, you must manually complete the process in execution of the virus. Open Task Manager (press Control + Shift + Esc). In Windows 98 / Me select the name of the process and stop. Windows 2000/XP/Vista, the tab 'Processes' right-click on the process and select' End Process'. Then try deleting or repair the files that were created by the action of the virus. You can get more information in the "Task Manager" on page Delete libraries. DLL or. EXE.

    Then we must edit the registry to undo the changes made by the virus. For information about editing the registry can view this guide editing registry. Be very careful when handling the registration. If you modify some keys in the wrong way can leave the system unusable.

    Delete the following registry entries:

    Key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ currentversion \ run \

    Value: client server runtime process = c: \ windows \ system32 \ SYSTEMTIME -
    5474596193354 \ csrs.exe
    Delete all temporary files from your computer, including the browser's temporary files, empty the Recycle Bin.

    Restart your computer and browse the entire hard drive with an antivirus to ensure the elimination of the virus. If you disable the system restore, remember to re-activate it. Create a restore point, it will be useful to him in case of possible infections or problems in the future.
    ... in this way the malware is executed at each Windows start.

  2. #42

  3. #43
    Member
    Join Date
    Feb 2006
    Posts
    42

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    @RhinoBull:
    My system will take 1 week to come back to present state, if I reinstall OS
    First clean all the virus and then observe the OS behaviour. Later on reinstall OS.

  4. #44
    Hyperactive Member
    Join Date
    Aug 2006
    Location
    TeXaS
    Posts
    497

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    well i brought up the fact it could be a virus, but i didnt say it was. the conversation has moved to looking to clean something that we arent really sure exists on his machine. before trying to remove something that possibly doesnt exist, i have to ask.. has anyone scanned one of his compiled vb exe's yet to confirm it is infected?

  5. #45
    Member
    Join Date
    Feb 2006
    Posts
    42

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by Billy Conner View Post
    has anyone scanned one of his compiled vb exe's yet to confirm it is infected?
    Don't want to take a risk. I agree that we must conclude there was a virus, before cleaning it.

  6. #46

    Thread Starter
    Member
    Join Date
    Nov 2008
    Posts
    56

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Ok after an exhausting effort I removed VB6, Onecare, and all the shared librarys. UGH!

    I reinstalled Windows Onecare and VB6 and it automatically installed the libraries and It works fine.

    I don't exactly know what went wrong but it works now.

    I did a scan and it found nothing so I guess it was just buggy. :-/

    I guess thats what I get for giving up Linux and going back to Windows. :-(

    Thanks!
    Last edited by David2010; Jul 18th, 2009 at 05:47 PM.

  7. #47
    PowerPoster RhinoBull's Avatar
    Join Date
    Mar 2004
    Location
    New Amsterdam
    Posts
    24,132

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by soorya View Post
    @RhinoBull:
    My system will take 1 week to come back to present state, if I reinstall OS
    First clean all the virus and then observe the OS behaviour. Later on reinstall OS.
    Cleaning the virus may take much longer, though...
    Don't waste your time - reinstall OS, install all of your programs and ghost it when you done is so you'll have a solid recovery disk.
    That's what I would do - I haven't seen any cleanup procedures or utility that actually work 100%, they always leave something behind...

  8. #48
    Member
    Join Date
    Feb 2006
    Posts
    42

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by David2010 View Post



    That's great news !
    Wait and watch after many reboots.
    If its buggy, what about this screen shot ?
    Did you see the log from your AV SW after full scan ?

  9. #49
    Member
    Join Date
    Feb 2006
    Posts
    42

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by RhinoBull View Post
    Cleaning the virus may take much longer, though...
    Don't waste your time - reinstall OS, install all of your programs and ghost it when you done is so you'll have a solid recovery disk.
    That's what I would do - I haven't seen any cleanup procedures or utility that actually work 100%, they always leave something behind...
    I agree !

  10. #50
    Former Admin/Moderator MartinLiss's Avatar
    Join Date
    Sep 1999
    Location
    San Jose, CA
    Posts
    33,431

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by David2010 View Post
    ...I guess thats what I get for giving up Linux and going back to Windows. :-(

    Thanks!
    I didn't mention it since I didn't think it would apply to you, but most of the references for Vlogger refer to it as a Linux trojan. So there

  11. #51

    Thread Starter
    Member
    Join Date
    Nov 2008
    Posts
    56

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by MartinLiss View Post
    I didn't mention it since I didn't think it would apply to you, but most of the references for Vlogger refer to it as a Linux trojan. So there
    Yeah but if it was a linux trojan then it wouldn't work on windows. lol

  12. #52

    Thread Starter
    Member
    Join Date
    Nov 2008
    Posts
    56

    Re: Why does my antivirus pick up anything VB6 compiles as a trojan?

    Quote Originally Posted by soorya View Post
    That's great news !
    Wait and watch after many reboots.
    If its buggy, what about this screen shot ?
    Did you see the log from your AV SW after full scan ?
    No I mean I think the two programs were buggy not the OS.

    The Antivirus says the machine is clean.

  13. #53

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width