A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Performance and Maintainance of XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Trojan Flush.M



 
 
Thread Tools Display Modes
  #16  
Old December 14th 08, 03:50 PM posted to microsoft.public.windowsxp.perform_maintain
Daave
external usenet poster
 
Posts: 3,568
Default Trojan Flush.M

"Ken Blake, MVP" wrote in message
...

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.


I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.

Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:

C:\WINDOWS\system32\drivers\etc

If you wish, you may replace it with a *good* Hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

SUPERAntiSpyware
http://www.superantispyware.com/

The freeware versions are fine.

If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):

NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/i...hp?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!


Ads
  #17  
Old December 14th 08, 06:19 PM posted to microsoft.public.windowsxp.perform_maintain
Ken Blake, MVP
external usenet poster
 
Posts: 10,402
Default Trojan Flush.M

On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
wrote:

"Ken Blake, MVP" wrote in message
...

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.


I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days.



Ahh, thanks for that info. Then it's a clearly one to stay far away
from.


My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.



Ugh!




Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:

C:\WINDOWS\system32\drivers\etc

If you wish, you may replace it with a *good* Hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

SUPERAntiSpyware
http://www.superantispyware.com/

The freeware versions are fine.

If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):

NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/i...hp?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!


--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
  #18  
Old December 14th 08, 06:27 PM posted to microsoft.public.windowsxp.perform_maintain
Daave
external usenet poster
 
Posts: 3,568
Default Trojan Flush.M

"Ken Blake, MVP" wrote in message
...
On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
wrote:

"Ken Blake, MVP" wrote in message
...

I don't know RemoveIt, and can't comment on how good it is, but
it's
not on my list of good anti-virus programs.


I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days.



Ahh, thanks for that info. Then it's a clearly one to stay far away
from.


YW, Ken.


  #19  
Old October 18th 10, 01:46 PM posted to microsoft.public.windowsxp.perform_maintain
samantha fox
external usenet poster
 
Posts: 1
Default resycled/boot.com

How to remove resycled/boot.com

http://www.tips29.com/2009/01/how-to...edbootcom.html

On Friday, December 12, 2008 8:27 AM Belpric wrote:


HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.

Thanks in advance.
Ta



On Friday, December 12, 2008 9:30 AM Gerry wrote:


Are you just running Norton Anti-Virus? What anti-spyware programme are
you running?

Trojan Flush M from the Norton report sounds to relatively minor but it
could be a symptom of other malware. Some will change passwords.

I would download and run Spybot S & D (freeware version) and see if it
finds anything like a Trojan. If Spybot S & D finds anything significant
( other than cookies) you need to be wary. If it removes something and
it returns or another nasty pops up it can be an indication that there
is another hidden nasty not being detected by Norton or Spybot.
Spybot S & D. There is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

If you still have problems you might try Malwarebytes. This is currently
making a considerable impact, although I have not tried it myself. I
believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes.
http://www.download.com/Malwarebytes...572.html--Hope this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote: HI there, I am running Norton Anti - Virus and it has reported that i have a virus called Trojan Flush M and no matter what I try I can not remove this virus. I tried to follow the instructions for manual removal of this virus, however it instructed me to restart windows in safe mode and then a full scan. When I tried to do this I was asked for a administration password , but I bought this computer second hand and have no idea what this pasword is! Also my computer is now acting very strange , programs are disappearing when I re start the computer and when I try to view the c drive I get an error message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR RESYCLED/BOOT.COM I am desperate not to lose the many important family files on this computer, such as photos and videos, can someone please help me with this very annoying problem. Thanks in advance. Ta



On Friday, December 12, 2008 11:14 AM Daave wrote:


"Belprice" wrote in message
...

Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.

The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you have
to reinstall Windows? Hopefully, if there is a disk, you obtained it
along with the PC! Otherwise, you was robbed.



On Friday, December 12, 2008 12:47 PM Gerry wrote:


Daave

That's strong language! It does depend on what was paid for the computer
and whether the lack of a Windows XP CD ( if the new owner does not have
one ) was covered in negotiations before purchase?

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Daave wrote:



On Friday, December 12, 2008 1:14 PM Daave wrote:


Good point. Still, it's good practice to include the proper way to
return a PC to its original state. Many people have been burned and I
suspect they didn't factor that inconvenience into the negotiations
because they were simply unaware that they are normally entitled to it.


"Gerry" wrote in message
...



On Friday, December 12, 2008 1:41 PM Gerry wrote:


Daave

True.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Daave wrote:



On Friday, December 12, 2008 3:14 PM MickMurph wrote:


Install the 2 programs below, and scan with them in Safe mode, as well as
with your Anti-virus.
When you go to Safe Mode, you don't need to be in the Admin account; just
sign in with your User Account.
If there is no option for that, usually the Admin account password is left
blank.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important Safe Mode
If you happen to find a problem that you can???t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.

--
Mad Mike


"Belprice" wrote:



On Friday, December 12, 2008 7:35 PM Touch Base wrote:


"Belprice" wrote in message
...

