Trojans keep coming back!!

•

What is DaniWeb IT Discussion Community?

You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 401,423 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,944 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums

Thread Tools Display Modes

Views: 393 | Replies: 3 | Solved

•

Join Date: Aug 2005

Location: philippines

Posts: 47

Reputation: spidey is an unknown quantity at this point

Rep Power: 4

Solved Threads: 0

spidey

Offline

Light Poster

Trojans keep coming back!!

Jul 23rd, 2008

Hi. My PC got infected with trojans and other malware. I install Kaspersky AV and it disinfected all (maybe) of them. But each time I double-click any local drive to explore its content, a trojan is detected by the AV - ckvo.exe. Other common malware has the following names:

Trojan.Win32.Vaklik.cdj
Trojan-PSW.Win32.OnLineGames.rxtk
Trojan-GameThief.Win32.OnLineGames.sitj

I backed up my C: files in D: then reformatted my PC. When I reinstall the AV, it detected again the same kind of trojans. Why so? I thought they all have been removed. After another full scan, AV says my PC is protected. BUT when I open My Computer to explore any of 2 local drives, a box appears asking me to choose which program I should choose to open the file. Why is it so? C: and D: drives are not files?! I don't know how did that happen. I have a feeling that these viruses are detected and disinfected but not the root of it all.

Please, please help. This is the worst I have encountered in battling malware so far.
Thanks in advance.

•

Join Date: Aug 2006

Location: Usually penetration testing my WLAN from a remote deck chair

Posts: 253

Reputation: digitalocksmith is on a distinguished road

Rep Power: 3

Solved Threads: 20

digitalocksmith digitalocksmith is offline

Offline

Posting Whiz in Training

Re: Trojans keep coming back!!

Jul 23rd, 2008

The back up of files from your primary drive C are also infected.... The only thing i can think of is that this is causing infections within your clean install of windows on the C drive after a format.

What files are they exactly?
Music, video, photos, software??

You need to investigate this isssue

http://www.geekpolice.net/

•

Join Date: Aug 2005

Location: philippines

Posts: 47

Reputation: spidey is an unknown quantity at this point

Rep Power: 4

Solved Threads: 0

spidey

Offline

Light Poster

Re: Trojans keep coming back!!

Jul 23rd, 2008

Thanks for a quick reply.
What files? I don't know exactly what they are.
Below is a report of Kaspersky AV after a full scan.

•

Full Scan: completed 7/23/2008 8:18:27 PM (events: 4, objects: 276365, time: 1:07:33 AM)
7/23/2008 8:18:28 PM Task completed
7/23/2008 8:17:31 PM Detected: http://www.viruslist.com/en/advisories/26027 D:\WINDOWS\system32\Macromed\Flash\flash.ocx
7/23/2008 7:41:01 PM Detected: http://www.viruslist.com/en/advisories/16653 D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE
7/23/2008 7:10:54 PM Task started
Full Scan: completed 7/23/2008 8:18:27 PM (events: 4, objects: 276365, time: 1:07:33 AM)
7/23/2008 6:37:11 PM Task completed
7/23/2008 6:36:53 PM Detected: http://www.viruslist.com/en/advisories/26027 D:\WINDOWS\system32\Macromed\Flash\flash.ocx
7/23/2008 6:35:02 PM Detected: http://www.viruslist.com/en/advisories/16653 D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE
7/23/2008 6:27:10 PM Task started
Full Scan: completed 7/23/2008 8:18:27 PM (events: 4, objects: 276365, time: 1:07:33 AM)
7/23/2008 5:41:52 PM Task completed
7/23/2008 5:40:37 PM Detected: http://www.viruslist.com/en/advisories/26027 D:\WINDOWS\system32\Macromed\Flash\flash.ocx
7/23/2008 5:18:29 PM Detected: http://www.viruslist.com/en/advisories/16653 D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE
7/23/2008 4:54:43 PM Detected: http://www.viruslist.com/en/advisories/26027 C:\WINDOWS\system32\Macromed\Flash\flash.ocx
7/23/2008 4:46:07 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sitj C:\Documents and Settings\Francis\Local Settings\Temp\y7vnqv.dll Postponed
7/23/2008 4:46:07 PM Detected: Trojan-GameThief.Win32.OnLineGames.sitj C:\Documents and Settings\Francis\Local Settings\Temp\y7vnqv.dll
7/23/2008 4:45:28 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047195.com Postponed
7/23/2008 4:45:28 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047195.com
7/23/2008 4:45:28 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047179.com Postponed
7/23/2008 4:45:28 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047179.com
7/23/2008 4:45:28 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047162.com Postponed
7/23/2008 4:45:28 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047162.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047139.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047139.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047123.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047123.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046123.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046123.com
7/23/2008 4:45:27 PM Untreated: Trojan-PSW.Win32.OnLineGames.rxtk D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046077.exe Postponed
7/23/2008 4:45:27 PM Detected: Trojan-PSW.Win32.OnLineGames.rxtk D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046077.exe
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046091.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046091.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cba D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046076.exe Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cba D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046076.exe
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046064.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046064.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0045048.com Postponed
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046047.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046047.com
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0045048.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044797.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044797.com
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044760.com Postponed
7/23/2008 4:45:27 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044727.com Postponed
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044760.com
7/23/2008 4:45:27 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044727.com
7/23/2008 4:45:26 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000362.com Postponed
7/23/2008 4:45:26 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000362.com
7/23/2008 4:45:26 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000283.com Postponed
7/23/2008 4:45:26 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000283.com
7/23/2008 4:45:26 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000257.com Postponed
7/23/2008 4:45:26 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000257.com
7/23/2008 4:45:26 PM Untreated: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP6\A0000197.com Postponed
7/23/2008 4:45:26 PM Detected: Trojan.Win32.Vaklik.cdj D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP6\A0000197.com
7/23/2008 4:43:04 PM Untreated: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000382.exe Postponed
7/23/2008 4:43:04 PM Detected: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000382.exe
7/23/2008 4:43:03 PM Untreated: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000360.com Postponed
7/23/2008 4:43:03 PM Detected: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000360.com
7/23/2008 4:43:02 PM Untreated: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000281.com Postponed
7/23/2008 4:43:02 PM Detected: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000281.com
7/23/2008 4:43:00 PM Untreated: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000255.com Postponed
7/23/2008 4:43:00 PM Detected: Trojan.Win32.Vaklik.cdj C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000255.com
7/23/2008 4:41:34 PM Task started
Full Scan: completed 7/23/2008 8:18:27 PM (events: 4, objects: 276365, time: 1:07:33 AM)
7/23/2008 4:39:02 PM Task completed
7/23/2008 4:38:43 PM Deleted: Trojan.Win32.Vaklik.cdj C:\WINDOWS\system32\ckvo.exe
7/23/2008 4:38:43 PM Disinfected: Trojan.Win32.Vaklik.cdj HKEY_USERS\S-1-5-21-2025429265-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\kamsoft
7/23/2008 4:38:42 PM Detected: Trojan.Win32.Vaklik.cdj C:\WINDOWS\system32\ckvo.exe
7/23/2008 4:38:42 PM Task started
Full Scan: completed 7/23/2008 8:18:27 PM (events: 4, objects: 276365, time: 1:07:33 AM)
7/23/2008 4:34:00 PM Task completed
7/23/2008 4:32:53 PM Task started