943,960 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Windows NT / 2000 / XP > Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error
Ad:
Permalink
Jul 1st, 2009
0

Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error

Expand Post »
Hello.

For one or two of our Windows XP Home Edition profiles (too many kids), but not all profiles, we've been getting a Windows Defender Warning stating WD has "detected programs that might compromise privacy or damage our computer." It names "TrojanDownloader:Win32/Renos.DZ." Paired with this is a 'b.exe' message stating b.exe 'has encountered a problem and needs to close". And, once in a while, we get a "CiceroUIWndFrame: b.exe - Application Error" stating 'the exception unknown software exception (0xe06d7363) occurred in the application at location 0x7c812afb' and/or a "b.exe Application Error" stating the 'instruction at 0x7c910cbd referenced memory at 0x69766f6d. The memory could not be 'read'.'

Our internet (Mozilla) is very slow.

Reading a few threads, I've downloaded MBAM and HJT, scanned, removed threats, and attached logs. Note: when I rebooted after running MBAM (to complete threat removal), the warning and error messages popped-up as if I'd done nothing.

Any help would be appreciated.

Thanks.
Attached Files
File Type: txt hijackthis_070109.txt (12.1 KB, 45 views)
File Type: txt mbam-log-2009-07-01 (21-05-13).txt (2.4 KB, 37 views)
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
ChummyCakes is offline Offline
12 posts
since Dec 2007
Permalink
Jul 1st, 2009
0

Re: Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error

First of all, it would seem you have a Trojan Virus. It would also seem that it is re-running itself at startup. Whatever anti-virus you are using is not getting rid of it. When your anti-virus finds it, it should include a path. Attempt to navigate to that path and delete the program manually. This b.exe if part of the Trojan Virus, the fact that there is an error may mean that the one who coded the virus was not a very good coder -.-.
But anyway try deleting the file manually/ending the process via task manager (can be opend with ctrl+shift+escape or ctrl+alt+delete -> Open Task Manager) If you don't know how to do that, go to the process tab and look for b.exe, select it and press end task (as well as Trojan.exe is you find it).
I hope that helps.

this line in the logs you provided:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c153f40 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
May mean that you have the "deadly" Trojan Vundo, which is Extremely hard to get rid of.
Last edited by u8sand; Jul 1st, 2009 at 10:58 pm.
Reputation Points: 78
Solved Threads: 15
Junior Poster
u8sand is offline Offline
131 posts
since Dec 2008
Permalink
Jul 2nd, 2009
0

Re: Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error

Please download VundoFix.exe to your Desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* It will make a log in C:\vundofix.txt, I need you to post that in your next reply.
Last edited by Rik from RCE; Jul 2nd, 2009 at 5:17 am.
Reputation Points: 125
Solved Threads: 193
Nearly a Posting Maven
Rik from RCE is offline Offline
2,207 posts
since May 2009
Permalink
Jul 2nd, 2009
0

Re: Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error

Hi.

I downloaded VundoFix and ran it in on our Administrator profile and again in the profile that has the most problems (just in case it mattered) and it found no infections either time. I've attached the log per your request.

Today, we have not yet seen the b.exe application error message, but we still have the TrojanDownloader:Win32/Renos.DZ warning.

I can't find the path that u8sand recommends because the file associated with the TrojanDownloader warning, which is C:\Documents and Settings\email\Local Settings\temp\b.exe->(UPX), did not exist. Of course, I looked only after asking Windows Defender to fix the problem, but we've done that many many times already.

How can we be sure we don't have the Vundo virus?

How can we make sure the b.exe TrojanDownloader problem goes away and stays away?

Thanks.
Attached Files
File Type: txt VundoFix.txt (135 Bytes, 27 views)
Reputation Points: 10
Solved Threads: 0
Newbie Poster
ChummyCakes is offline Offline
12 posts
since Dec 2007
Permalink
Jul 3rd, 2009
0

Re: Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error

Please do not Attach any logs, copy the content and paste it in your post..

Considering the infections are from the temp folders, as a preliminary measure do the following :

Download Ccleaner, Install it, Open it...
Under the 'Cleaner' Section select all in the 'Windows' And 'Applications' Tab, Then click on 'Analyze' And then 'Run Cleaner'...
Do The Same In The 'Registry' Tab, i.e. 'Scan For Issues' and 'Fix Selected Issues', It will ask you to make a backup, DO IT...Then Click on 'Fix All'...Now Reboot The Pc..

Now

Please download ComboFix by sUBs...
* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Upload The Combofix Log And a New Hijackthis Log(Reboot and then run hijackthis scan)..
Reputation Points: 9
Solved Threads: 30
Posting Whiz in Training
Godsp3ed is offline Offline
235 posts
since Jan 2009
Permalink
Apr 27th, 2010
0
Re: Problems: TrojanDownloader:Win32/Renos.DX with b.exe application error
what to do if my computer doesnt allow use of internet, cannot open antivirus, cannot e mail cannot recognize printer etc.. to get rid of trojan above
Reputation Points: 10
Solved Threads: 0
Newbie Poster
ifigueroa is offline Offline
1 posts
since Apr 2010

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Windows NT / 2000 / XP Forum Timeline: Autorun problem
Next Thread in Windows NT / 2000 / XP Forum Timeline: Wireless Blue screen of death





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC