 |  |  |  |  |  |  |  |
Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error
 |
Hello.
For one or two of our Windows XP Home Edition profiles (too many kids), but not all profiles, we've been getting a Windows Defender Warning stating WD has "detected programs that might compromise privacy or damage our computer." It names "TrojanDownloader:Win32/Renos.DZ." Paired with this is a 'b.exe' message stating b.exe 'has encountered a problem and needs to close". And, once in a while, we get a "CiceroUIWndFrame: b.exe - Application Error" stating 'the exception unknown software exception (0xe06d7363) occurred in the application at location 0x7c812afb' and/or a "b.exe Application Error" stating the 'instruction at 0x7c910cbd referenced memory at 0x69766f6d. The memory could not be 'read'.'
Our internet (Mozilla) is very slow.
Reading a few threads, I've downloaded MBAM and HJT, scanned, removed threats, and attached logs. Note: when I rebooted after running MBAM (to complete threat removal), the warning and error messages popped-up as if I'd done nothing.
Any help would be appreciated.
Thanks.
For one or two of our Windows XP Home Edition profiles (too many kids), but not all profiles, we've been getting a Windows Defender Warning stating WD has "detected programs that might compromise privacy or damage our computer." It names "TrojanDownloader:Win32/Renos.DZ." Paired with this is a 'b.exe' message stating b.exe 'has encountered a problem and needs to close". And, once in a while, we get a "CiceroUIWndFrame: b.exe - Application Error" stating 'the exception unknown software exception (0xe06d7363) occurred in the application at location 0x7c812afb' and/or a "b.exe Application Error" stating the 'instruction at 0x7c910cbd referenced memory at 0x69766f6d. The memory could not be 'read'.'
Our internet (Mozilla) is very slow.
Reading a few threads, I've downloaded MBAM and HJT, scanned, removed threats, and attached logs. Note: when I rebooted after running MBAM (to complete threat removal), the warning and error messages popped-up as if I'd done nothing.
Any help would be appreciated.
Thanks.
First of all, it would seem you have a Trojan Virus. It would also seem that it is re-running itself at startup. Whatever anti-virus you are using is not getting rid of it. When your anti-virus finds it, it should include a path. Attempt to navigate to that path and delete the program manually. This b.exe if part of the Trojan Virus, the fact that there is an error may mean that the one who coded the virus was not a very good coder -.-.
But anyway try deleting the file manually/ending the process via task manager (can be opend with ctrl+shift+escape or ctrl+alt+delete -> Open Task Manager) If you don't know how to do that, go to the process tab and look for b.exe, select it and press end task (as well as Trojan.exe is you find it).
I hope that helps.
this line in the logs you provided:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c153f40 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
May mean that you have the "deadly" Trojan Vundo, which is Extremely hard to get rid of.
But anyway try deleting the file manually/ending the process via task manager (can be opend with ctrl+shift+escape or ctrl+alt+delete -> Open Task Manager) If you don't know how to do that, go to the process tab and look for b.exe, select it and press end task (as well as Trojan.exe is you find it).
I hope that helps.
this line in the logs you provided:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c153f40 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
May mean that you have the "deadly" Trojan Vundo, which is Extremely hard to get rid of.
Last edited by u8sand; Jul 1st, 2009 at 10:58 pm.
•
•
Join Date: May 2009
Posts: 908
Reputation: 
Solved Threads: 68
Posting Shark
Please download VundoFix.exe to your Desktop.
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* It will make a log in C:\vundofix.txt, I need you to post that in your next reply.
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* It will make a log in C:\vundofix.txt, I need you to post that in your next reply.
Last edited by Rik from RCE; Jul 2nd, 2009 at 5:17 am.
Hi.
I downloaded VundoFix and ran it in on our Administrator profile and again in the profile that has the most problems (just in case it mattered) and it found no infections either time. I've attached the log per your request.
Today, we have not yet seen the b.exe application error message, but we still have the TrojanDownloader:Win32/Renos.DZ warning.
I can't find the path that u8sand recommends because the file associated with the TrojanDownloader warning, which is C:\Documents and Settings\email\Local Settings\temp\b.exe->(UPX), did not exist. Of course, I looked only after asking Windows Defender to fix the problem, but we've done that many many times already.
How can we be sure we don't have the Vundo virus?
How can we make sure the b.exe TrojanDownloader problem goes away and stays away?
Thanks.
I downloaded VundoFix and ran it in on our Administrator profile and again in the profile that has the most problems (just in case it mattered) and it found no infections either time. I've attached the log per your request.
Today, we have not yet seen the b.exe application error message, but we still have the TrojanDownloader:Win32/Renos.DZ warning.
I can't find the path that u8sand recommends because the file associated with the TrojanDownloader warning, which is C:\Documents and Settings\email\Local Settings\temp\b.exe->(UPX), did not exist. Of course, I looked only after asking Windows Defender to fix the problem, but we've done that many many times already.
How can we be sure we don't have the Vundo virus?
How can we make sure the b.exe TrojanDownloader problem goes away and stays away?
Thanks.
•
•
Join Date: Jan 2009
Posts: 233
Reputation: 
Solved Threads: 28
Posting Whiz in Training
Please do not Attach any logs, copy the content and paste it in your post..
Considering the infections are from the temp folders, as a preliminary measure do the following :
Download Ccleaner, Install it, Open it...
Under the 'Cleaner' Section select all in the 'Windows' And 'Applications' Tab, Then click on 'Analyze' And then 'Run Cleaner'...
Do The Same In The 'Registry' Tab, i.e. 'Scan For Issues' and 'Fix Selected Issues', It will ask you to make a backup, DO IT...Then Click on 'Fix All'...Now Reboot The Pc..
Now
Please download ComboFix by sUBs...
* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Upload The Combofix Log And a New Hijackthis Log(Reboot and then run hijackthis scan)..
Considering the infections are from the temp folders, as a preliminary measure do the following :
Download Ccleaner, Install it, Open it...
Under the 'Cleaner' Section select all in the 'Windows' And 'Applications' Tab, Then click on 'Analyze' And then 'Run Cleaner'...
Do The Same In The 'Registry' Tab, i.e. 'Scan For Issues' and 'Fix Selected Issues', It will ask you to make a backup, DO IT...Then Click on 'Fix All'...Now Reboot The Pc..
Now
Please download ComboFix by sUBs...
* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Upload The Combofix Log And a New Hijackthis Log(Reboot and then run hijackthis scan)..
“We learn something every day, and lots of times it’s that what we learned the day before was wrong”
Get SEO(Search Engine Optimization) Articles, Tips, Faqs,etc..
Tech Frog | SEO articles | SEO Faqs | SEO Tips
Get SEO(Search Engine Optimization) Articles, Tips, Faqs,etc..
Tech Frog | SEO articles | SEO Faqs | SEO Tips
|
Similar Threads
- Explorer.EXE-Application Error????? (Windows NT / 2000 / XP)
- ActiveMovie Window: explorer.exe - Application Error (Windows NT / 2000 / XP)
- I need to get rid of the TrojanDownloader:Win32/Renos.EE virus (Viruses, Spyware and other Nasties)
- lsass.exe application error (Viruses, Spyware and other Nasties)
- Windows 2000Pro explorer.exe - Application Error (Windows NT / 2000 / XP)
- SVChost.exe application error (Viruses, Spyware and other Nasties)
- 2 PROBLEMS/ C++ run time libary and also i expor application error (Troubleshooting Dead Machines)
- Help in error:IEXPLORE.EXE - Application Error (Web Browsers)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: setting default mailer for pictures
- Next Thread: About deleting
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
.net 3.5 3daccelertion 64bit 2010 activedirectory address alaris android application arm auto black blue book bsod bulletin canonical cellphones chinese codeplex collaboration combofix computer computerfreezes crash deployments desktop desktops domain dotnetnuke drive error errors explorer fax folder fonts freeze gadgets hardware home intel killprocess laptop laptops latitude lcd linux load mac markshuttleworth memory microsoft mobile monitor netbooks opensource operatingsystems options osinstallationproblem outlook partition patch product program proxy raid rds reformat remotedesktopconnection retail screen security server. sharepoint sitetositevpn slowperformance sp1 sp3 studios technology ubuntu unreadable update upgrade usb verizon virtual virus vpn vulnerability wab webos weecam windows windows7 windowsxp worm xp