"Also my computer is now acting very strange , programs are disappearing
when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM"

[TB] This file is part of the trojan and it is usually located in the root
of the 'C' drive. There is also an autorun file [which is hidden], that is
part of this problem and it interacts with the boot.com file which allows it
to propagate on the next start of windows.

================================================== =======

[TB] This site talks about removing the problem with boot.com file. Read
through and see how others handled this problem. Malwarebytes is mentioned
in some of the responses.

http://www.precisesecurity.com/blogs...sycledbootcom/


================================================== ========

"Gerry" wrote in message
...

"I believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes."

A visit to their website before posting the comment would have been prudent.

Malwarebytes is not an anti-virus product and it is not a purchase after
trial product.

It has a free version and a pay for version.

The pay for version has real-time protection, scheduled scanning, and
scheduled updating.

The free version does not have resident protection, it only allows for after
the fact scanning and you have to download the updates manually.

Apart from that they do exactly the same job, it is not limited in any
regard.

It's still a good idea to turn off Norton during a scan because it will pop
up and attempt to quarantine the trojan while Malwarebytes is doing it's
scan and it can only confuse the user as to which product do I use to try
and remove it. If Nortons hasn't been successful handling the trojan then
let Malwarebytes do it's job unhindered and quarantine and attempt to remove
it.


--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit



On Saturday, December 13, 2008 8:19 AM Belpric wrote:


Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.

"David H. Lipman" wrote:



"Belprice" wrote:



On Saturday, December 13, 2008 12:50 PM Gerry wrote:


Belprice

You don't need to know a domain name to boot to safe mode. In safe mode
you have no internet connection.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Belprice wrote:



On Saturday, December 13, 2008 1:27 PM Touch Base wrote:


"Belprice" wrote in message
...
Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer
in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.

=========================================
Hi "Belprice"

You should be able to start the computer in safe mode. If you can start it
in normal mode and log in with a password then it's exactly the same thing
in safe mode. Click on the same name and use the same password when safe
mode starts up, it should offer you the same log on name.

Failing that I suggest if you have a second computer and you're up to it, or
you have a friend or relative that has a computer running XP or even windows
2000. Take your hard drive out of your computer and connect it up to the
other computer as a slave drive. Start that computer in safe mode with
networking (internet support), and download Malwarebytes or download it
before you connect the drive, update the program then run it on your hard
drive. To do this once the computer has started and Malwarebytes has been
installed and updated, open My Computer and right click on your hard drive
which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main hard
drive. The reason is, as I mentioned in my previous post, this is an
insidious trojan and it will quite possibly infect any hard drive connected
to it. It happened to me when I was repairing someone else's computer. I
connected my USB drive (which had my copy of Malwarebytes on it) and it was
infected with the same trojan. The USB drive was easy to clean because I
knew what to look for but the likelihood is there. So if you scan both
drives it should be ok.

If the above is too hard for you and don't be embarrassed by that, I suggest
you take it to a computer shop for repair. Of course it would be good if you
had a backup of all your personal files beforehand and you probably haven't
done this so ask the computer shop to back up your files before they start
repairs on your computer. Warn them that the trojan can infect other
connected drives so they are prepared to handle it.


--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit



On Sunday, December 14, 2008 6:38 AM Gerry wrote:


Belprice

My suspicion is that you still have malware.

What errors appear in Event Viewer for the last 24 hours?

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Belprice wrote:



On Sunday, December 14, 2008 9:48 AM Ken Blake, MVP wrote:


On Sun, 14 Dec 2008 03:08:01 -0800, Belprice
wrote:



My guess is that you didn't, or if you did, you still have remaining
some of the damage that they caused.

How many infections did you have? If you had many, it's usually
necessary to do a clean reinstallation of Windows than to try to clean
the computer.

Moreover, it's important to note that viruses can do damage and are
not things that you want to remove after you get infected. Rather, you
want to prevent your getting infected in the first place.

And finally, in my view, Norton Anti-Virus is the *worst* anti-virus
program available. I recommend NOD32, or if you want a free program,
Avast.

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.





--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup



On Sunday, December 14, 2008 10:50 AM Daave wrote:


"Ken Blake, MVP" wrote in message
...


I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.

Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:

C:\WINDOWS\system32\drivers\etc

If you wish, you may replace it with a *good* Hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

SUPERAntiSpyware
http://www.superantispyware.com/

The freeware versions are fine.

If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):

NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/i...hp?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!



On Sunday, December 14, 2008 1:19 PM Ken Blake, MVP wrote:


Ahh, thanks for that info. Then it is a clearly one to stay far away
from.




Ugh!





--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup



On Sunday, December 14, 2008 1:27 PM Daave wrote:


YW, Ken.



Submitted via EggHeadCafe - Software Developer Portal of Choice
SharePoint Create List Add/Edit Form Web Part With Custom Toolbar and Attachments Option
http://www.eggheadcafe.com/tutorials...ts-option.aspx

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 11:53 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Copyright 2004-2023 PCbanter.
The comments are property of their posters.